Intro to Cybersecurity Bootcamp CTF Assessment

Overview

A concerted effort between CyberTalents and Trend Micro to provide a free introductory cybersecurity training program to students and fresh graduates who are looking to enhance their technical skills and start their careers as cybersecurity professionals.

Lessons

There were many lessons during the bootcamp that covered many areas of information security such as web security, network security and digital forensics and Cryptography.

Also Me and @sl4x0 with @Mohamedkashik made a Notion note to summarize bootcamp Tools & Topics.

• https://www.notion.so/sl4x0/CyberTalents-ce9fa279ba5a4d40b28c4b31911b4b4b

CTF Assessment

🌟General Information

THE MUMMY

Description:

A malicious program that is primarily spread through spam emails. The infection may arrive either via malicious script, macro-enabled document files, or malicious link.

Flag:

Emotet

Emotet is a Trojan that is primarily spread through spam emails. The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email. Emotet may try to persuade users to click the malicious files by using tempting language about “Your Invoice,” “Payment Details,” or possibly an upcoming shipment from well-known parcel companies.

🌟Digital Forensics

on1ons

Description

Just like onion , flag in format flag{}

Walkthrough:

In this challenge we got a secret_onions.xcf file to download

first we gonna run file command to know what type file is this

by using exiftool we got our first part of the flag

exiftool secret_onions.xcf

first part r3lly_f1n_1337}

from file command to notice that there is data inside this file, So we gonna extract it with binwalk

binwalk -M --dd=".*" secret_onions.xcf --run-as=root

This file type was DATA, So let us read it with strings and grep some interesting words

strings 28C | grep -i "flag"

Now we got the two parts of the flag.

Elliot Secrets

in this challenge we got a bin file and we need to dig in it to find Eliot Secrets.

Walkthrough:

after downloading bin file, we need to figure out what file-type is it. so running

file elliot_secrets.bin

it`s an ELF file, So we may execute it in terminal.

Yup, That`s for sure :)

Now, i tried to extract any data embedded in this file with binwalk

sadly this folder contained the same bin file inside. So i thought about give it one more shot with another tool. i used Foremost at this time and i got some interesting output

foremost extracted a wav file which immediately came to mind to pass it to something like Audacity or Sonic Visualiser to see if this file have hidden data but i got noting back :(

The last tool came into my mind which can be used with wav files is Deep Sound

This a steganography tool and audio converter that hides secret data into audio files. The application also enables you to extract secret files directly from audio files or audio CD tracks.

so after passing the wav file to this tool it asked me for a password!!!

At this point i was relived as i knew i was walking at the right path. after sometime of googling i found this Python script [ deepsound2john ] which we can use it to convert wav file to hash, then crack this hash with john

then crack this hash $dynamic_1529$ea007a659e8e59ba2cb9d8fb5119413b718c5517

john --wordlist=/usr/share/wordlists/rockyou.txt hash

john successfully cracked our hash ragerocks123. go to deepsound to extract data from wav file.

We got a pdf file extracted with this image inside

Running strings on this pdf to see if we miss anything

I used this site to beautify this JS code [ https://beautifier.io/ ]

there was an interesting function at the end of this code function hi() which was having intersting chars, So i deleted everything else and wanted to see these separated chars

The final result was IZWGCZ33IFZGKVKMN5ZXIP3 which was encoded with base32. after decoding it.

And we got Eliot`s Flag!!

FLAG: Flag{AreULost?}

🌟Web Security

xCode

Description

Your typical php challenge!

Walkthrough:

After visit challenge link wo got this php code viewed

This php code is vulnerable to OS command injection and setting http parameter echo which we gonna use the it to retrieve flag file on this server.

let`s fire-up our burpsuit and try to inject anything at first like echo=1

notice that 1 is reflected in response

now let`s try with this payload echo=1;id and see if we got OS Command Injection?

indeed the id command was executed, so we need to find where is the flag file

Moving backwards with this payload ?echo=1;ls+../../../ to root dir we found our flag

Hunter

Description:

who can I trust?

Walkthrough:

This one was simple to solve but a little challenging. Depended on some encryption.

To begin the challenge, you will get the following page:

After launching our burp proxy, load this website and quickly notice the http requests.

As you can see the cookies was very interesting to play with. the very first part of the cookie was flag=who_has_gohn_cookie

moving to second part of cookie i noticed at once that was base64 encoded because of %3D at the end.

so after decrypting all this cookie parts using cyberchef and Hashes.com you will get:

Ging_Freecss ===> try harder Gon! (hash & base64)
Hisoka =========> i am just a waste of time john ^_^
Killua =========> do+you+remember+satotz (ROT13)

I still didn`t watch HunterxHunter anime 😅 But i can tell that satotz is what we need. So i changed flag=who_has_gohn_cookie with flag=satotz . and it worked!!

FLAG: flag{Always_Trust_Your_Fr13nds}

v13w3r

Walkthrough:

Unfortunately I haven't taken any screenshots of this challenge. This challenge was an image upload website which was vulnerable to XSS, with only one input field for the picture url you want to download.

when you put the url of the image url you want to download. a J.S function was made to create anchor element and take your input inside it. now if you tried to put this link http://www.link.com/ onload="alert(1)" this will fire-up XSS alert(1) and we will have our flag.

Flag: flag{loOks_You_ar3_xSs_mast3r_1337}

🌟Network Security

Refresher

This was network security challenge with pcap file to dig in.

Walkthrough:

we got pcap file to download so after open it with Wireshark we see a lot of traffic

when playing any network security CTF i used to use Wireshark tools power to make it easy win

• using credentials from tools bar to extract any CRED though FTP or HTTP traffic. And we got some credentials from it.

• Also from go to Statistics > Protocol Hierarchy. This will show you most used protocols within the traffic

found 2 Data Packets which maybe something very interesting to see. after navigating to them we can see it is a .zip file (i can tell it is a .zip file from PK header value)

Moreover, while navigating within the pcap file streams i got this stream which confirm that we have a .zip file

So without wasting time i extracted this .zip file. But when i tried to open/unzip it asked for a password.

I tried to bruteforce this .zip file with tools like fcrackzip but got nothing :/

Then i remembered that i know a little wireshark magic power to give it a try

• using export objects to see any interesting files through HTTP traffic

And we got many jpg files

if you noticed that there is a pattern in files name, But i did not notice this until downloaded them and opened folder

As you can see. If you collect the letters together you will find it mean something

Password ==> iamsupersecretpasswordgood4uthefinding

So let`s grap that flag

🌟Cryptography

Encoding 1 & Encoding 2

These was Cryptography challenges and Both can be easily solved using CyberChef

Thanks For Reading

Follow Me ​​
Facebook
Linkedin
Twitter