Agent 95 (Web)They've given you a number, and taken away your name~ Connect here: http://jh2i.com:50000 flag{user_agents_undercover} Solution: Change User agent to Windows 95 Localghost(Web)BooOooOooOOoo! This spooOoOooky client-side cooOoOode sure is scary! What spoOoOoOoky secrets does he have in stooOoOoOore?? Connect here: http://jh2i.com:50003 JCTF{spoooooky_ghosts_in_storage} Solution: In JavaScript code for jquerty.jscroll2 after beautifying, flag variable contains flag in bytes CLIsaycowsay is hiding something from us! flag{Y0u_c4n_r3Ad_M1nd5} Solution: With the challenge we are given an ELF file (a type of Unix executable), by running it we get: well that didn't give us much, we can check if there are printable strings in the file by using the strings command on it, doing that gives us the flag: notice that you need to append the two parts of the flag together (the strings after and before the ascii art). MetamemeHacker memes. So meta. flag{N0t_7h3_4cTuaL_Cr3At0r} Solution: With the challenge we get this image: We can guess by the name of the challenge and its description that there is something in the metadata of the image, so we can use exiftool on it, exiftool allows you to see the metadata of an image, and by using it we get the flag: Easy KeesyDang it, not again...
flag{jtr_found_the_keys_to_kingdom} Solution: With the challenge we get a file with an unknown format, we can use the file command to see that the file is a KeePass database: This type of files are databases used to keep passwords on the computer 'safely', there are many password managers to view this kind of files but I used KeeWeb for this challenge mostly because it is a web tool, if we try to open the file with it we can quickly notice that we don't have the password for doing that, furthermore there aren't any mentions of a password in the file or in the description of the challenge, so it seems we need to bruteforce for the password. Passwords are commonly saved as hashes, hashes are data created using cryptographic hash functions which are one way functions (easy to find an hash for a password, hard to find a password for the hash) who are also able to return a value with a fixed length to any file with any size, a simple example for an hash function is the algorithm shown in the December challenge with the slight modification that only the last block of the cipher is returned, hashes are great because it is easy to validate a value using them as you can just as hash the value using the hash function and compare the hashes, but, it is hard to get the value from an hash. In the case of a KeePass database file, the password for the database, which is called a master password, is saved as an hash in the file in order for a password manager to verify it, this is not a smart idea to save the password locally like that but it's good for us. To find the password I used a dictionary attack, this type of attack uses a known database in order to find the right data, in the case of password cracking we use a database of passwords, preferably ordered by most frequently used to least frequently used, we will hash each password and compare it to the hash we have until we'll find a password with the same one, this does not guarantee that we found the correct password (an hash collision can occur) but most probably it will find the correct one, the dictionary I used is called rockyou.txt which lists common passwords. for executing the attack I used John the Ripper, a great tool for cracking hashes using a dictionary, I first converted the file to something john can use and then used john with rockyou.txt to crack the password by executing the following commands: keepass2john easy_keesy > kp john --wordlist=/usr/share/wordlists/rockyou.txt -format:keepass kpby doing that we get that the password for the file is monkeys, if we try using it in KeeWeb we are given access to the database and we get the flag:
0 Comments
Leave a Reply. |