TCS HackQuest, a campus-level cyber security competition, mirrors global Capture the Flag (CTF) events, challenging participants to uncover maximum flags within a six-hour timeframe. Categories span Web exploitation, Forensics, Reverse engineering, among others, fostering a competitive yet collaborative environment. Participants showcase their prowess in problem-solving and technical acumen, engaging with industry-standard challenges provided by TCS. HackQuest serves as a premier platform for enthusiasts to network, learn, and hone their cybersecurity skills under the guidance of industry experts, emphasizing real-world problem-solving.
Challenge Title : Request Tracer
Solution :
Given a challenge description along with a link to the website
The website takes a domain as a value and apply traceroute command to that domain
After considering the value, the webserver will traceroute the domain and gives the route path as the output
And the challenge description highlights the “X” Change between client and server 🤔
Hmm, and then got an idea to manipulate the header by adding a header “X-Forwarded-For”
The value for the added header is firstly given some random ip address and the webpage response shows nothing then i changed the value in the parameter which was passing as a post request and the value is some domain name
Firstly i had changed the website domain which was considering as a value and then the server returns an error saying “The request not made by localhost” and immediately i got an idea to change the host to “localhost” and “127.0.0.1”
and got the same error and i thought, ok lets add these header and the value is the localhost
After the request was modified and sent again i got the same error and i have changed the value of the header from localhost to 127.0.0.1 and got the same error
And then i changed the request method to “GET”
Then i realized that it doesnot allow GET request and then i thought to check the request methods that the server was allowed by using OPTIONS method and it shows that it only allows POST and PATCH methods so i thought why don’t give a try to PATCH
I have changed the request method and added header “X-Forwarded-For : 127.0.0.1” and got the flag key!!! 🥳
Challenge Title : Token Tango
Solution :
Given a challenge description along with a link to the website
The webpage consists of some matter doesnot contain any links or references so i have checked for the flag in the comments but unfortunately there is nothing important in the comments in the page source
Then i have checked the cookies in the developed options in chrome or by using CTRL+SHIFT+I which open the developer options and in that go to Application and in there will be a section called cookies
After viewing that cookie i had a single opinion in my mind i.e, modifying the cookie because it was a JWT cookie and then i copied the cookie and pasted it in jwt.io website and modified the role from guest to admin and then i have pasted the cookie in the request which was captured in burp
After sending the modified request i got nothing and then i thought hmm, what the hell is that !!!
Then i thought about the signature, it was not verified so if i have to modify the cookie, i have to verify with the secret key of the cookie
And then i thought to brute-force the secret key with the hashcat then i used a command i.e, “hashcat -m 16500 -a 0 <jwt_token> <wordlist>”
The secret key is “cookie” and then we have modified the cookie guest role to admin role and signed with the secret key
And then modified the request with the new cookie i.e, jwt token and then we got our key to the flag!!! 🥳
Challenge Title : Office leaks
Solution :
Given a challenge description along with a file to download and the file was a zip file
After unzipped the file by using command `unzip <filename>`
And there was a image file with filename office.jpg after opening the file and performed a clean observation to that image i found out that the flag hidden inside the pixels i.e, we have to change the resolution
For changing the resolution of the image i have taken a reference
i have first uploaded the image into the cyberchef and then converted it into hex
After converting the image into hexadecimal format i have made a search for these bytes they are “ff c0 00 11 08 02 8a 05 00”
the first 4 numbers are common to every jpg image and the next 1 number may change and the next 2 numbers will represent the height and the next 2 numbers will represent the width
after searching for these finally found the numbers and copied the entire text in the text editor and after changing the height values from 02 8a to 06 70
Then i copied the entire text and removed the previous content in cyberchef and pasted the text and converted the text by using “From HEX” option
After converted the text to image format i have saved the output as an jpg file and i got the key to the flag!!!🥳
Challenge Title : Kohara
Solution :
Given a challenge description along with a file to download and the file was a zip file
After unzipped the file by using command `unzip <filename>`
Got an image file with filename Kohraa — file.jpg and in that jpg there was a qr code but it was in blur
First we have to remove the blurness in the image so i have used stegsolver tool to remove the blur by changing the RBG colors in the image at Red Plan 7
After getting the clear image of the qr, i have observed another thing that the qr code box was also missing because the qr should consists of 3 blocks at 3 ends.
i have used an open source tool called “inkScape” to draw the other rectangle box which was missing by just copying the one side of the rectangle box to the other side
At here we got out complete qr code and after scanning the qr with a website called https://webqr.com/ got a result of some numbers they are “110 121 70 173 62 145 60 63 66 145 143 142 61 67 67 145 60 146 67 63 62 142 143 142 143 61 142 60 71 70 64 146 146 145 142 144 175”
After that i have used cyberchef to decode the decimal numbers to plain text used an option called magic and at that point we got our key to the flag!!!🥳
Kudos to you for making it through this article! If you believe it can make a difference for others, don’t hesitate to share it and give it a clap for greater visibility.
I trust it has sparked some valuable ideas for you. Keep up the learning momentum, and I’ll catch you in the next blog! Follow me for more content.
