maik
/
Personal-Website
mirror of https://github.com/maikka39/Personal-Website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add some ctf writeups

Browse Source
pull/4/head
Maik de Kruif 3 years ago
parent 39a1374d5a
commit 8fd7031e45
No known key found for this signature in database
GPG Key ID: 46C1200ACD3A432F
4 changed files with 167 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 42
      content/posts/adventofctf/challenge_0.md
  2. 43
      content/posts/adventofctf/challenge_1.md
  3. 56
      content/posts/adventofctf/challenge_2.md
  4. 26
      content/posts/adventofctf/intro.md

42
content/posts/adventofctf/challenge_0.md
Unescape View File

@ -0,0 +1,42 @@
+++
author = "Maik de Kruif"
title = "Challenge 0 - AdventOfCTF"
date = 2020-12-02T17:20:28+01:00
description = "Challenge 0 of AdventOfCTF."
tags = [
"AdventOfCTF",
"challenge",
"ctf",
"hacking"
]
categories = [
"ctf",
"hacking",
]
+++
- Points: 1
## Description
Do you remember the flag in the teaser website?
## Solution
Use the Wayback Machine to get the teaser page.
<https://web.archive.org/web/20201112020839/https://adventofctf.com/>
When taking a look at the source we find the following comment:
```html
<!-- Ceasar worked on this you know. Tk9WSXtIRVlfMVNfVGgxU19AX0ZsYTk/fQ== -->
```
If we then use `base64` to decode this string we get `NOVI{HEY_1S_Th1S_@_Fla9?}`.
```bash
> echo "Tk9WSXtIRVlfMVNfVGgxU19AX0ZsYTk/fQ==" | base64 -d
NOVI{HEY_1S_Th1S_@_Fla9?}
```
This flag can then be submitted for the [challenge](https://ctfd.adventofctf.com/challenges#0-1).

43
content/posts/adventofctf/challenge_1.md
Unescape View File

@ -0,0 +1,43 @@
+++
author = "Maik de Kruif"
title = "Challenge 1 - AdventOfCTF"
date = 2020-12-02T17:27:25+01:00
description = "Challenge 1 of AdventOfCTF."
tags = [
"AdventOfCTF",
"challenge",
"ctf",
"hacking"
]
categories = [
"ctf",
"hacking",
]
+++
- Points: 100
## Description
All starts should be easy
Visit <https://01.adventofctf.com> to start the challenge.
## Solution
When taking a look at the source we find the following comment:
```html
<!-- This is an odd encoded thing right? YWR2ZW50X29mX2N0Zl9pc19oZXJl -->
```
If we then use `base64` to decode this string we get `advent_of_ctf_is_here`.
```bash
> echo "YWR2ZW50X29mX2N0Zl9pc19oZXJl" | base64 -d
advent_of_ctf_is_here
```
We can then enter this string on the challenge website after which it will give us the flag: `NOVI{L3T_7H3_M0NTH_0F_FUN_START}`.
This flag can then be submitted for the [challenge](https://ctfd.adventofctf.com/challenges#1-2).

56
content/posts/adventofctf/challenge_2.md
Unescape View File

@ -0,0 +1,56 @@
+++
author = "Maik de Kruif"
title = "Challenge 2 - AdventOfCTF"
date = 2020-12-02T17:30:25+01:00
description = "Challenge 2 of AdventOfCTF."
tags = [
"AdventOfCTF",
"challenge",
"ctf",
"hacking"
]
categories = [
"ctf",
"hacking",
]
+++
- Points: 200
## Description
For the 2nd challenge you will need to bypass the login mechanism.
Visit <https://02.adventofctf.com> to start the challenge.
## Solution
When opening the website we're provided with a login form. If we fill in the form with random data, we're greeted with some text that says a guest cannot access the flag.
After trying serveral things, I opened the devtools to have a look at the cookies. Here we find a cookie with the name `authenticated`:
```cookie
authenticated=eyJndWVzdCI6InRydWUiLCJhZG1pbiI6ImZhbHNlIn0%3D
```
The value of this cookie looks like a base64 encoded string so lets try to decode it:
_Note: in a url encoded string, the text `%3D` means a `=`._
```bash
> echo "eyJndWVzdCI6InRydWUiLCJhZG1pbiI6ImZhbHNlIn0=" | base64 -d
{"guest":"true","admin":"false"}%
```
The result is some JSON data which specifies whether we are a guest or an admin.
Normally, we can easily alter the string to say we're an admin, but this time there is some weird non-printable character at the end. This means we can't easily modify it while still having the correct response. To circumvent this, I'll use `sed` to replace the string while keeping the non-printable character:
```bash
> echo "eyJndWVzdCI6InRydWUiLCJhZG1pbiI6ImZhbHNlIn0=" | base64 -d | sed 's/"guest":"true"/"guest":"false"/g' | sed 's/"admin":"false"/"admin":"true"/g' | base64
eyJndWVzdCI6ImZhbHNlIiwiYWRtaW4iOiJ0cnVlIn0=
```
If we put this string back into the cookie and refresh the page we get the flag: `NOVI{cookies_are_bad_for_auth}`.
This flag can then be submitted for the [challenge](https://ctfd.adventofctf.com/challenges#2-3).

26
content/posts/adventofctf/intro.md
Unescape View File

@ -0,0 +1,26 @@
+++
author = "Maik de Kruif"
title = "Intro to AdventOfCTF"
date = 2020-12-02T17:10:12+01:00
description = "Challenge 0 of AdventOfCTF."
tags = [
"AdventOfCTF",
"challenge",
"ctf",
"hacking"
]
categories = [
"ctf",
"hacking",
]
+++
So, I'm in this Discord server and somebody by the name [@credmp](https://twitter.com/credmp) thought it'd be a great idea to do an advent calendar of CTF challenges. Every day of december, up until christmas, a new challenge will open up. It starts out easy, accessible to anyone and will grow in complexity as time progresses.
For me, this will be a good opportunity to share some insight in these kind of challenges for people who aren't familiar with them.
To get an overview of all my writeups for this CTF, go [here](/tags/adventofctf/).
## What is a CTF?
CTF stand for Capture The Flag, it's a kind of information security competition that challenges participants to solve a variety of puzzles. The challenges range from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. In these challenges, you are usually asked to find a specific piece of text that may be hidden on the server or behind a webpage. This text is called a flag, hence the name "Capture The Flag".
Write Preview
Loading…
Cancel
Save