Add some ctf writeups

pull/4/head
Maik de Kruif 4 years ago
parent 39a1374d5a
commit 8fd7031e45
No known key found for this signature in database
GPG Key ID: 46C1200ACD3A432F
  1. 42
      content/posts/adventofctf/challenge_0.md
  2. 43
      content/posts/adventofctf/challenge_1.md
  3. 56
      content/posts/adventofctf/challenge_2.md
  4. 26
      content/posts/adventofctf/intro.md

@ -0,0 +1,42 @@
+++
author = "Maik de Kruif"
title = "Challenge 0 - AdventOfCTF"
date = 2020-12-02T17:20:28+01:00
description = "Challenge 0 of AdventOfCTF."
tags = [
"AdventOfCTF",
"challenge",
"ctf",
"hacking"
]
categories = [
"ctf",
"hacking",
]
+++
- Points: 1
## Description
Do you remember the flag in the teaser website?
## Solution
Use the Wayback Machine to get the teaser page.
<https://web.archive.org/web/20201112020839/https://adventofctf.com/>
When taking a look at the source we find the following comment:
```html
<!-- Ceasar worked on this you know. Tk9WSXtIRVlfMVNfVGgxU19AX0ZsYTk/fQ== -->
```
If we then use `base64` to decode this string we get `NOVI{HEY_1S_Th1S_@_Fla9?}`.
```bash
> echo "Tk9WSXtIRVlfMVNfVGgxU19AX0ZsYTk/fQ==" | base64 -d
NOVI{HEY_1S_Th1S_@_Fla9?}
```
This flag can then be submitted for the [challenge](https://ctfd.adventofctf.com/challenges#0-1).

@ -0,0 +1,43 @@
+++
author = "Maik de Kruif"
title = "Challenge 1 - AdventOfCTF"
date = 2020-12-02T17:27:25+01:00
description = "Challenge 1 of AdventOfCTF."
tags = [
"AdventOfCTF",
"challenge",
"ctf",
"hacking"
]
categories = [
"ctf",
"hacking",
]
+++
- Points: 100
## Description
All starts should be easy
Visit <https://01.adventofctf.com> to start the challenge.
## Solution
When taking a look at the source we find the following comment:
```html
<!-- This is an odd encoded thing right? YWR2ZW50X29mX2N0Zl9pc19oZXJl -->
```
If we then use `base64` to decode this string we get `advent_of_ctf_is_here`.
```bash
> echo "YWR2ZW50X29mX2N0Zl9pc19oZXJl" | base64 -d
advent_of_ctf_is_here
```
We can then enter this string on the challenge website after which it will give us the flag: `NOVI{L3T_7H3_M0NTH_0F_FUN_START}`.
This flag can then be submitted for the [challenge](https://ctfd.adventofctf.com/challenges#1-2).

@ -0,0 +1,56 @@
+++
author = "Maik de Kruif"
title = "Challenge 2 - AdventOfCTF"
date = 2020-12-02T17:30:25+01:00
description = "Challenge 2 of AdventOfCTF."
tags = [
"AdventOfCTF",
"challenge",
"ctf",
"hacking"
]
categories = [
"ctf",
"hacking",
]
+++
- Points: 200
## Description
For the 2nd challenge you will need to bypass the login mechanism.
Visit <https://02.adventofctf.com> to start the challenge.
## Solution
When opening the website we're provided with a login form. If we fill in the form with random data, we're greeted with some text that says a guest cannot access the flag.
After trying serveral things, I opened the devtools to have a look at the cookies. Here we find a cookie with the name `authenticated`:
```cookie
authenticated=eyJndWVzdCI6InRydWUiLCJhZG1pbiI6ImZhbHNlIn0%3D
```
The value of this cookie looks like a base64 encoded string so lets try to decode it:
_Note: in a url encoded string, the text `%3D` means a `=`._
```bash
> echo "eyJndWVzdCI6InRydWUiLCJhZG1pbiI6ImZhbHNlIn0=" | base64 -d
{"guest":"true","admin":"false"}%
```
The result is some JSON data which specifies whether we are a guest or an admin.
Normally, we can easily alter the string to say we're an admin, but this time there is some weird non-printable character at the end. This means we can't easily modify it while still having the correct response. To circumvent this, I'll use `sed` to replace the string while keeping the non-printable character:
```bash
> echo "eyJndWVzdCI6InRydWUiLCJhZG1pbiI6ImZhbHNlIn0=" | base64 -d | sed 's/"guest":"true"/"guest":"false"/g' | sed 's/"admin":"false"/"admin":"true"/g' | base64
eyJndWVzdCI6ImZhbHNlIiwiYWRtaW4iOiJ0cnVlIn0=
```
If we put this string back into the cookie and refresh the page we get the flag: `NOVI{cookies_are_bad_for_auth}`.
This flag can then be submitted for the [challenge](https://ctfd.adventofctf.com/challenges#2-3).

@ -0,0 +1,26 @@
+++
author = "Maik de Kruif"
title = "Intro to AdventOfCTF"
date = 2020-12-02T17:10:12+01:00
description = "Challenge 0 of AdventOfCTF."
tags = [
"AdventOfCTF",
"challenge",
"ctf",
"hacking"
]
categories = [
"ctf",
"hacking",
]
+++
So, I'm in this Discord server and somebody by the name [@credmp](https://twitter.com/credmp) thought it'd be a great idea to do an advent calendar of CTF challenges. Every day of december, up until christmas, a new challenge will open up. It starts out easy, accessible to anyone and will grow in complexity as time progresses.
For me, this will be a good opportunity to share some insight in these kind of challenges for people who aren't familiar with them.
To get an overview of all my writeups for this CTF, go [here](/tags/adventofctf/).
## What is a CTF?
CTF stand for Capture The Flag, it's a kind of information security competition that challenges participants to solve a variety of puzzles. The challenges range from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. In these challenges, you are usually asked to find a specific piece of text that may be hidden on the server or behind a webpage. This text is called a flag, hence the name "Capture The Flag".
Loading…
Cancel
Save