Lakshya CTF 2k24 by pict cyber cell

9 months ago 71
BOOK THIS SPACE FOR AD
ARTICLE AD

the quieter you become the more you are able to hear (kali linux)

Suyog Patil

Before starting the walkthrough, let me introduce myself. Hola! I am Suyog Patil from Tasgaon, India. I am a hacker, bug hunter, CTF player, a lil-bit developer, weeb. I am passionate about computers, and technology evolving around us. I am very glad that I am exploring and trying to hack different technologies every day that we are directly or indirectly connected . This is my first write-up, so please ignore any grammar or other mistakes. For connecting check my do ckeck my website

Let’s start…

1. Get the password

The challange Image
Flag statement

In this particular challange they given us an website which is protectd by some username and password like:

As usual I decided to view the page source and as I thought I got some link here at the bottom of the page :

Source image

https%3A%2F%2Fgetthepassword-six.vercel.app%2Fasdfghjkl

this link have some html encoding to avoid the users to visit the website. like %3A%2F%2F(://) and %2F(/) . after rearranging our link will be like:

https://getthepassword-six.vercel.app/Fasdfghjkl

after visiting this link I reached the page like :

here we can see there is some encrypted text . First we try to decode this. This is the base64 encryption . So we have to decode this to move forward.

base 64 decoding

After decoding we got maybe password : l@k5hy@(tf

So If we see the login page deeply we can predict the username

every player need to log in to get the flag.

In this line username will be player bcz its highlighted.

after using the username and password I tryed to log in and …

The flag windowTIP : If its's a web challange then , firstly alwasy go for source code review

3. Formatting Error

Flag statement

In this challenge they give a zip . so as always extracted it and moved on for analysing .txt file .

If you use the file command in the Linux and type the name of any file then it will show you is the extension give is correct or not . bcz most of the file in ctf challenges they play on extensions.

Initial process

file attchment.txt

this command shows you the file nature it’s nature and what it contains.

As I say they play with extensions and names . by file command I came to know the original extension of this txt file was pdf. so I changed the extension and checked for flag. But bad luck .

.pdf file

I don’t know what happened and I went chatgpt for new technique . And guess what.

I came across the tool called pdftotext . this tool is just convert the pdf secret message the output.txt .

The flag teminal.

This challange was easy but too much confusing. but thanks to chatgpt.

Mark my words AI is far more dangerous (Elon musk) .

TIP : Alwasy consider chatgpt the last options for clues.

4 . Tag the song

Flag statemnt

In this challenge they provided one audio file . Don’t know but I’ve read article about audio file challenge writeup. mostly we have to find flags in that audio file by opening an audio-file-editor and check the ultrasonic sounds and all.

I decided to leave this challenge but as per law there as some commands that is used for hide secret messages in the images , videos and audio files . so I decided to check one .

I used strings command


The strings command in steganography is a tool used to extract human-readable text strings from binary files. Here's a brief overview in five lines:

Function: strings command extracts printable character sequences from binary files, typically uncovering hidden messages or metadata embedded within files.
Usage: It's often employed to analyze files, such as images or executables, to reveal concealed information that may not be immediately visible.
Scope: strings searches for sequences of characters that meet specific criteria, disregarding non-printable or irrelevant data.
Applications: It's frequently used in digital forensics, security analysis, and steganographic investigations to unveil covert messages or clues.
Output: The output of strings includes any human-readable text strings found in the file, offering insights into its contents or potential hidden content.

The flag terminal

After analysing that audio file using strings command . And i got the flag.

TIP : No matter what extensin , check if there is any hidden mesage.

5. pearl harbour

If you read the challeng then you will understand it’s a puzzel. But they said flag is in the message.wav or riddle.txt .

but after the extracting a folder there was three files. then I decided to open pdf. but it was protected by password.

pdf screenshot

After googling I came to know this is the ctf challenge . To solve the challenge I should crack the password by brute forcing.

I used johntheripper the world famous hacker tool.

John the Ripper is a powerful password cracking tool known for its versatility and effectiveness in recovering passwords. Here's a brief explanation in five lines:

Functionality: John the Ripper is a command-line tool designed for cracking password hashes using various attack methods, including dictionary, brute-force, and hybrid attacks.
Hash Types: It supports a wide range of hash types, including UNIX, Windows, and more, making it compatible with many password storage mechanisms.
Customization: Users can customize attack parameters, such as wordlists, mangling rules, and attack modes, to optimize the cracking process for specific scenarios.
Performance: John the Ripper is highly optimized and can exploit multi-core CPUs and GPU acceleration, enabling fast and efficient password cracking.
Applications: It is widely used by security professionals, penetration testers, and forensic analysts to assess the strength of passwords and enhance overall security posture.

initial steps

first we have to convert protected pdf to hash using pdf2john tool. and crack that hash buy using johntheripper tool. we have to provide the wordlist to tool for cracking . If you are using kali-Linux then there is world famous wordlist called rockyou.txt in kali which contains nearly 14,341,564 unique passwords

After successfully cracking the hash we got the password . kamakazi.

“The creator of this challenge should be an Eminem fan; that’s why he chose this password.”

after using password we can access the pds and got the flag.

TIP : If you see any file is protectd by password then use the john the ripper tool.

8. Log In If You Can

After reading he problem statement I went to the website . There was just a login function.

So as usually I checked for the Source code if I get any leading information for flag But nothing anything else was there. After doing all my methods sqli comes in my mind so I went to sqli payloads .

And try to buy pass admin panel: and did it successfully.

SQL Injection (SQLi):

SQL injection is a type of security vulnerability that occurs when an attacker is able to inject malicious SQL code into a web application's SQL query.
It typically happens when user input is not properly sanitized or validated before being included in SQL queries, allowing attackers to manipulate the queries' logic.
SQL injection attacks can result in unauthorized access to sensitive data, modification of database records, and even complete control over the web application and its underlying server.

Payload Explanation:

The payload ‘admin’ or ‘1’=’1' is crafted to manipulate the logic of a SQL query executed by a web application.
In SQL, the condition ‘1’=’1' is always true. By appending this condition to the query, the attacker ensures that the modified query will always return results.

Flag windowTIP : after the source code review for login fuctionality use sqli.
Read Entire Article