Nahamcon 2020 CTF Writeup Part One
NahamCon a virtual security conference organized by
NahamSec, Stok, John Hammond and TheCyberMentor. It also had CTF challanges and this was my first
ever competitive CTF, i learnt a lot and thought of writing up my own experience.I am going to divide
this ctf writeup into two parts as i am going to use pictures for every step and if i put everything into
one writeup it will be long, no one want to read a long boring post. So lets get started.
Note: English is not my first language so please ignore my mistake.
Read the Rules
This page have the rules that we have to follow for ctf challanges, it was the simple one, i checked the source codes of the web page and first i searched for the flag format but didnt get it then i searched for comments and got the flag.
In this challange i have to extract flag from a file, i just ran a strings command on the file and got the flag.
In this challange i also have to extract the flag from the file, which i could get by using strings command like in the previous challange but there is a proper tool for extracting metadata from files which is exiftool, I ran it on the file and got the flag.
Openeing the ctf link i saw a picture of Elliot Alderson.
The first thing came to my mind was doing steganography on the image as i saw some data on the picture, but i got nothin, i also tried to read the metadata from the image like in previous challanges but didnt get anything. i also tried looking at source code and found nothing there. i will lie if i say i didnt spend time on this one, i got the flag and all i was missing a common sense.After spending some time on it, i lean back on the chair and took a look at the challange name “Mr.Robot” and thought about checking the "robots.txt" file and yeah i got the flag, "Sometime all you need is a common sense".
The page greeted me with a login form, i can login with just by providing a username
I successfully logged in with username "test" and saw an error message that was "Sorry, Only admin can see the flag".
Now i need to login in as Admin to get the flag. I tried to login with username "Admin" and got an error message of "Login as Admin has been disabled".
I fired up my Burp to see what happened under the hood when we tried to login as user "test", the web is setting a cookie for user as you can see below in the picture:
I changed the cookie value to "admin" and sent the request
But there was something weird in the response, the response was telling me that i am logged in as user "nqzva" but i was trying to login as user "test".
A quick google search reveled that this is ROT13 encryption and decrytping it gave me the value of "admin". The website encyrpting the username in ROT13 and using that value as the session cookie, i just need to provide the Rot13 encrypted value of the word "admin" to session cookie to login as Admin. I did this and got the flag.
That's it and thank you for reading this, see you in the next write-up