NahamCon CTF Image

Nahamcon 2020 CTF Writeup Part Two

This is the second part of the NahamCon ctf. If you want to check out the first one, check it out HERE.


Easy Keesy


Easy Keesy Display Picture

This time the file was "KDBX" which is keepass file, these files contains password in encrypted database. I need to crack that password and use it to open the file. I used jhon for cracking the password.


Password cracking picture

I got the password which is "monkeys". Time to open the file with KeePass. I Downloaded the KeePass in my local machine. Opened the file into it and got the flag.


Picture here which aint showed by your shitty browser

Here is the flag:


Flag picture

Peter Rabbit


#

This image contained some colorfull pixel which reminds me of piet programming (a friend helped me out with this one :p).

#
So i used an online piet image decoder and got the flag.


#

Agent 95


#

The ctf page was showing this message:


#

It was looking for agent 95 (it was looking for User-Agent of windows 95). Lets give him agent 95 and get our flag. Changing "User-Agent" header in request to windows 95's header will give you the flag. I used Burp to change the header in the request.


#

Localghost


#

The webpage greeted me with a little spooky ghost:


#

The description of this ctf was "The spooky client-side code sure is scary. What spooky secrets does he have in store?". The spooky place on client-side are javascript files, upon checking them i found a string encoded in hex, i decoded the string and got another string which was base64 encoded, decoding it gave me the flag.


#

Phphonebook


#

The main page was reveling a path and a parameter:


#

Upon visting the location, the page was asking for an emergency number, i tried some emergency number like 911 but got nothing. i messed around little bit and then read the description of the challange again and the last line got my attention "but you will only get a flag if its an emergency", being a bug hunter this activiated my muscle memory and i got an idea of adding "emergency" parameter to to the request and i got the flag.


#

But the right way was the lfi, you can get the source codes of the page through lfi, and then it will revel why adding "emergency" parameter gave awy the flag.
You can get the source code of the page through local file inclusion using this payload, ?file=php://filter/convert.base64-encode/resource=phphonebook.php the codes are base64 encoded and decoding them revel the reason behind why adding "emergency" parameter worked.


#

Here it is looking for "emergency" paramter for giving away the flag.
That's it folks, I want to thank you everyone who helped me with this ctf and shoutout to NahamCon team for arranging this Con for us. See you in the next article.