Nahamcon 2020 CTF Writeup Part Two
This is the second part of the NahamCon ctf. If you want to check out the first one, check it out HERE.
This time the file was "KDBX" which is keepass file, these files contains password in encrypted database. I need to crack that password and use it to open the file. I used jhon for cracking the password.
I got the password which is "monkeys". Time to open the file with KeePass. I Downloaded the KeePass in my local machine. Opened the file into it and got the flag.
Here is the flag:
This image contained some colorfull pixel which reminds me of piet
programming (a friend helped me out with this one :p).
So i used an online piet image decoder and got the flag.
The ctf page was showing this message:
It was looking for agent 95 (it was looking for User-Agent of windows 95). Lets give him agent 95 and get our flag. Changing "User-Agent" header in request to windows 95's header will give you the flag. I used Burp to change the header in the request.
The webpage greeted me with a little spooky ghost:
The main page was reveling a path and a parameter:
Upon visting the location, the page was asking for an emergency number, i tried some emergency number like 911 but got nothing. i messed around little bit and then read the description of the challange again and the last line got my attention "but you will only get a flag if its an emergency", being a bug hunter this activiated my muscle memory and i got an idea of adding "emergency" parameter to to the request and i got the flag.
But the right way was the lfi, you can get the source codes of the page through lfi, and then it will revel why adding
"emergency" parameter gave awy the flag.
You can get the source code of the page through local file inclusion using this payload, ?file=php://filter/convert.base64-encode/resource=phphonebook.php the codes are base64 encoded and decoding them revel the reason behind why adding "emergency" parameter worked.
Here it is looking for "emergency" paramter for giving away the flag.
That's it folks, I want to thank you everyone who helped me with this ctf and shoutout to NahamCon team for arranging this Con for us. See you in the next article.