1 - Snowflake - Crypto
25 - Easy 1 - Web
Doom is upon us. We are surrounded by enemies on all sides. There is only one hope. Use your hacking skills to find it.
50 - Easy 2 - Web
Heighten your situational awareness.
Dress in clothes that are common to the area where you are, or where you plan to go.
Avoid bright colors. Neutral will blend in. Choose grey over black or white or red.
There is a form:
Change the hidden input field value (
<input type="hidden" name="is_admin" value="1" />) from
1 and submit inputs.
We get the flag:
150 - Tag - Forensics
You are surrounded by zombies on all sides. Blood and flesh that drip from their mouths. You run for cover in an abandoned building. As you huddle in terror under a delapitated desk your foot brushes against a small package. What could be inside???
tag.gz with Wireshark.
We can be ready to find some files:
In Wireshark: File > Export Objects > HTTP. Here we can save 3 files: 2 images (jpeg) and 1 archive (7z).
Images are useless and archive is password protected.
Let's find password in the
pcap-ng. If you do a
tag.gz you can see a lot of trailing data that are no port of the extracted files.
The data are on frame n°313 in the TCP data field (length 1116). Right click on data and Export Selected Packet Bytes.
That looks like base64:
That now looks like hex:
Now we get a quote, let's paste it in a search engine, that come from
the road as password.
150 - Vanity - Crypto
You need to buy some things, and luckily the local merchant accepts Bitcoin! You found out he only checks that the first four characters of his address and the one you send the coins to. Can you make him think you are sending him the coins while they really go to yourself?
nc pwn.sunshinectf.org 40003
We need to have a bitcoin address where the 4 first char are the same as the vendor address:
To generate a private key matching a 4 case-sensitive pattern is used vanitygen:
But output of the private key is WIF encoded in base58 and we need a hexadecimal encoding of the uncompressed private key, so I used bitcoin-tool to convert it:
150 - Zombiedex - Web
Warning: partial solution!
Convert from HEX to ASCII:
Reverse the string:
That's the credentials I used to lokin in JSON format.
Or in one line:
Let's inject something in the JSON and send a crafted cookie.
Warning: we didn't go further.