- Name : Egypt & UAE National Cyber Security CTF Quals 2017
- Website : cybertalents.com
- Type : Online
- Format : Jeopardy
- CTF Time : link
25 - G&P List - Digital Forensics#
Just Open the File and Capture the flag . Submission in MD5
$ strings G\&P+lists.docx | grep -i flag noraj@noraj-pc
You can see the flag right here between
PK. But you can extract the
dock as an archive and just read the
25 - Hidden Message - Digital Forensics#
A cyber Criminal is hiding information in the below file . capture the flag ? submit Flag in MD5 Format
Let's see exif metadata:
$ exiftool hidden_message.jpg | grep -i Notice noraj@noraj-pc
25 - Crack the Hash - Cryptography#
A hacker leaked the below hash online.Can you crack it to know the password of the CEO? 1ab566b9fa5c0297295743e7c2a6ec27
$ hashid 1ab566b9fa5c0297295743e7c2a6ec27
It must be a MD5 hash. I used the
findmyhash script but had no result. Then I tried online on hashkiller.
The flag was
50 - Admin has the power - Web Security#
If we take a look at the source code we can see:
<!-- TODO: remove this line , for maintenance purpose use this info (user:support password:x34245323)-->
And if we login as the
support user we get the following message:
Our cookie look likes this:
PHPSESSID=uq82s6g3kdbknicsj8eb040pj0; role=support. Maybe we can change the
We just used burp as proxy to intercept our request and change our cookie to
The result is:
50 - Cypher Anxiety - Digital Forensics#
Warning: We get the picture but we didn't get the right flag.
$ strings find\ the\ image.pcap| head -11
So they use cryptcat over the port 7070 with the secret key
With wireshark let's filter
tcp.port == 7070, then flow TCP stream and save it as raw file.
Then open a netcat client on localhost:
netcat localhost 7070 < crypted.file.
And open a cryptcat listener on localhost:
cryptcat -l -k P@ssawordaya -p 7070 > decrypted.file.
$ file decrypted.jpeg noraj@noraj-pc
Both submiting md5 hash of the picture or the thumbnail failed. We didn't get the flag.