BackdoorCTF Practice

Path

  • dig -t ns flag.bckdr.in

Layers

  • 624870365a446f764c32527a59587076636d746d4c6e466c5a7938786355524f626d307a51673d3d
  • hex2ascii
  • bHp6ZDovL2RzYXpvcmtmLnFlZy8xcURObm0zQg==
  • base64 decode
  • lzzd://dsazorkf.qeg/1qDNnm3
  • keyed ceasar cypher, swap alphabet characters until you have a valid domain name

Lost Found

  • the git repository includes an commit object located in lost-found
  • git cat-file -p f7cee847b02a589cd3d0fa4e2c32cf9a0ccd94a6
  • this file points to a tree object, that in turn points to a blob named flag.txt

Redirection

  • the page includes a form that posts to handle.php
  • curl http://hack.bckdr.in/REDIRECT/handle.php -I
  • handle.php generates a 302 redirect, hiding the request body
  • curl -d "password=foo" http://hack.bckdr.in/REDIRECT/handle.php

Search

  • search.txt does not seem to be a text file
  • file search.txt
  • this shows us it’s a an image with a qr code

Hidden Flag - Easy

  • strings hide_easy
  • this includes the flag

Writeup for n00b15CTF

Source

Jay’s Blog: Writeup for n00b15CTF

This is a collection of hints for all the problems in the recently conducted Capture The Flag (CTF) contest conducted by SDSLabs as a way to get n00bs (beginners) to have a taste of the beautiful world of hacking. It was a pretty fun contest even though it was quite easy.

Test

Use a SHA256 tool. My favourite is to just search for “SHA256 STRING_TO_BE_SHA256” on my default search engine (www.duckduckgo.com)

Location-51

There is a redirect occuring here from http://hack.bckdr.in/LOCATION-51/index.html to http://hack.bckdr.in/LOCATION-51/trap.html Stop this redirect, and read the source of index.html The javascript there gives away the flag

Hidden flag - Easy

Using the file linux command, we find out that it is an ELF binary, but running it gives nothing. However, running strings on it gives away the flag.

The zip file contains a .txt file which does not seem normal text, so we run a file on it. This says that it is jpeg, so change it to .jpg and open it. It is a QR code. Decode this using some online tool (just search for “QR code decode online” for a large number of free tools) and get a link. The link has the flag.

Lost

The message says Console, so open up console in Firefox. The message then tells you to POST data to a link. Going to this link directly does nothing, but sending it any random POST data (using HackBar addon in Firefox for example) gives the flag.

Hidden flag - Medium

Analyzing the file with IDA Pro shows that there is a function called print_flags() which is not called inside main(). Running this function should print the flag. We can do this by attaching gdb to the binary, breaking the execution and running the print_flags() function.

Clutter

Extracting the file and analyzing with Wireshark shows that there is too much to work with. But exporting all the files and then running strings on it would probably work. However, filtering this is a pain, so I just ran a grep for flag and the answer will be visible near a pastebin title.

No - Signal

Use GIMP or Photoshop to add the images. The flag should be obvious then.

Sound

Slow down and reverse the sound wave using Audacity. Listen to it and it should be obvious what the flag is.

Sequel

Looking at the code, it seems like a SQL injection can be done here. Downloading the database.sdb file and rewriting the source code to start throwing data from database, you realize that there is no user sdslabs in the database. This makes it obvious that you need to add the user. The following username virtually that: ‘ UNION SELECT ‘sdslabs’,’sdslabs’,’sdslabs’,’sdslabs’,’0c4ea8f5b344600f78516334254e9e085f2225a42a0bb18fa8bd774589f1ca19’ UNION SELECT * FROM users WHERE ‘0’=’1. Note that this query will not work directly, the password will have to be set accordingly.

Undisputed

The file is a ext4 filesystem (use file command if you don’t trust the extension). Mount this in linux using the mount command (read man mount to know how) and then open the file inside to see the flag.

Did you find any other cool/new ways of solving any of these tasks? If so, leave a comment below.

Practice Sites for CTF

Practice CTF List / Permanant CTF List

Here’s a list of some CTF practice sites and tools or CTFs that are long-running. Thanks, RSnake for starting the original that this is based on. If you have any corrections or suggestions, feel free to email ctf at the domain psifertex with a dot com tld.

Live Online Games

Whether they’re being updated, contain high quality challenges, or just have a lot of depth, these are probably where you want to spend the most time.

Others

Meta

Webapp Specific

Forensics Specific

Recruiting

Downloadable Offline Games

Inactive or Gone

Just around for historical sake, or on the off-chance they come back.

Source: http://captf.com/practice-ctf