Managed to find some time to grab the low hanging fruit on this CTF:
Exactly what it says on the tin. Inspect the source code, the flag is commented.
Another free flag – you simply need to connect to the challenge
nc mc.ax 31443
I was given this string and told something about scissors
“scissor” sounds like caesar – so it’s likely to be a Caesar cipher.
Using the boxentriq code breaking tools we get:
so flag is:
Challenge presented a basic username/password web application
Simple SQLi –
username: admin password: ' or 1=1;
The following two challenges were my “learners” where I discovered new tools and solved (albeit basic) challenges I had struggled with before.
Given the following data and a hint that it relates to weak RSA implementation:
I learned that n is a function of factors p and q; once you know p,q, automated solving can be simple.
Check to see if the factors of n are “known” on FactorDB
They are – p = 12546190522253739887 q = 18207136478875858439
We can now try using RSACtfTool to solve:
./RsaCtfTool.py --uncipher 126721104148692049427127809839057445790 -p 12546190522253739887 -q 18207136478875858439 -e 65537
We are presented with two web applications:
The first, a basic pastebin which accepts input and then redirects to the newly generated paste
The second an “AdminBot” which suggests Admin will visit the URL that is provided as input.
So this appeared to be a XSS challenge to create a paste that will cause AdminBot to spill secret data.
Testing that theory, the first paste is:
Sure enough, when we submit the paste and redirect, we get an alert so the page is vulnerable to XSS.
We then need to set up a webhook – I use this site.
We then try to steal cookies using XSS by pasting following:
This generates a URL for our paste which we feed to AdminBot – we get the flag as a GET request on our webhook:
Decoding from HTML Charset: