Wednesday, 16 June 2021

GPCSSI (Gurugram Police Cyber Security Summer Internship)

NOTES

 USEFULL WEBSITES:-

1)cybercrime.gov.in

2)csk.gov.in

3)nciip.gov.in

4)ceir.gov.in

5)consumerhelpline.gov.in

6)bprd.nic.in

7)meity.gov.in 

1. All About Web

Our heist has come to a position where we are stuck with the web interfaces but we need your help Visit https://chall.hackershala.com

image

  • The other part was just robots.txt
  • CTF{YOUAREHACKER} is the flag.

image

2. Not Just SQL

There have been a breakthrough in our heist but we still cant access chall2.hackingbrawl.com as a privileged user.

  • As usual, there is a login page: https://chall2.hackingbrawl.com/newlogin.php (This challenge was the next in the sequel to the basic sqli one)

  • At first few SQL injection methods were attempted, but these went in vain. Upon using sqlmap, it was discovered that the site was vulnerable to time-based-blind injection. So manual attempts were done, the site seemed to slow down a bit when the payload was injected.

  • The data value required for sqlmap was found upon doing a POST request. This value was: enroll=a&passes=

  • the lower levels did not work, so the level was increased and tested.

  • hack_chall2 was the database, TAB was the table, with PASSWORD and USERNAME as field(s).

python3 sqlmap.py --url https://chall2.hackingbrawl.com/newlogin.php --technique=T --random-agent --data='enroll=a&passes=' --level=5 -D hack_chall2 --dump --no-cast
  • The flag was in one of the rows of the table: CTF{INJECTKAFLAG}

image

image

3. Are you Web Expert?

The hacker is playing again with us but this time we need to be patient and logical. Are you ready? https://iopt3w.hackingbrawl.com/
  • Ok, so the short answer to the question is: No, I'm not lol.
  • Site: https://iopt3w.hackingbrawl.com/
  • The only interesting thing is the cookie part, which says "admin". Now, encoding the cookie should work, provided there is no other hurdle.
  • Upon encoding the cookie with base64, we get the flag.
  • The flag: ctf{thisistheflag}

image

4. Mobile Phones are Bad

The hacker said, Gurugram Interns are intelligent enough to get through this challenge. https://mudpmd.hackingbrawl.com/

image

  • SQLi was bypassed with a common payload.
  • Then, https://mudpmd.hackingbrawl.com/validate_login.php asks us to provide otp. Luckily, at this point, guessing that the OTP would be a 4 digit OTP worked. (Bruteforcing seemed to be the only option now, with the numbers ranging from 0000-9999 -> num.txt, which is nothing but the wordlist)

image

  • ffuf was used with the PHPSESSIONID of the validate_login page.
ffuf -u https://mudpmd.hackingbrawl.com/validate_login.php -b 'PHPSESSID=41vmugnlapp6vhka6ak6teqjo3' -w num.txt -d 'code=FUZZ&btnValidate=' -H 'Content-Type: application/x-www-form-urlencoded' -fr Error
  • 7621 is the OTP.

image

  • ctf{youdidit} is the flag

image

5. The Last Step

The challenge:

This is the last step of the heist and some noobs will say it is difficult but mark my words its all about maths, numbers and a good programmer with a curious mindset.
CFF{POUAAABMEHXKFRSRCLKTG} is the flag. Key to every locker is often not given but if you are still curious https://www.linkedin.com/in/amanjiofficial/   (Points: 150)
Hint: If Aman Sir will ever get a chance, he will marry at Eiffel Tower.

  • Eiffel Tower -> Vigenère Cipher

  • Attempts were made to guess the key:

    • Tried with amanjiofficial -> no result
    • Eventually, I wrote a script, but it was taking a lot of time (for some reason)
    • Then amanahuja was tried, but still there was no clue of the flag.
    • Finally amanahujaisthecreatoroft worked, the flag was CTF{CONGRATULATIONSYOUWON}

  • Verifying once the key is known is easy, although I wanted to use automation only for the prior part.

image

6. Social Media Havoc

The heist has taken an interesting shape but reaching social media of the hacker is still unknown

In our initial investigation we found that the Hacker is very fond of using hashtags and we got a clue about him. 
Follow #hackershalahackershala group to get to the Hacker. One interesting fact about this social media platform is that it can do what even twitter cannot.
  • #hackershalahackershala hashtag was found on Facebook. Comments did not have anything in particular.
  • When I checked the edit history of the post, it led me to a rabbit hole(maybe this was to confuse the player).

image

  • But the flag was somewhere else(in the edit history itself)

  • CTF{WOHOOOO}


at No comments:
Subscribe to: Posts (Atom)

Ultimate Ethical Hacking Course By Udemy

 Lecture 10 Basic Commands  pwd, cd, ls, touch, less, history, cp, mv, echo, cat, whoami, mkdir, rmdir, rm ,locate, man, which, whatis, wher...