GPCSSI (Gurugram Police Cyber Security Summer Internship)

NOTES

 USEFULL WEBSITES:-

1)cybercrime.gov.in

2)csk.gov.in

3)nciip.gov.in

4)ceir.gov.in

5)consumerhelpline.gov.in

6)bprd.nic.in

7)meity.gov.in 

1. All About Web

Our heist has come to a position where we are stuck with the web interfaces but we need your help Visit https://chall.hackershala.com

• Site: https://chall.hackershala.com/

• SQLi was bypassed with ' or 1=1-- in both fields

• CTF{YOUGOTTHEFLAG} is the flag

• The other part was just robots.txt
• CTF{YOUAREHACKER} is the flag.

2. Not Just SQL

There have been a breakthrough in our heist but we still cant access chall2.hackingbrawl.com as a privileged user.

• As usual, there is a login page: https://chall2.hackingbrawl.com/newlogin.php (This challenge was the next in the sequel to the basic sqli one)

• At first few SQL injection methods were attempted, but these went in vain. Upon using sqlmap, it was discovered that the site was vulnerable to time-based-blind injection. So manual attempts were done, the site seemed to slow down a bit when the payload was injected.

• The data value required for sqlmap was found upon doing a POST request. This value was: enroll=a&passes=

• the lower levels did not work, so the level was increased and tested.

• hack_chall2 was the database, TAB was the table, with PASSWORD and USERNAME as field(s).

python3 sqlmap.py --url https://chall2.hackingbrawl.com/newlogin.php --technique=T --random-agent --data='enroll=a&passes=' --level=5 -D hack_chall2 --dump --no-cast

• The flag was in one of the rows of the table: CTF{INJECTKAFLAG}

3. Are you Web Expert?

The hacker is playing again with us but this time we need to be patient and logical. Are you ready? https://iopt3w.hackingbrawl.com/

• Ok, so the short answer to the question is: No, I'm not lol.
• Site: https://iopt3w.hackingbrawl.com/
• The only interesting thing is the cookie part, which says "admin". Now, encoding the cookie should work, provided there is no other hurdle.
• Upon encoding the cookie with base64, we get the flag.
• The flag: ctf{thisistheflag}

4. Mobile Phones are Bad

The hacker said, Gurugram Interns are intelligent enough to get through this challenge. https://mudpmd.hackingbrawl.com/

• Again, it's a login page. https://mudpmd.hackingbrawl.com/

• SQLi was bypassed with a common payload.
• Then, https://mudpmd.hackingbrawl.com/validate_login.php asks us to provide otp. Luckily, at this point, guessing that the OTP would be a 4 digit OTP worked. (Bruteforcing seemed to be the only option now, with the numbers ranging from 0000-9999 -> num.txt, which is nothing but the wordlist)

• ffuf was used with the PHPSESSIONID of the validate_login page.

ffuf -u https://mudpmd.hackingbrawl.com/validate_login.php -b 'PHPSESSID=41vmugnlapp6vhka6ak6teqjo3' -w num.txt -d 'code=FUZZ&btnValidate=' -H 'Content-Type: application/x-www-form-urlencoded' -fr Error

• 7621 is the OTP.

• ctf{youdidit} is the flag

5. The Last Step

The challenge:

This is the last step of the heist and some noobs will say it is difficult but mark my words its all about maths, numbers and a good programmer with a curious mindset.
CFF{POUAAABMEHXKFRSRCLKTG} is the flag. Key to every locker is often not given but if you are still curious https://www.linkedin.com/in/amanjiofficial/   (Points: 150)
Hint: If Aman Sir will ever get a chance, he will marry at Eiffel Tower.

• Eiffel Tower -> Vigenère Cipher

• Attempts were made to guess the key:

  • Tried with amanjiofficial -> no result
  • Eventually, I wrote a script, but it was taking a lot of time (for some reason)
  • Then amanahuja was tried, but still there was no clue of the flag.
  • Finally amanahujaisthecreatoroft worked, the flag was CTF{CONGRATULATIONSYOUWON}

• Verifying once the key is known is easy, although I wanted to use automation only for the prior part.

6. Social Media Havoc

The heist has taken an interesting shape but reaching social media of the hacker is still unknown

• After logging in, we arrive at https://chall3.hackingbrawl.com/newlogin.php which says:

In our initial investigation we found that the Hacker is very fond of using hashtags and we got a clue about him. 
Follow #hackershalahackershala group to get to the Hacker. One interesting fact about this social media platform is that it can do what even twitter cannot.

• #hackershalahackershala hashtag was found on Facebook. Comments did not have anything in particular.
• When I checked the edit history of the post, it led me to a rabbit hole(maybe this was to confuse the player).

• But the flag was somewhere else(in the edit history itself)

• CTF{WOHOOOO}