Cybertalents Quals : Saudi, Sudan, Egypt and Tunisia National CTF 2020 Write-Up
Web Challenges
1- Pr0mo [ easy (50 pts) ]
From the challenge name I recognize that is somthing about cookies or tokens to be admin instead of user(guest) … So after going to the url I looked for cookies and I found JWT
So I went Here to debug the token and as I expected I am guest
Sure let’s edit guest to admin , and then send it
OMG!! Nothing happen and the token didn’t change . Then I recognize that this token is missing secret-key , so let’s make a Dic-attack on it by jwt_tool
Bingooo Secret-key founded it took seconds to find it :)
Let’s Inject The secret-key into the token
And voilà I found a somthing looks like a programming language i know , it was BrainFuck language .. So Let’s decode it
BINGOO I found the FLAG
Red Alert 2.0 [ easy (50 pts) ]
From the challenge name I thought that this is a XSS and the flag will appear if i just make alert
So after open url i search for the parameter to inject the payload and it was ?keyword= .. OK let’s check for tags and quotas to know if it wil printed or not
and it was amazing no tags or quotas was filtered .. This make me thing that is an easy challenge. so i put a small payload <script>alert(1)</script> and surprise all the payload didn’t printed . ok i go ahead to inspect place where the payload printed and i found the payload has something like deactivate
So i’ll try some attribute to know what is will not deactivate like <script>
I’ll try <div> <img>
Good it worked and it likes DOM tree. So let’s inject <img> xss payload
<div><img src=1 onerror=alert(1)></div>
Bingooooo it worked and it makes alert But there is no Flag , so it wasn’t as I expected :( … The answer is more than alert…
So I search For DOM tree bypass using XSS
and I found This amazing article which learn me something about XSS called Mutation XSS .. So I searched about it and found this
and after reading the article I found the final payload to get the flag
<noscript><p title="</noscript><img src=x onerror=alert(1)>">
And Finally I solved It .. Really it was a good challenge
Mystery [ medium (100 pts) ]
After opening the url i found 3 links refer to 3 downloadable files
The files name were unusual , they like hash.. so let’s crack it on crackstation and i found something interesting : file names were numbers but it decrypted by md5 algorithm
So good , let’s make a simple script make md5 hash for numbers from 1 to 200 , maybe i find something good
and put the result in file fuzz.txt to make fuzzing in the files
bingoo a new file appears.. Let’s download it
Amazing it is the Flag :)
Digital Forensics Challenges
Images3c [ easy (50 pts) ]
It was more than easy challenge .. Just run stegcracker and you will found the Flag
malicious [ file medium (100 pts) ]
To find the MFT entry number you need to download Shellbags Explorer
after opening there is a folder called Windows Loder it seems has something so i opened it and i get the MFT entry number (17120) and make md5 to it and it is the flag.
Cryptography Challenges
Queen [ medium (100 pts) ]
From The name it seems something related mary queen cipher. The challenge was include 5 text files seems not too good but i thought it require to make XOR brute-force to find the key , maybe i can reed the files content . So I used this site to find it
Then Let’s go to cyberchef to find the right key
Bingooo JFIF … it seems it is image , let’s render it
So it was as same as i expected :) It was Mary Queen Cipher
If you have any question you can contact me via Twitter LinkedIn