Cybertalents Quals : Saudi, Sudan, Egypt and Tunisia National CTF 2020 Write-Up

Hi , My name is Ahmed Magdy

This is frist write-up for my

Let’s go……

General Information

After search in (( al4y5 Google ))

The answer >> “ macro virus ” but the answer to submit “ macro

Let’s go solving the web challenge

1- Pr0mo ( Easy )

pr0mo

I don’t find any button so check the sourse code and i don’t find any thing again so

I check in case i find the cookies

I find this cookies
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiZ3Vlc3QifQ.-HH8XJLZbewaxQQkraUukPpThcOG9LUSIq7gxhlMF6s

After search in (( al4y5 google )) I find two attack in jwt

one of them Cracker Signature

So i use the tool jwt-secret

I find the secret key (123123)

and change the user from “guest” to “admin”

And i use the storage in tool inspet element and edite the new cookies

it was BrainFuck language .. So Let’s decode it

it is BrainFuck language .. So Let’s decode it

go to This website to decode the string

Flag: FLAG{JWT_I_Lik3_iT}

2-Red Alert 2.0 ( easy )

I check the sourse code and i find the js code but i don’t understand it at frist

so i tried the XSS Alert Payload

I tried <img src=1 onerror=alert(1)> but the payload not give my the alert but print the fake img

And i tried <video><source onerror=”alert(1)”> the payload give my the alert but don’t give my the flag

So i go to read the js code again and search in (( al4y5 Google )) about the Mutation XSS

I find the write-up for XSS in Google and find the payload

<noscript onkeyup=”alert(1)” contenteditable></noscript>

Flag: FLAG{Go0Gl3_XSs_XD}

3- Mystery (Medium)

I’m openning the source code, I find this herf MD5 hash

I tried decode it and I find meaning ( 1 ,, 5 ,, 66 )

So i’m makeing file have MD5 hash from (1) to (100) number and brute-force numbers with burp-suite and check the status (200)

the number 43 with status (200) and with a hash value “17e62166fc8586dfa4d1bc0e1742c08b” find the flag with it

Flag: flag{MD5-N0T-1337}

Digital Forensics

1- Images3c (Easy)

Download the file and unzip

I find this img :

I use the tool name steghide to check if the img have hide file

I find the file but i need pass for read it

I use the StegCracker to read it and use the wordlist handlin to crack the pass

The pass >> 1234

And your hide file name is cyber.jpg.out

Flag: flag{cyb3rs3cisaw3s0me}

Think you for your time

And finally, Thank you to read this writeup :D

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmed Magdy

Interested in infosec || CTF Player || Pentester || Bug Hunter || Security Researcher