Thursday 31 October 2013

EMCDefendersleague2013 week-1 challenge-5 solution

Files can be downloaded from here :  https://db.tt/s2niLU2s
Challenge-5

Question : Mr. H4x0r has intercepted an attack by his friend on a website. Help Mr. H4x0r to obtain the admin password of the website from the attack log.


Hint 1:SQL Injection

Hint 2:Hash Cracking

file name : Contest5.sample

First thing to do is use file command..
result : data file

hence we know that its a data file now.opening it in gedit or notepad++ will tell you that its a log file of sql injection.

Scrolling down till the end you will find this :

Firstname::isf:1pvyjsradminpvyjsrpvyjsrs@s.compvyjsradminpvyjsradminpvyjsr2a9a4d20c6fdafa8917c8e7c3f63733fpvyjsr2013-07-22 07:43:09pvyjsr0pvyjsr:tlf:

from this we come to know that the password hash is : 2a9a4d20c6fdafa8917c8e7c3f63733f and its a md5 hash too..
A google search will give you the flag for this : 

the flag is cHDiN

EMCDefendersleague2013 week-1 challenge-4 solution

Files can be downloaded here : https://db.tt/s2niLU2s
Challenge-4

Question : Mr. H4x0r managed to sniff the HTTP traffic of his nemesis, however he is unable to figure out the credentials used by the victim to access the protected webpage.

Help Mr. H4x0r to figure out the credential for accessing the protected page.

Hint 1:Base

Hint 2:Julias Caesar

Basic thing is ?
Do a file command on the file 
result ; Contest4.sample: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)

What is the inference?
It says its a tcpdump. Hence wireshark is what you should look for.

opening it in wireshark will give you this :

lookin at the tcp dump you can analyze that the user was trying to get admin access..In the first try he used admin:1234 where it failed later he got admin access using the Credentials: nqzva:jQCNniEvTX
Now we got into the first level next as the hint says its Caesar encryption.

EMCDefendersleague2013 week-1 challenge-3 solution

File can be downloaded here : https://db.tt/s2niLU2s

Challenge 3 :
question : Everybody loves HTML. It’s good looking and all sources available. View the source, find the answer and impress us!

Hint 1:Decode and find the logic.

file name : Contest3.sample.gz

I hope you remember from my last post how to decompress a gzip file 
gzip -d Contest3.sample.gz will give you the file.

doing a file command on extracted file will tell us that its a HTML document.
file Contest3.sample
result : Contest3.sample: HTML document text

so replace Contest3.sample to Contest3.html
opening it in browser gives you this : 


the logic is to do a arithmetic calculation of a number and the result to be zero.meaning 30-10-10-10=0 ,it can be anything it can be 40-20-10-10 also

EMCDefendersleague2013 week-1 challenge-2 solution

This is a continuation of my previous blog.This is about week-1 challenge-2.

File for this challenge can be downloaded here : https://db.tt/s2niLU2s

Challenge-2

question : While performing an incident response, the team obtained a rather strange looking file. We need help in analyzing its content.
file name : Contest2.sample

This is about Firmware analysis.
doing a file command on Contest2.sample.gz shows us that its a .gzip (file Contest2.sample.gz)
result : Contest2.sample.gz: gzip compressed data, from Unix, last modified: Thu Sep 12 14:18:08 2013, max compression

hence we do gzip decompression using the command
gzip -d Contest2.sample.gz
you will get the real data file which has to be firmware analyzed.


commands after you put this package into your Linux desktop:
Step 1 : tar -zxvf binwalk-1.2.2-1.tar.gz
step 2 : cd binwalk-1.2.2-1
step 3 : cd src
step 4 : chmod +x debian_quick_install.sh
step 5 : ./debian_quick_install.sh
step 6 : open a new terminal and type  binwalk -e Contest2.sample(this file is after decompression)
step 7 : cd _Contest2.sample.extracted/
step 8 : cat 1*

There you go you find the flag?

scroll down a bit you can see this :
Here you go: IhPEvuAKhEVMyJFCFPyN

the flag is IhPEvuAKhEVMyJFCFPyN

EMCDefendersleague2013 week-1 challenge-1 solution

Hi, this is my first write-up on CTF , hope you like it.

This is a recent CTF called EMCDefendersLeague2013 . It was nice playing the CTF. An Indian style CTF and only for Indians :-p

Anyway lets get to job. There were 3 weeks.each week has a difficulty rating,week-1 was beginner and week-2 is intermediate and week-3 was hard.Today am writing only on week-1,later i will be writing on week-2 challenges. Now lets begin!!!

All files for week-1 challenges can be downloaded here  :  https://db.tt/s2niLU2s
Week-1

Challenge-1 :
Debug Debug Debug
file name : Contest1.sample

Running the file in wine would give the flag.According to my analysis it would be because of the library which is missing in windows.Am not sure but if you run the file in wine you would be getting the flag.

Check this out :


For those who don't know about wine : http://winetools.org/
you can install it in your Linux system by just opening a terminal and typing apt-get install wine