Ommi
Home Blogs Writeups About
Ommi

Contents

Bitguard Cybersecurity Hackthon

Om Bhatt included in Writeups
   443 words   3 minutes 
/OmmiBlog/posts/bitguard-cybersecurity-hackthon/bitguard-cybersecurity-hackthon.png

The Capture the Flag (CTF) event organized by Mercer | Mettl spanned two weeks and featured 20 challenges. I successfully solved 15 of these challenges, securing the 37th position in the competition. This CTF, designed for participants at a beginner-to-intermediate level, offered a fantastic opportunity to enhance my cybersecurity skills and explore new concepts.

Challenge 1: Introduction

This was a straightforward sanity challenge. The flag was directly visible in plaintext on the provided website.

FLAG: Flag{this_is_an_example_flag}

Challenge 2: Tic Tac Toe

The challenge involved a simple encryption script in JavaScript. By reversing the script, I decrypted the flag.

FLAG: Flag{XOX_XOX_XOX_is_easy}

Challenge 3: Connect 4

Similar to Challenge 2, this challenge required decrypting an encrypted string using the same method.

FLAG: Flag{CONNECT_MY_$_FORCE}

Challenge 4: Brute ME

Despite the name suggesting a brute-force approach, the flag was hidden in plain sight within the source code.

FLAG: Flag{Dolphin_is_not_the_password}

Challenge 5: Android

This was a new area for me, but after some research, I used a keytool command to extract the flag from the alias name in an APK file.

FLAG: flag{apk_is_mine}

Challenge 6: ICANN

The challenge hinted at DNS records. By inspecting the TXT record of the challenge’s domain using dnschecker.org, I found the flag.

FLAG: Flag{WHAT??_this_is_my_DNS}

Challenge 7: Google

Although I couldn’t solve this challenge, I suspect that modifying the User-Agent string to “Googlebot” would have worked.

Challenge 8: i-Robot

This challenge was centered around the robots.txt file. I navigated through the site’s directories and solved a CAPTCHA to retrieve the flag.

FLAG: Flag{You_are_a_Noble_HUMAN}

Challenge 9: BrainDuck

By using a BrainFck compiler from dcode.fr, I decoded the flag from a BrainFck script.

FLAG: Flag{Brain_Duck_WTF}

Challenge 10: URL

I noticed a “page=3” parameter in the URL. Changing it to “page=0” revealed the flag.

FLAG: Flag{ZERO_based_indexing}

Challenge 11: Country

I identified the country associated with a hash using VirusTotal and guessed the flag correctly.

FLAG: flag{india}

Challenge 12: Maybach Shenanigans

This steganography challenge involved extracting hidden data from a PNG file using stylesuxx.github.io/steganography/, which led to a base64-encoded URL and ultimately the flag.

FLAG: flag{b3tter_b3_r3ady}

Challenge 13: QR Code

I used an Imgur link provided in the challenge to retrieve an image containing a QR code. Scanning the code using zxing.org revealed the flag.

FLAG: Flag{aGVsbG8gd29ybGQ=}

Challenge 16: Dr. Strange

This challenge required exploiting a PHP command injection vulnerability in the date command. By carefully crafting a payload, I managed to read the flag file.

FLAG: flag{1ts_t1me_t0_ge4r_up}

Challenge 17: Tor

I explored the TOR network and identified a relay’s fingerprint to obtain the flag.

FLAG: flag{94.130.89.176:9030}

Challenge 19: S3

Using AWS CLI, I enumerated an S3 bucket and discovered the flag in a text file.

FLAG: Flag{S3S3S3S3S3S3S3S3S3S--Symmetry--3S3S3S3S3S3S3S3S3S3S3S3}

Updated on 21-06-2024
Back | Home