DEV Community: zoey

CyberSoc | Cyber Detective CTF

zoey — Mon, 20 Sep 2021 15:04:58 +0000

Cyber Detective CTF is an OSINT-focussed CTF created by the Cyber Society at Cardiff University. There are 40 challenges across 3 streams : General Knowledge, Life Online and Evidence Investigation.
Link to the Website : https://ctf.cybersoc.wales/challenges

Stream : General Knowledge

OSINT....
Its an acronym you might have heard before, but what could it mean?

Ans : Open Source Intelligence

hush

It keeps all of your private information safe as it swirls through the internet, what does HTTPS stand for?

Ans: Hypertext Transfer Protocol Secure

ported

Your computer gives a 'port' to applications that need to access a network. What is the port number of HTTPS?

Ans : 443

sluggish

A third of the internet is vulnerable to it [sorry Apache :-( ].
Its an attack on web servers which requires minimal bandwidth but can bring a server to its knees by opening loads of connections and keeping them alive with tiny amounts of data.
What is it called?
Hint: the name of a certain animal is a part of the word.

Ans : Slowloris

wifilock

Your wifi box at home uses it to stop nosy neighbors from trying to steal your internet connection so they don't have to pay for their own.
It can even stop someone from parking outside your house and hoovering up all of that sensitive data flying through the air.
Its the worlds most popular way to protect a wireless access point, but what acronym is it known by?

Ans : WPA2

fishy

It can sniff anything travelling along a wire. Mouse clicks. Keyboard taps. Your password. Your credit card number. That message you didn't want anyone to see...
The worlds most popular protocol analyser. What's it called?

Ans : Wireshark

iknowyourname

It is a website which allows you to view a worldwide map of wireless access points / wifi routers.
They can be filtered by name, the time of capture and more.
What is the name of this online service?

Ans : Wigle

urlsafe

It is a way of taking binary data and turning it into text so that it's more easily transmitted in things like e-mail and HTML form data.
It's a textual encoding of binary data where the resultant text has nothing but letters, numbers and the symbols "+", "/" and "=".
It turns hello*world# into aGVsbG8qd29ybGQj
What is the name of this encoding method?

Ans : base64

outinthestreets

Its the tool by one of the world's largest tech firms which lets you see what its like to stand on the streets anywhere on planet Earth... yet we bet the first place you looked at was your own house.
What is this tool called?

Ans : Google Streetview

bleepbloop

Its a globally recognized way of broadcasting SOS. It can manifest as flashes of light, beeping, knocking, writing and more in order to broadcast individual letters which are joined together by the recipient to make meaningful sentences.
.... . .-.. .-.. ---
What is the name of this particular code?

Ans : Morse

CyberSoc | Cyber Detective CTF

zoey — Sat, 18 Sep 2021 17:20:07 +0000

voteforme

https://twitter.com/jammymarkson
You'd have thought politics was a bit of a dry subject; not for some.
What US political party does James over here support?

Ans : Look for the party the James is interested in. Barack Obama was in this party.

growingup

Where did James spend his childhood?

Ans : go to what3words.com and in map search for ///push.asking.barn.

choochoo

We need to make sure James is far away when we try and break into his house.
In what city does James work?

Ans: James colleague George is going to attend a party in this city with Sarah. The party will be hosted by Pearce Rees.

suntan

People love telling the world about their holiday, but is this really a great idea?
What CITY is Sarah going on holiday to at the end of February?

Ans : go to the likes section of James Profile, you will find Sarah. The Holiday picture is of Ferry Elizabeth Quay. The city name is the answer.

wagthetail

The team has been trying to work out where Person of Interest, Sarah, walks her dog. This is part of building up a profile of her movements.
Can you have a look to see if you can find the TOWN in which Sarah tends to take the dog out to?

Ans : In the bio there is Buster's favorite place. The google map will tell the place.

narcissism

There's a new Person of Interest, George something or other.
Can you find anything interesting on him? Something he perhaps thinks you can't work out?
Take a look.

Ans : decode aW1hbWF6aW5nMTIz using base64

proppedup

We've obtained what we believe to be an office CCTV camera feed.
We have reason to suspect that it is overlooking one of the work desks belonging to one of our targets.
Can you confirm the COLOUR of the DESK SURFACE and the COLOUR of the DESK LEGS, just so we can be sure of what we're seeing and task the reconnaissance team further.
Enter the flag as: (SURFACE COLOUR) (SPACE) (LEGS COLOUR)

Ans : Pearce Rees twitted about the debit card left on the table
(color of desk) (color of legs)

bluengreen

James has a habit of getting in the way of things ;).

Ans : the clue is in the header_photo meaning the blue-green eyes

clockingout

We're trying to plan when is best to break into James' house to plant a bug.
What time does he start work? (UK time).

Ans : Unsolved

meme

We've been watching a bloke called George recently, you might have already done some work on him.
He's not that smart by the looks of things, could be a good person to look for a social media presence on.
In particular, we're after an access key for a program his company uses so that the team can ex-filtrate information to aid with our ongoing fraud investigations.

Ans : The Access Code is in the meme

partytime

Our intelligence analysts have reported that a whole bunch of our targets are having a party together on a Saturday night soon.
We want to deploy agents to see whats going on, but we can't risk blowing our cover turning up in a car. The road is pretty quiet and the property has very clear view of its surroundings, our reports suggest.
Find the location of the party and the best BUS ROUTE NUMBER to reach the party from Principality Stadium, Cardiff - where the surveillance team will be deployed from.
This sounds silly but we need to blend in with the public. The stakes are high.
Enter the BUS ROUTE NUMBER you think is best for this situation.

Ans : look for the bus route number from Principality Stadium, Cardiff to 159 Llanedeyrn RdCardiffCF23 9DW . The answer will be one from (27, 95 and X1).

leaveamessage

Our analysts have been trying to get proof of a target's phone number.
We want to move ahead with the arrest but we must get evidence that the phone number we've got is indeed theirs. We need to be sure.
Due to the highly sensitive nature of the case, we cannot confirm the target's name with you at this time.
Please have a look to see if you can find their phone number.
When you call the target's number what are the LAST THREE WORDS you hear (you can also just enter the phone number as your answer and that is fine as well)?

Ans : Unsolved

CRYPTOHACK Challenges

zoey — Sat, 11 Sep 2021 17:42:54 +0000

CRYPTOHACK is a free platform to learn and practice cryptography. The challenges are grouped into 9 sections, from introduction to misc.I enjoyed solving the problems.
Link to the Website : https://cryptohack.org/

Here's how I solve the Introduction section:

Finding Flags Each challenge is designed to help introduce you to a new piece of cryptography. Solving a challenge will require you to find a "flag".

These flags will usually be in the format crypto{y0ur_f1rst_fl4g}. The flag format helps you verify that you found the correct solution.

Try submitting this into the form below to solve your first challenge.

Ans : The flag is available in the description

Great Snakes Modern cryptography involves code, and code involves coding. CryptoHack provides a good opportunity to sharpen your skills.

Of all modern programming languages, Python 3 stands out as ideal for quickly writing cryptographic scripts and attacks. For more information about why we think Python is so great for this, please see the FAQ.

Run the attached Python script and it will output your flag.

great_snakes.py

Ans : Download the file and run it using python3 python-file.py

Network Attacks Several of the challenges are dynamic and require you to talk to our challenge servers over the network. This allows you to perform man-in-the-middle attacks on people trying to communicate, or directly attack a vulnerable service. To keep things consistent, our interactive servers always send and receive JSON objects.

Python makes such network communication easy with the telnetlib module. Conveniently, it's part of Python's standard library, so let's use it for now.

For this challenge, connect to socket.cryptohack.org on port 11112. Send a JSON object with the key buy and value flag.

The example script below contains the beginnings of a solution for you to modify, and you can reuse it for later challenges.

Connect at nc socket.cryptohack.org 11112

telnetlib_example.py

Ans : In this challenge we need to replace the {"buy" : "clothes"} with {"buy" : "flag"} . Then run the python script using python3 python-file.py

My Documentation

zoey — Sat, 11 Sep 2021 17:18:21 +0000

Learning is a continuous process. It feel nice to look back to old papers and notes when you feel low . I will keep this as a reminder and hope someday someone will benefit from "My Documentation".
Content -- Solved Challenges and analysis