WWHF Pre-con Flash CTF - Writeup

WWHF Pre-con Flash CTF - Writeup

This Flash CTF was part of WildWest Hacking Fest - Deadwood 2022, it was simple and beginner level ctf just before the conference start. CTF was from October 12 to 13th Midnight IST. Here is the write-up for the challenge I solved.

Corruption - Forensics

Challenge file: Corrupted.png

As mentioned in the challenge the given was corrupted and it couldn't be opened in the image viewer. Checking the file type is pdf, and modifying the file type will give you the flag.

Legit Password Generator - Reconnaissance

https://legitpasswordgenerator.metacorp.us/

Challenge was given with weblink under the category of reconnaissance after searching for DNS records and others, SSL Certificate was the only place that had a lead.

credentialparadise.pxcpxbq7n56jkqj4.metacorp.us

Visiting the new page will have list all the records and flag.

Interactive Protection - Web Exploitation

http://host3.metaproblems.com:5990/

By accessing the flag, and through headers, we will get to know its python based application and possibilities are it could be a flask or Django server. So searching for debug mode for error type. Exploiting the login page with SQL injection to throw an error, which it did.

Through the error debug page, we can start a interactive terminal to debugger mode which help to check the value for credentials and that can be used for logging in and finally flag.

username: 1' or 1=1 – password: password

That's all for this CTF, will see you soon in the next writeup!