Browse Tag

n00bz

n00bz Level 10

Hacking for n00bz – Level 10

Level 10 has obviously hidden the flag in the sound, but how can we retrieve it?

What kind of sound is this? Sorcery perhaps??

n00bz Level 10

Just like what we have done for the previous levels which require us to analyze a file (e.g. exe, pcap), let’s download the “Flag.wav” file.

Since this is an audio file, you need to use an audio editor software to analyze it. One of the most popular audio editor tool in the market is Audacity. It is a free software that have been in the market for many years, I think I first came across this tool over 10 years ago! Back then, I used this tool to crop ring tones for my mobile phone.

Audacity is very simple to use. You just need to drag and drop the “Flag.wav” file into Audacity to open it. When asked to make a copy or read the files directly, you can choose to make a copy, it doesn’t really matter in our case.

n00bz Level 10

If you have played the audio, you will know that it is basically a very short high-pitch sound. As the program is able to identify/analyse the hertz of the audio file, you will see that it is currently 44,100 Hz. Let’s reduce it to 8000 Hz. Better now? I bet you could already hear something.

n00bz Level 10

To make it even better, you can select on the menu bar, “Effect > Amplify…” to increase the volume of the file. After doing so, you will hear the voice, letter-by-letter, spelling the flag – “infosec_flagis_sound

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz

n00bz Level 9

Hacking for n00bz – Level 9

Level 9 shows a login page, the first thing I do is to view the page source… nothing fishy. What about the cookies? Using Firebug, I checked cookies and for a moment, I thought I see something interesting, a cookie named “lpv12882” which contains a base64 encoded string.

n00bz Level 9

However, upon decoding, I see that it is just the page URL of level 9, which is the challenge we are trying to solve now.

Back to square one, but don’t give up just yet. We can always try harder!

n00bz Level 9

Since the login form mentioned the system name, “Cisco IDS Web Login System”, let’s perform a Google search to see what is its default password.

You can easily find websites which shows you the default passwords for various products, in this case, the Cisco IDS. Based on the website, it seems like we can try following default login,

Username: root
Password: attack

We did it! There, we have the key now. But how do we crack it?

n00bz Level 9

You can try many different methods, trial and error. In this case, if you look carefully, the last 7 letters in the string looks familiar, very familiar… “infosec”, perhaps?

If you run the string “ssaptluafed_sigalf_cesofni” in a string-reverse tool, you will get the flag, “infosec_flagis_defaultpass

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz

n00bz Level 8

Hacking for n00bz – Level 8

In level 8, we are being prompted to download a file called “app.exe” – seems like there is no other choice other than downloading it then.

n00bz Level 8

To be honest, I don’t know what to do with this executable (EXE) file at first also. However, after doing some reading, I learnt a little about reverse engineering and malware analysis. However, thankfully, in this exercise, we don’t have to do all that.

Before we get started, let’s take a look at the different tools which you can use to examine an EXE file,

  • Debugger: view and/or perform step-through on the running state of a program interactively
  • Disassembler: transform the machine code into a human readable mnemonic representation called assembly language
  • Decompiler: revert the process of compilation and turn a program into a structured higher-level language

In this exercise, we just need a debugger. There are several debuggers in the market, such as OllyDbg or WinDbg, both of them are free.

Personally, I prefer to use OllyDbg. This exercise is really simple. All you need to do is open up the “app.exe” file in your OllyDbg program and run it in debug mode (click on “play” button on the top).

n00bz Level 8

There, you see the flag written in ASCII right at the very first line of the program – the flag is “infosec_flagis_0x1a

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz

n00bz Level 7

Hacking for n00bz – Level 7

In level 7, we get a page with error 404 – page not found, with the following text,

n00bz Level 7

Take a look at the page source and its cookies, etc., clearly shows that nothing is fishy here. However, did you noticed that the navigation bar at the top of the page is missing?

You are right, return to previous pages and see, e.g. “/levelsix.php” or “/levelfive.php”; they are all using the same format of URL naming. But this page is named as “/404.php”, which breaks the “trend”.

Let’s try to navigate to “/levelseven.php” and see if there is anything… and there you go! A blank page with the flag depicted clearly on the website status. Can you spot it?

n00bz Level 7

Once again, we can see that the flag is base64 encoded in “aW5mb3NlY19mbGFnaXNfeW91Zm91bmRpdA==”, we can decode it using an online base64 decode tool – “infosec_flagis_youfoundit” is the flag.

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz

n00bz Level 6

Hacking for n00bz – Level 6

For level 6, we were being asked to download “sharkfin.pcap” to hunt for the flag, which means that we should probably be prepared to analyse some network traffic. As hinted by the file name, “sharkfin”, let’s open the file using Wireshark and analyse it.

n00bz Level 6

Usually the first few steps that I would do when I open any pcap files in Wireshark is to take a quick glance at what protocols of network traffic were being captured, then look into the more popular ones such as HTTP or FTP.

In this case, I followed the UDP stream 0 and gotten the following string which is probably the flag,

696e666f7365635f666c616769735f736e6966666564

True enough, it is an encoded hexadecimal flag. Using Hackbar, I did a quick conversion and managed to get the flag for level 6, “infosec_flagis_sniffed”.

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz