HackQuest 6 Round 1 Report HACKQUEST 6 ROUND 1 REPORT Contest Date: - 26th February 2022 CT ID DT20218168550 Name Nishtha Munjal College/University Institute of engineering and technology City Alwar,Rajasthan Challenges solved & the total score 8 Anything else that you want us to know HACKQUEST 6 ROUND 1 REPORT 1 HackQuest 6 Round 1 Report (Copy & paste the table x times if you solved x challenges) Challenge Title: Octa Game Flag: HQ6FLAG{1TVVK24VCHVKJ4K6} Approach (Step by Step): 1. Saw The page source. 2. Noticed a java script validation function stopping the score below 30. 3. Copied the whole move function from the source and paste it in the console of the page editing the < 30 part to <100. 4. Now the button was allowing to increase the regulator till 100. 5. In the output got the Flag for this challenge. HACKQUEST 6 ROUND 1 REPORT 2 HackQuest 6 Round 1 Report Challenge Title: HoneyComb Candy Flag: HQ6FLAG{B12O1NHX31MW1M09} Approach (Step by Step): 1. 2. 3. 4. 5. 6. Opened the challenge. Saw the generate emoji button. Generated the emoji Googled the Unicode id of the emoji Entered the name of the emoji and its unicode Got the flag . HACKQUEST 6 ROUND 1 REPORT 3 HackQuest 6 Round 1 Report Challenge Title: Office Magic Flag: HQ6FLAG{RUEZAX2SZ9ZUZA9F} Approach (Step by Step): 1. 2. 3. 4. 5. 6. 7. 8. Opened the challenge. Got a zip file on download The zip file contains a .pst outlook data file secured by password. Searched google. Got a tool named as pstpassword.zip online Cracked the password of pst file Scolled down on the file. Got the flag at the end. HACKQUEST 6 ROUND 1 REPORT 4 HackQuest 6 Round 1 Report Challenge Title: Shrewd Cat Flag: HQ6FLAG{UFRXAVB6Z1N2VK8M} Approach (Step by Step): 1. 2. 3. 4. 5. 6. 7. 8. 9. Opened the challenge. Downloaded the file. It was a .sql file On analyzing got the username and password from the tables. The password was encrypted by wordpress wich is a one way encryption. Then saw the page source. Got a hint as a base 64 string Decoded the string and got the format of the password. I created a wordlist with the format from the hint given with the help of mp64 tool in kali linux. 10. Now used the hashcat tool to match the username with the wordlist file. 11. Got a match with Gaikonde. HACKQUEST 6 ROUND 1 REPORT 5 HackQuest 6 Round 1 Report Challenge Title: Into The Abyss Flag: HQ6FLAG{9GG261Y97Y5EN8WY} Approach (Step by Step): 1. 2. 3. 4. Opened the challenge. Got an .mp3 file When heard found some hint that may be a image id hidden in sound waves. Used Sonic visualizer tool to ananyse the waves and coagula tool to find the image with the sound 5. Found the image and used steghide tool to find the flag within. HACKQUEST 6 ROUND 1 REPORT 6 HackQuest 6 Round 1 Report Challenge Title: Secure Shell Flag: HQ6FLAG{311V4WO4EOTJZVKH} Approach (Step by Step): 1. After opening the challenge I got a prompt to enter .pem contents. 2. I downloaded the file provided in the challenge and extract the id_rsa key under user directory. 3. Its in the openssh format and it demand the rsa format. I converted the key using puttykeygen. 4. After submitting the key I got the flag. HACKQUEST 6 ROUND 1 REPORT 7 HackQuest 6 Round 1 Report Challenge Title: Error Machine Flag: HQ6FLAG{PBCKIWF100O2QC54} Approach (Step by Step): 1. After opening the challenge, I got some garbage text. 2. After analysing the text, I found that it is base-64 encoded so I opened up my terminal and echo that text and piped it to base64 -d 3. After decoding it gives me group of binary text. 4. I performed binary to text conversion and got the string to submit. 5. After submitting I got the flag. Challenge Title: Metaverse Flag: HQ6FLAG{ULK6PPHODNUSRSHU} Approach (Step by Step): 1. After opening the challenge, I downloaded the files. 2. There are almost 300 directories in the extracted file. 3. And I got an image of elephant. 4. After running the exiftool I got a word “banana” and I use it to extract string in the elephant image. 5. The string I got from the file was encrypted in rot13 format.and this was the password. 6. After providing the password in the docx file I got string and I submit that on the website. HACKQUEST 6 ROUND 1 REPORT 8