Uploaded by Nishtha Munjal

HackQuest 6 Round 1 Report

advertisement
HackQuest 6 Round 1 Report
HACKQUEST 6
ROUND 1 REPORT
Contest Date: - 26th February 2022
CT ID
DT20218168550
Name
Nishtha Munjal
College/University
Institute of engineering and technology
City
Alwar,Rajasthan
Challenges solved & the total score
8
Anything else that you want us to know
HACKQUEST 6 ROUND 1 REPORT
1
HackQuest 6 Round 1 Report
(Copy & paste the table x times if you solved x challenges)
Challenge Title: Octa Game
Flag: HQ6FLAG{1TVVK24VCHVKJ4K6}
Approach (Step by Step):
1. Saw The page source.
2. Noticed a java script validation function stopping the score below 30.
3. Copied the whole move function from the source and paste it in the console of the page
editing the < 30 part to <100.
4. Now the button was allowing to increase the regulator till 100.
5. In the output got the Flag for this challenge.
HACKQUEST 6 ROUND 1 REPORT
2
HackQuest 6 Round 1 Report
Challenge Title: HoneyComb Candy
Flag: HQ6FLAG{B12O1NHX31MW1M09}
Approach (Step by Step):
1.
2.
3.
4.
5.
6.
Opened the challenge.
Saw the generate emoji button.
Generated the emoji
Googled the Unicode id of the emoji
Entered the name of the emoji and its unicode
Got the flag .
HACKQUEST 6 ROUND 1 REPORT
3
HackQuest 6 Round 1 Report
Challenge Title: Office Magic
Flag: HQ6FLAG{RUEZAX2SZ9ZUZA9F}
Approach (Step by Step):
1.
2.
3.
4.
5.
6.
7.
8.
Opened the challenge.
Got a zip file on download
The zip file contains a .pst outlook data file secured by password.
Searched google.
Got a tool named as pstpassword.zip online
Cracked the password of pst file
Scolled down on the file.
Got the flag at the end.
HACKQUEST 6 ROUND 1 REPORT
4
HackQuest 6 Round 1 Report
Challenge Title: Shrewd Cat
Flag: HQ6FLAG{UFRXAVB6Z1N2VK8M}
Approach (Step by Step):
1.
2.
3.
4.
5.
6.
7.
8.
9.
Opened the challenge.
Downloaded the file.
It was a .sql file
On analyzing got the username and password from the tables.
The password was encrypted by wordpress wich is a one way encryption.
Then saw the page source.
Got a hint as a base 64 string
Decoded the string and got the format of the password.
I created a wordlist with the format from the hint given with the help of mp64 tool in kali
linux.
10. Now used the hashcat tool to match the username with the wordlist file.
11. Got a match with Gaikonde.
HACKQUEST 6 ROUND 1 REPORT
5
HackQuest 6 Round 1 Report
Challenge Title: Into The Abyss
Flag: HQ6FLAG{9GG261Y97Y5EN8WY}
Approach (Step by Step):
1.
2.
3.
4.
Opened the challenge.
Got an .mp3 file
When heard found some hint that may be a image id hidden in sound waves.
Used Sonic visualizer tool to ananyse the waves and coagula tool to find the image with
the sound
5. Found the image and used steghide tool to find the flag within.
HACKQUEST 6 ROUND 1 REPORT
6
HackQuest 6 Round 1 Report
Challenge Title: Secure Shell
Flag:
HQ6FLAG{311V4WO4EOTJZVKH}
Approach (Step by Step):
1. After opening the challenge I got a prompt to enter .pem contents.
2. I downloaded the file provided in the challenge and extract the id_rsa key under user
directory.
3. Its in the openssh format and it demand the rsa format. I converted the key using
puttykeygen.
4. After submitting the key I got the flag.
HACKQUEST 6 ROUND 1 REPORT
7
HackQuest 6 Round 1 Report
Challenge Title: Error Machine
Flag:
HQ6FLAG{PBCKIWF100O2QC54}
Approach (Step by Step):
1. After opening the challenge, I got some garbage text.
2. After analysing the text, I found that it is base-64 encoded so I opened up my terminal
and echo that text and piped it to base64 -d
3. After decoding it gives me group of binary text.
4. I performed binary to text conversion and got the string to submit.
5. After submitting I got the flag.
Challenge Title: Metaverse
Flag:
HQ6FLAG{ULK6PPHODNUSRSHU}
Approach (Step by Step):
1. After opening the challenge, I downloaded the files.
2. There are almost 300 directories in the extracted file.
3. And I got an image of elephant.
4. After running the exiftool I got a word “banana” and I use it to extract string in the
elephant image.
5. The string I got from the file was encrypted in rot13 format.and this was the
password.
6. After providing the password in the docx file I got string and I submit that on the
website.
HACKQUEST 6 ROUND 1 REPORT
8
Download