Chovid99

@Chovid99

A Software Engineer who is trying to find a way to change his role to Security Engineer. Currently learning everything about security via CTF. I play Solo.

Joined on Oct 10, 2021

  • I spend my Sunday doing Pragyan CTF 2022. I'm very grateful that I got 17th place even though I play it solo. Below is my writeup for challenges that I solved and don't forget to follow me on Twitter :slightly_smiling_face: Pwn Database Intro We were given a binary, let's decompile it. Below is the main function. void main(void) {
     Like  Bookmark
  • This CTF marked the start of my journey on preparing myself to convert my role from Software Engineer to Security Engineer for the next 4 years. On this CTF, I managed to solve 2 Crypto Challenge Alkoloid Stream (134 pts) GoodHash (218 pts) Today, I will explain my solution on solving the GoodHash. GoodHash (218 pts)
     Like  Bookmark
  • Regexp Challenge We just need to craft manually our regex per level Level 1 \d{8}\D{1} Level 2 ^[1,2,3,4,8,9]\D{1}
     Like  Bookmark
  • Web knock-knock We were given source code like below. const crypto = require('crypto'); class Database { constructor() { this.notes = []; this.secret = `secret-${crypto.randomUUID}`;
     Like 1 Bookmark
  • Web web-intro We were given a flask website, where it only show Access Denied. Checking the cookie, we notice it contains the session. Using flask unsign, we try to bruteforce the secret, and found it. flask-unsign --unsign --cookie eyJsb2dnZWRfaW4iOmZhbHNlfQ.YgY8Ag.brYMgM6ScmEf9me5I0-BKia5QTs flask-unsign --sign --cookie "{'logged_in': True}" --secret 'password' Flag: CTF{66bf8ba5c3ee2bd230f5cc2de57c1f09f471de8833eae3ff7566da21eb141eb7}
     Like  Bookmark