UIT W4nnaW1n for newbies

# UIT W4nnaW1n for newbies ## Forensics - External Feature ### Level: Medium File: https://drive.google.com/file/d/1YYMldQ4gX8PMhjRDmJdP3Kk8BCohtxDf/view?usp=sharing -So as for the tittle of the challenge its about "External Feature" also its give me the zipped file contains a chrome's data of a user so I think thats the Challenge its told us to look in the extension folder. -If you're farmiliar with chrome's extension, you'll know where the extension will be stored, if not you can search for it ![image](https://hackmd.io/_uploads/Hy4qjhFET.png) -So I checked the extension folder and this is what I found ![image](https://hackmd.io/_uploads/Hy4g62K4T.png) There are 5 extensions, so I check all of them and one by one then I found some thing quite suspicious ![image](https://hackmd.io/_uploads/ryygkpYNp.png) ![image](https://hackmd.io/_uploads/BJx6C3tN6.png) ![image](https://hackmd.io/_uploads/SkvT1qhNT.png) There is something isn't right about this function, beside from continuing the program there is a function that send your username and password to another program ![image](https://hackmd.io/_uploads/Bka6WcnE6.png) continue reading the source file you can see that the Dec() function XOR the string with API key then send it to somewhere else. ![image](https://hackmd.io/_uploads/rkI0WqhNp.png) So in order to find the flag we just have to decode the string from base64 then decrypt it. ![image](https://hackmd.io/_uploads/H1mE75nEa.png) ## Flag: W1{s1mpl3_d4t4_3xf1ltr4t10n_v14_t3le}