# ShaktiCTF2024 WRITEUP # INTRODUCTION Hey there, fellow hackers! I'm cyb4x, and I'm on a mission to transform my passion for hacking into a full-fledged career as a Red Teamer. To kickstart this journey and put my skills to the test, I decided to take on the challenges of ShaktiCTF2024(**8-09 March 3:30PM**).Join me as I recount the twists and turns, the victories, and the lessons learned during my expedition into the world of ShaktiCTF2024. # WEB EXPLOITATION I explored web challenges where I uncovered sneaky website secrets. From deciphering code tricks to finding hidden loopholes. ## 1. Delicious The adventure began with the first challenge called "Delicious." As soon as I fired up the instance, I was handed a link to our sweet little challenge. Eager to kick things off, I clicked on the link, ready to unravel the secrets that awaited me.  ### Unveiling the Challenge  Upon opening the link, I was greeted by a page adorned with a tempting cookie photo and the teasing text, "Delicious, isn't it?" Intrigued, I took a peek at the page source but found no immediate clues. Determined to uncover the magic behind the scenes, I fired up Burp Suite to intercept the requests, hoping to get a closer look at the inner workings and discover potential vulnerabilities to exploit. Time to play detective with the web traffic! ### Decoding the Sweet Clues  With Burp Suite in action, I intercepted the requests and sent them to the repeater. Zeroing in on the cookie, I noticed it was base64 encoded – a promising lead! I highlighted the encoded text, prompting Burp Suite to automatically decode it, revealing the sweet secrets hidden within. The inspector pane became my ally, unveiling the mysteries behind the scenes. Time to savor the taste of success! ### Cracking the Cookie Code  In the inspector pane, the decoded cookie spilled its secrets – a base64 encoded string with a cheeky twist: {"admin", 0}. With a grin, I realized the challenge was as good as conquered. As they say in the hacking world, "If you know, you know." Now that I had the magic words, it was time to finish the challenge. ### From 0 to 1 Embracing the hacker's intuition, I boldly flipped the admin value from 0 to 1, encoded it back into a cookie, and voilà! With this trick up my sleeve, I unleashed the modified cookie into the challenge.  The flag waved high, declaring victory on my digital conquest. As they say, "Changing a zero to a one can make all the difference." And with that, another challenge bit the dust – hacking, decoding, and laughing my way to success, one byte at a time!  ### More and more Great! We're just getting started. The cyber universe is vast, and more challenges await your conquering spirit. Join me as we embark on a thrilling journey through the next set of challenges. ## 2. Find the flag Within the realm of web exploitation, our journey led us to a new instance armed with an intriguing attachment – presumably the source code. A white-box penetration testing adventure awaited, and with the source code in hand, the stage was set for a deeper dive into the secrets that lay ahead. Let's unravel the puzzle and discover what awaits us in this challenge!  ### Adventure Begins  As I stepped into the "Find the Flag" challenge, the initial tease of "find the flag" greeted me on a seemingly innocent webpage. My first attempt at snooping around the usual suspects like cookies came up empty-handed. No worries, though – with my "source code reviewer" hat securely in place, I dove into the code like a detective in a crime scene, ready to catch any clues hiding in plain sight. ### Unraveling the Web of Code  Delving into the depths of the "Find the Flag" challenge, the source code revealed a Flask application, aptly named main.py. The code hinted at a dynamic process, with a command executed based on the '**test**' parameter from the URL. It seemed like we had a wild card here! As the Flask app executed a "find" command, I couldn't help but think, "Looks like it's hunting season for our elusive flag!" Time to outsmart this code and maybe share a chuckle or two along the way! ### Crafting the Digital Safari Armed with a virtual machete (curl command), I ventured into the code jungle of "Find the Flag." Recognizing the vulnerability in the 'test' parameter-accepting command, I meticulously crafted my curl command, ready to see if this Flask application would reveal its secrets.I began with a cautious step. Crafting a curl command to send 'test' as the value for the 'main.py' parameter.The cyber-arena echoed with a victory cry as my initial curl command confirmed the existence of 'main.py.'  ### Strike One I seized the opportunity to exploit the command injection vulnerability laid bare by the source code.Embracing the art of cyber manipulation, I tactically terminated the initial find command using the notorious ";" and seamlessly appended the 'ls' command to my payload. With this calculated move, my payload now read: ;ls for the 'test' parameter.I eagerly awaited the outcome – a dance of directories and files, perhaps revealing the elusive flag hidden in plain sight. Let the cyber chess game continue!  ### Claiming Victory So, here's the thing – I tweaked my command a bit, added '**;cat flag.txt**' and boom! The magical flag.txt spilled its secrets. It was like finding treasure in a digital scavenger hunt. With a grin on my face and a virtual victory dance, I can proudly say I nailed the "Find the Flag" challenge. One small step for me, one giant leap for my cyber-adventure! 🚀😄  ## 3. Ultimate Spiderman Fan  ### Balancing Budgets and Unveiling Surprises Upon clicking the provided link, we entered the Spider-Man Merch Shopping Portal, a digital marketplace featuring a variety of Spider-Man merchandise.  As we explored the portal, we encountered intriguing items for sale, including the elusive Spider Surprize priced at $5000. However, with our current balance standing at $3000, acquiring the Spider Surprize seemed challenging. ### Unveiling the Spider-Merch Secrets In the quest for Spider-Fandom supremacy, our first move involved delving into the Spider-Merch Shopping Portal's intricacies. Despite initial attempts at exploring the page source and brute-forcing hidden directories yielding no results, we adopted a hands-on approach. By attempting to purchase items we initiated a journey to unravel the mysteries of the portal's inner workings. An option surfaced in the form of the Web Bomb, priced at $1000. The first step involved assessing our budget constraints and exploring potential strategies for navigating the portal to achieve the goal of becoming the Ultimate Spider-Man Fan.  ### A Sneak Peek Behind the Spider-Merch Code In my relentless pursuit of Spider-Fandom glory, I opted for a fresh perspective on unraveling the Spider-Merch Shopping Portal's secrets. Steering away from the conventional Burp Suite method, I turned to the inspect tool in the network tab. With a click on the buy button for the enticing Web Bomb, a cascade of requests unfolded before us. This alternative approach allowed us to peek behind the code, providing a firsthand look at the intricate workings of the portal  ### Decoding the Web Bomb By executing the purchase of the tantalizing Web Bomb, a crucial revelation emerged—the POST request to the elusive /buy endpoint. With a keen eye and determination, we seized the opportunity to open and dissect this critical request.  In my relentless quest to master the Spider-Merch Shopping Portal, a new chapter unfolded as I ventured into the realm of POST request manipulation. Armed with the discovery of the crucial /buy endpoint, I embarked on tweaking the Web Bomb's purchase request before hitting that coveted "resend" button.  ### Hacking the Web Bomb In our relentless pursuit of Spider-Fandom supremacy, a breakthrough emerged as we delved into the intricacies of the Spider-Merch Shopping Portal. Noticing the product ID in the POST request and realizing it represented the Web Bomb, we decided to shake things up. By changing the product ID to 4, corresponding to the Spider Surprize, we aimed to swing our way to greater victories.  Taking a closer look at the request cookie, which revealed itself as a JWT token,  we seized the opportunity to decode it using the jwt.io online tool.  ### Web Bomb Heist In my daring exploits within the Spider-Merch Shopping Portal, a cunning move unfolded as we turned our attention to the mysterious cookie payload. Dissecting the payload revealed an "amount" field, initially set at 1000. With the Spider Surprize priced at $5000, we hatched a plan: boldly changing the amount to match the coveted price tag.  Employing our newfound knowledge, I deftly encoded the modified payload and fearlessly replaced the existing cookie  ### Claiming the Flag In the climactic finale of our Spider-Merch conquest, a triumphant moment unfolded as I courageously manipulated cookies, altered the payload, and set our sights on the elusive Spider Surprize. With bated breath, I clicked the **/checkout** , and there it was – the ultimate reward, our flag, waving in digital triumph!  *These web exploitation challenges provided a great learning experience. However, these were just a few in the realm of web exploitation. Let's now explore other intriguing categories and broaden our knowledge.* # CRYPTOGRAPHY Welcome to the fascinating world of cryptography challenges! If you thought unraveling the mysteries of the web was fun, get ready for an exhilarating journey through the art of secret codes. Let's dive into the cryptographic wonders together! ## 1. Flag Expedition  Welcome to the intriguing realm of cryptography, brave explorer! In the "Flag Expedition" challenge, you're on a quest to crack cryptographic mysteries hidden within an attachment. Opening the attachment was my first step in unveiling the secrets of the "Flag Expedition" challenge. ### The Cipher Safari Begins As the intrepid explorer opens the mysterious attachment, a visual revelation unfolds. Analyzing the image, a realization dawns: it's a collection of Signal Code Flags.  ### Signal Code Flags **Signal Code Flags** are a set of distinct maritime flags, each assigned a specific meaning, used for communication between ships or between a ship and a shore facility. These flags are part of the International Code of Signals, a standardized system that enables vessels to convey messages with clarity and precision. ### Decoding the Maritime Cipher As our cryptographic journey progresses, the explorer delves into the symbolic representations of Signal Code Flags. These maritime flags, with their unique visual language, carry hidden messages within the cryptographic puzzle. By exploring their representations [here](https://www.allstarflags.com/facts/signal-code-flags/), our adventurer gains insight into the maritime cipher, steering closer to unraveling the concealed meaning.  ### Discovering the Flag Through meticulous exploration of Signal Code Flags, our intrepid adventurer deciphers the hidden message concealed within the cryptographic puzzle. Rearranging our letters to form a meaningful word and employing the maritime cipher's insights, the triumphant moment arrives, The flag emerges as a testament to the successful navigation through the maritime language, marking a pivotal chapter in our Crypto Chronicles saga.  # REVERSE ENGINEERING In the realm of Reverse Engineering challenges, I navigate the intricate world of binary puzzles, unraveling the encrypted mysteries within software and executables. Armed with disassemblers like Cutter. ## 1. Warmup rev Stepping into the reverse engineering arena with the challenge named Warmup_rev, my first move was to download the mysterious attachment.  ### The Enigmatic ELF File So, I stumbled upon this intriguing ELF file in the CTF arena. The first move? Naturally, check its pulse with the 'file' command. Aha! It's an ELF, but what's inside? Time to make it dance with 'chmod +x filename' to bring it to life.  ### The Prompt Speaks Executing the file prompted a challenge: "Enter the flag." The race was on to figure out what this elusive program desired. What kind of flag was it looking for? Since it tells us "Oops, that's not the correct flag".  ### Unveiling Secrets with Cutter To dissect the program's mind, I turned to Cutter, a nifty disassembler. Within the main function, I stumbled upon a peculiar discovery – words that seemed to be playing hide-and-seek in reverse. Could this be the missing piece? Lets see..  ### Decoding Reversed Words The plot thickened as I noticed words flipped backward, like a coded language waiting to be deciphered. To crack the case, I needed to reverse each word and arrange them in the correct order. It was a bit like unscrambling a sentence.  ### Crafting the Python Spell With my coding wand (keyboard, really), I conjured a Python script to work its magic. The script gracefully flipped the words and assembled them in a way that made sense.  With a simple execution of the script, the veil was lifted. The reversed words unfolded into a secret phrase – the elusive flag. It was as if the code itself had whispered the answer in my ear.  Armed with the flag, I proudly submitted my solution. Another CTF challenge conquered! The journey from a mysterious ELF file to a deciphered flag showcased the beauty of reverse engineering and the joy of solving coding puzzles.  # MISCELLANEOUS The Miscellaneous Challenges within ShaktiCTF2024 served as a welcomed breath of simplicity amid the more intricate tasks. Characterized by their beginner-friendly nature, these challenges provided participants with straightforward tasks. ## 1. Participant Survey Tasked with providing feedback on the overall competition, we embraced the simplicity of this noob-friendly challenge.  By filling out the Google Form and sharing our thoughts on the adventure, we smoothly sailed through the survey. Upon submission, a digital fanfare echoed – our flag unfurling proudly as a testament to our participation.  ## 2. Feedback The Feedback Challenge emerged as a straightforward yet insightful endeavor. We were tasked with sharing our perspectives on the challenges and organizer support through a humble Google Form.  Upon the completion and submission of this constructive feedback, the digital horizon celebrated our triumph with the unveiling of a flag  # CONCLUSION As we conclude this journey, let the lessons learned echo in our virtual halls. May the flags we've captured and the challenges we've overcome fuel our passion for continuous learning and drive us to new heights in the ever-evolving landscape of cybersecurity. Until the next challenge beckons, happy hacking, and may your code always run flawlessly! 🚀🔐