# CTF PwnedCR 2022 ###### tags: `ctf` ## Web ### Reto 1: El regalo  #### Solution Using CyberChef we decoded the string from ASCII Base64 into its raw format.  :::success PWNEDCR{venimos_en_paz_ghei@90$#} ::: ### Reto 2: Cryptonita  #### Solution We checked the web page source code to find hidden elements  Using CyberChef we decoded the string from ASCII Base64 into its raw format. First transform  Second transform  :::success PWNEDCR{sector_4_apartamento_65_zona_nuclear_desalojada_5$32@1} ::: ### Reto 3: Tron  #### Solution Using strings, we analyzed the strings on the image.  :::success PWNEDCR{tron_1982_@13km79$fn@} ::: ### Reto 4: Enumérame  #### Solution Using Burpsuite -> Intruder and using a 3 digits wordlist https://raw.githubusercontent.com/danielmiessler/SecLists/master/Fuzzing/3-digits-000-999.txt we found a parameter with the flag   https://ctf.pwnedcr.com/retos/reto4.php?id=126 :::success PWNEDCR{enumerar_no_es_solo_atacar067#h@!} ::: ### Reto 5: Bruto el fuerte  https://ctf.pwnedcr.com/retos/reto5_login.php  #### Solution Using Hydra, with the parameters: hydra -L /home/kali/Desktop/top-usernames-shortlist.txt -P /home/kali/Desktop/rockyou_top-1k.txt ctf.pwnedcr.com https-post-form "/retos/reto5_login.php:username=\^USER\^&password=\^PASS\^&login=:Wrong password" Hydra found many valid password, however, that was because the site returned the value "Wrong username".   So, we checked for a user that only appears one time.  login: admin password: jordan23  :::success PWNEDCR{ataque_por_fuerza_bruta07umr@sf!} ::: ### Reto 6: El silencio de los kiddies  #### Solution :::success ::: ### Reto 7: Siete a cero  #### Solution :::success ::: ### Reto 8: Scripteando  #### Solution Check the source code of the website for a script  :::success PWNEDCR{scripteando_por_la_vida_@$!khj957} :::