# My first HackMD note (change me!) yosra NABI E4 DAD B ces labs ont été effectués sur la plateform: CTFLEARN ### lab 1: Forensics 101 la réponse de flag est : flag{wow!_data_is_cool} ``` ┌──(osboxes㉿osboxes)-[~/Downloads] └─$ strings 95f6edfb66ef42d774a5a34581f19052.jpg| grep { L{2^ [P{! {~T{@ we|C{ v{*{8 flag{wow!_data_is_cool} AG{u ``` ### lab 2 : Pho is Tasty la réponse de flag est : CTFlearn{I_Love_Pho!!!} la commande que je l'ai lancé est ``` ┌──(osboxes㉿osboxes)-[~/Downloads] └─$ xxd Pho.jpg | head -n 10 00000000: ffd8 ffe0 0010 4a46 4946 0001 0100 0001 ......JFIF...... 00000010: 0001 0000 ffe3 006f 5361 6d73 756e 6700 .......oSamsung. 00000020: 5361 6d73 756e 6720 4761 6c61 7879 2053 Samsung Galaxy S 00000030: 3820 436f 6c6f 7220 5061 6c65 7474 653a 8 Color Palette: 00000040: 1d09 4304 1554 0206 4614 0d6c 160e 6506 ..C..T..F..l..e. 00000050: 1961 171f 721b 186e 010c 7b04 0749 0f03 .a..r..n..{..I.. 00000060: 5f02 0e4c 1618 6f1f 0476 190c 651f 065f _..L..o..v..e.._ 00000070: 1801 5011 1068 1314 6f1a 0221 0402 2113 ..P..h..o..!..!. 00000080: 1421 0b14 7dff db00 8400 0808 0808 0808 .!..}........... 00000090: 090a 0a09 0c0d 0c0d 0c12 100f 0f10 121b ................ ``` ### lab 3 :SQl ingestion la réponse est : CTFlearn{th4t_is_why_you_n33d_to_sanitiz3_inputs} ``` Original Query: SELECT * FROM webfour.webfour where name = '$input' Your Resulting Query: SELECT * FROM webfour.webfour where name = '' or '1' = '1' Name: Luke Data: I made this problem. Name: Alec Data: Steam boys. Name: Jalen Data: Pump that iron fool. Name: Eric Data: I make cars. Name: Sam Data: Thinks he knows SQL. Name: fl4g__giv3r Data: CTFlearn{th4t_is_why_you_n33d_to_sanitiz3_inputs} Name: snoutpop Data: jowls Name: Chunbucket Data: @datboiiii ``` ### lab 4 :Character Encoding Il s'agit d'une conversion de hexadecimal en texte Hexadecimal : 41 42 43 54 46 7B 34 35 43 31 31 5F 31 35 5F 55 35 33 46 55 4C 7D Text : ABCTF{45C11_15_U53FUL}