sec👨‍💻fortress:~#

Defensive By Offensive!.

View on GitHub

Ecowas CTF

Category Breakdown

Even though our team didn’t take first place this was an exciting Jeopardy CTF for me because i am more of an Attack-defense person, but this taught me some few things, so i have decided to make a write-up on each and every challenge i solved!! GG <!3

Decode_me

First of all, we are giving a random number to solve

looks like the character has a special number which is 2535, i then decided to decode it with hexadecimal first

and then we got a URL encoded text, decoding the URL encoded text gives us this

Which is a base64 value, let decode it

and then we got a flag

grep

we are asked to download a file

through the name of the challenge, i knew i had to use the CLI tool grep

we got a flag!!

Read Me Please

we are giving a file with text at the top and then empty lines

This is called snow steganography, download this tool on your command line with sudo apt install stegsnow

Now use this syntax on the file and you should get an output

Nice, let keep going, copy the output and paste in Cyber Chef and keep clicking the pen button until you get the final flag

Done !!

xss 101

We are given a website :

After several tests of xss vulnerabilities :

I decided to inspects elements , which going to the sources tab gave me an hint on what to do :

The jquery.min.js file was calling the /win……. directory somehow, so i decided to replace the URL with that :

……..Then we got a Flag

Sentinnelle

We are given an image :

Using image forensics tools like strings, exiftool, steghide, binwalk, bulk extractor, file, foremost, totally gives me nothing

So then i used a tool to bruteforce images called stegseek and got a .wav file

using strings on olympio.jpg.out gives us a a rot47 encoded text at the end of output

Decoding this text gives us a flag

Strings

We are given a file to download :

concatenating out the file gives us a lot of output

As the name of the file implies i used the strings command piped to grep to get the flag

sec-fortress@Pwn-F0rk-3X3C:~/EcowasCTF$ strings strings | grep flag
flag{th4t5_4_l0t_0f_5tr1ng5}

Chevrolet Traverse

We are given a website :

Immediately, my mind went to Path Traversals Vulnerability

We have secrets and almost_there , Nice !! , let us keep going

We then have flag.txt , Let navigate there

Nothing, but viewing page-source gives us a flag

Unix Master

we where given a Netcat Logs to connect to

Connecting seems to gives us some file and a flag.txt file with an asterik in front

After much enumeration, i did ./flag.txt and got a flag

SoppazShoes

We are giving a website :

Decided to make some navigation and i landed on this shoe page

Clicking on each shoes changes the shoe ID number

After much fuzzing, Number 35 gave a clue

Moved to number 40 and things where clicking

Long-Story short, decided to add it to cart then checkout and i got a flag

Thanks for reading, Farewell!!

image