IceCTF{Write_up_Stage1_Stage2}

5:15:00 PM Unknown 0 Comments


Stage 1


Spotlight [web-10 pt]
After looking around seeking for the flag ,inspect the element of the web page and the flag is in the console tab .
The Flag is: IceCTF{5tup1d_d3v5_w1th_th31r_l095}


All your Base are belong to us [Misc -15 pt]
Convert the binary to ASCII .
The flag is : IceCTF{al1_my_bases_are_yours_and_all_y0ur_bases_are_mine}

Rotated! [Cryptography 20 pt]
The given text is VprPGS{jnvg_bar_cyhf_1_vf_3?} ,decode the flag with ROT13 algorithm .
The flag is: IceCTF{wait_one_plus_1_is_3?}

Substituted [Cryptography -30 pt]
The title mention a hint to decode the text the "Substitution" algorithm ,easily using cryptool we can 
decode the text
as you can see after decoding the text include some errors and the flag not correct .
Change the "P" letter with "w" and now the flag appears to be correct.


The flag is : IceCTF{always_listen_to_your_substitute_flags}

Time Traveler [Forensics -45 pt ]
After you looking around on the archive.org go back to 1 JUN and the is there .

Scavenger Hunt [Misc -50pt ]
I have downloaded the icectf website from the github (you can find the github link in footer bar 
in the home page of icectf ) then run grep -nr "IceCTF{" 

the flag is : IceCTF{Y0u_c4n7_533_ME_iM_h1Din9}

IRC 1 [Misc -35pt ]


The task mention that "There is someone sharing flags on our IRC" so,we connected to the irc server using irssi 
/connect glitch.is



take a look at the channels available on the server, to do that ,type /list and here we go the flag is there !


The flag is : IceCTF{pL3AsE_D0n7_5h4re_fL495_JUsT_doNT}


Stage 2

Complacent [Reconnaissance -40pt]
There is no valid certification on the website ,open the certificate details and the flag found there .
the flag is : IceCTF{this_1nformation_wasnt_h1dd3n_at_a11}


Search [Misc -40pt]
 Googling a while for the dnslook up and we have found this website http://mxtoolbox.com/SuperTool.aspx
the flag is : IceCTF{flag5_all_0v3r_the_Plac3}


Flag Storage [Web -50 pt]
In the username inject a simple SQLinjection and u get the flag


'or 1=1#



Kitty [web -70 pt]
We retrieved the hash of the admin password from the task description :
c7e83c01ed3ef54812673569b2d79c4e1f6554ffeb27706e98c067de9ab12d1a 
checkout the hash type using duckduckgo

it's Sha2-256 through the md5hashing website we are able to crack the hash .

c7e83c01ed3ef54812673569b2d79c4e1f6554ffeb27706e98c067de9ab12d1a=Vo83*
try now to login to admin session:
 
username:admin , password:Vo83*


0 comments: