“Why?” Challenge: CTF Write-Up
This is my first-ever CTF write-up/walkthrough on a cyber security challenge.
About Challenge:
Difficulty: Medium
It is a web security challenge that includes the basics of steganography and cryptography.
There are a total of 4 ‘Checkpoints’ need to be found.
A Docker image has been provided. Run it and access it.
Run directly through the commands:
docker pull jogij62/why-challenge:1.0
docker run -p 5000:5000 jogij62/why-challenge:1.0It can be accessed on localhost:5000 or docker-ip:5000
Docker Link: https://hub.docker.com/r/jogij62/why-challenge
Created by: ghost virus (Github)
Walkthrough begins:
hunt for Checkpoint 1-
Open http://127.0.0.1:5000/ on your Firefox or preferred browser.
On the website, right-click anywhere on the page and select Inspect or Inspect Element.
And then go to Style Editor bar.
Uncomment the background image line and view the image.
Download the background image.
ExifTool is a powerful command-line utility for reading, writing, and editing metadata in various file formats, including images, videos, and PDFs.
Run the Exif tool on this image.
exiftool background.jpg
Now, you can see Checkpoint 1 in the comment field of the metadata result. Congratulations on capturing the first Flag.👏
hunt for Checkpoint 2-
Open http://127.0.0.1:5000/whydiary on your Firefox or preferred browser.
Click on Help me… page.
Now, we get a Morse code here.
….- … — -…. — -.. -…. ….. -…. … — -…. -… — … — — — -…. ..-. -…. — — . -…. . — … ….- .. — — — — — … — .. — — … — .- .. — — — — — ….- -.. — … — — . .. — — — — — -…. -.-. -…. — — . -…. -…. -…. ….. .. — — — — — .. — — .. — — ….. .. — — -…. ….. -…. -…. -…. -.-. -…. ….. -…. … — — … ….- -…. ….. -…. ….- .. — — .. — — .. — — — — — -…. .. — — -…. ….. -…. -…. -…. ..-. — … .. — — -…. ….. .. — — — — — -…. -.. — … — — . .. — — — — — -…. ….. — … — — . -…. ….. — … … — .. — — .
Let's decode it with an online Morse code decoder, and the result is
436865636B706F696E7420323A204D79206C69666520225265666C656374656422206265666F7265206D7920657965732E
a hexadecimal number, after converting it, we get Checkpoint 2
Checkpoint 2: My life “Reflected” before my eyes.
hunt for Checkpoint 3-
Lets go back to http://127.0.0.1:5000/whydiary page on your Firefox or preferred browser.
If you Inspect Element (as shown above)on any diary page, you will see a script on a page.
After understanding the script, it tells us that if we have an alert button, we might see the third checkpoint. So, the Markdown is probably susceptible to an XSS attack.
Click on Create a new page, to write a new page in diary.
Write any title u want and give the below description and create the page
[Click Me](javascript:alert('get it.'))
Go to the page u created.
Click on the Click me button
We get the Checkpoint 3 here.
Hooray, we learned about the Markdown XSS attack.
hunt for Checkpoint 4-
So, Checkpoint 3 gives us a hint about the next flag.
If we change the page number to 0 i.e. navigate to http://127.0.0.1:5000/whydiary/page/0
We get the final Checkpoint 4. 🎉🎉
In conclusion, this challenge effectively combined web security fundamentals with steganography and cryptography, offering a comprehensive learning experience. The step-by-step exploration of the four checkpoints demonstrated practical techniques for analyzing web applications and uncovering hidden information. Special thanks to ghostvirus for designing this engaging and thought-provoking challenge!