CSAW'21 CTF
Welcome
-edb5f6b1a7871aca61c9ad179937cf82.png)
For this one, I joined the Discord and found the flag:
-b19ce7f6129982481805c4db10ac491c.png)
poem-collection
-bf970a51b8ba5111f522a9e70d2ad28a.png)
For this one, I went on the website and saw the following:
-c227fdd9bcd724d723f5f8951e877f79.png)
This led to another webpage:
-cfa7e9c443c45fd201e3a4653a8fd46b.png)
Clicking on the links led to urls such as http://web.chal.csaw.io:5003/poems/?poem=poem1.txt and http://web.chal.csaw.io:5003/poems/?poem=poem2.txt. I then though about just replacing the poem text file with flag.txt. That did not work. However when I added "../" before the filename, I then got to a webpage. This led me to the flag:
-540c2695c02d7467317f067e8ea59673.png)
Weak Password
-f9c5480101fcfa9e604d1ecdb62aef27.png)
For this problem, they gave us the name and the format for the wordlist. I then created a wordlist using those ideas: crunch 13 13 -t Aaron%%%%%%%% >> Aaron.txt. I then used hash-identifier to find out what kind of hash this is:
-c7ec6f9a2dd6b26e2bb0afbc2389d6f3.png)
I then ran the hashcat command (hashcat -m 0 hash Aaron.txt) and got the flag:
-757fbcec40743a6124353dc39c92c38e.png)
Lazy Leaks
-51d1eda0e08ff8281de121efafe9571b.png)
For this problem, we get a pcapng file. I ran strings on the file, and found the flag in the file:
-3e6062b6bbc37e69f0a5bffcbc384a10.png)