forked from pages-themes/hacker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
hackerearth-answers.txt
128 lines (76 loc) · 3.71 KB
/
hackerearth-answers.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
Hi Jainil,
Forensics :
Challenge #1 : "To human is to err"
Solution : Downloaded the html code from pastebin link. Opened it in browser. I ran the following commands :
python2 -m SimpleHTTPServer 80
cewl http://0.0.0.0:80/file.html > wordlist
I used this wordlist with "Burp Intruder", and got "Cookie" as flag
FLAG : Cookie
Challenge #2 : "What's in a Barcode?"
Solution : Download the file. First I used "zbarimg" tool but didn't get anything.
Later I got these barcode bytes "TTFNT1JUWS9SSUNLICAgICAgICAgIEVIM0ExQzNLREZXKioqQUEgMzk5MiAxMDJGMDM1QTAwMDEgMTAw"
Run following command
echo TTFNT1JUWS9SSUNLICAgICAgICAgIEVIM0ExQzNLREZXKioqQUEgMzk5MiAxMDJGMDM1QTAwMDEgMTAw | base64 -d
Got AA3992. Searched on google and found airport code CVG
FLAG : FLAG_{CVG}
Challenge #3 : "TIL: recovering meme"
Solution : Download the file. Run command
binwalk --dd='.*' challengeFile
Now I have a gif, written KUAT in black colour.
FLAG : FLAG_{KUAT}
Challenge #4 : "Mr Shadow and Ms SAM are not from same mother!"
Solution : Given was "txt.olleh%2FW380z%2Fhs.refsnart". Run following
python2 -c 'import urllib;print urllib.unquote("txt.olleh%2FW380z%2Fhs.refsnart")[::-1]'
I got transfer.sh/z083W/hello.txt . Download the file, it's /etc/passwd file of linux. Then run
john hello.txt and got the passwords
FLAG : FLAG_{ubuntu|bob|password|cookie|marathon}
*************************************
# Infrastructure
Challenge #1 : "I am *domain* hunter"
Solution : Run this command
dig 0x10.info TXT | grep "ANSWER SECTION" -A 1 | grep "TXT" | cut -d'"' -f2 | xxd -r -p | base64 -d | base64 -d
I got "yey_kung_fu_panda"
FLAG : FLAG_{TXT_yey_kung_fu_panda}
Challenge #2 : "Well, this isn't the end of journey - wysiwyg"
Solution : Opened the GIF and got redirected to "https://doll.0x10.info". View Page Source, I see TXT written there, I checked
TXT record of doll.0x10.info with command
dig doll.0x10.info TXT
FLAG : FLAG_{ec2-54-172-76-227.compute-1.amazonaws.com}
*************************************
# Generic
Challenge #1 : "Are you a whitehat, blackhat, or somewhere in between?"
FLAG : FLAG_{grey_hat}
Challenge #2 : "Old tale of backtrack"
FLAG : FLAG_{kali_linux}
Challenge #3 : "History Lesson: Find the guy"
Solution : Open the link to image found in challenge description and found this page
"http://www.catb.org/esr/faqs/hacker-howto.html"
See the email there
FLAG : FLAG_{esr@thyrsus.com}
***************************************
# InfoSec Industry
Challenge #1 : "Don't be a SOAR looser"
Solution : Reverse Image Search on google and find reference to phantom
FLAG : FLAG_{phantom}
Challenge #2 : "What does strange SIEM tool do?"
Solution : Inspect Element > I saw "FLAG_{S*****}" written there beneath the meme. I know about Splunk tool.
FLAG : FLAG_{Splunk}
Challenge #3 : "Boring part: Compliance related to Security"
Solution : Searched on google
FLAG : PCI
****************************************
# Cloud
Challenge : "Cloud and DNS are match made in heaven, really?"
Solution : Run the following command
dig bertram.0x10.info
FLAG : FLAG_{cipher-combat.s3.amazonaws.com}
****************************************
# Cryptography
Challenge : "GPG | PGP : what was that again?"
Solution : Downloaded all challenge files. With my recent CTF experience, I wrote a python script to bruteforce the password
for private key with the known information and got "rick.morty" as the password. Run the following commands:
gpg --import priv.asc
gpg --decrypt secret-for-rick.gpg
FLAG : FLAG_{thank god i found this: f_3sb__k][FB__t_vT}
Thanks,
red