This was my second single player Capture The Flag kind of Hacking Competition and I finished Hackmaster in the Second position. So here goes the write up.
There was 30 Levels.
Level1
The password verification is performed using JavaScript. Try if you can hack and get the password.
Solution
It was plain old view source problem
Answer: Angaane pavanaayi,shavamaayi
Want to go to the next level? Read this picture.
Solution
This one was also pretty simple. Just downloaded the image and extracted with WinRAR.
I got a clue from the Hackmaster forum that "Difference" is a technical term and maybe designers will understand it. I had seen a Difference option in Photoshop. So i Googled for "Hiding images with Photoshop" and i got a tutorial in Gimp. (here)
Solution
Answer: allizzwell!
After some trail and errors i found out that the file name is like "zip.part0001.rar" , and ended up like "zip.part1024.rar". I quickly wrote a python script to do the work. I was behind a proxy with NTLM Auth so connectivity with native python code was an issue. So i used IDM console options to do my work. Finally i got the answer after extracting the combined file.
Answer:<sorry i forgot the password> :)
Level 14
Tintumon is a great fan of AR Rahman. he had sent his girl friend dundumol a message in AR.mp3. find the message.
Answer: goodwrkdudeugotdans
Solution
Solution
Solution
I was given an Executable. When I analyzed that, I found out that it was a Java application with an exe wrapper. I just extracted it with WinRAR, got the class file and decompiled it with Java Decompiler. I had manually find out that “fdmfy” in some combination resulted in the answer. I just modified the code and got the answer.
There was 30 Levels.
Level1
The password verification is performed using JavaScript. Try if you can hack and get the password.
Solution
It was plain old view source problem
Answer: hAcKWA5T3r
Level2
Can you crack this?
Solution
It was also a view source problem. The answer was in the end of jquery.js in HEX format. I just beautified the JavaScript and converted the answer in HEX format.
Answer: Angaane pavanaayi,shavamaayi
Level3
Want to go to the next level? Read this picture.
Solution
Answer: next question please
Level4
This is a bit tricky you are the answer.
Solution
A simple one. there is a link to an image which show b and 64. So that was just base64 of my username.
Answer: eGJveg==
Level6
x1 = f1("We") = 485c47a81eb6e3998ec05aca48eda184
x2 = f2("will") = 37d41699bdee4fcb969ca499eb0f8b82c60d59cc
x3 = f3("all") = ce2786195f31ede1465691a9072b5d1a38f1f6195a7d55e32eda5497fd237379
x4 = f4("laugh") = f428b6b7601e46fa66327dc11ed6c54e4d014a040b65a8c9d18f0842
x5 = f5("at") = ef7328c4a6bab374cb72a054f607df6f893d1cdd0b5b733135e5407434ec1f19b99fbd5367800f73
x6 = f6("gilded") = 0887026a
x7 = f7("butterflies") = d70497ac
f("We will all laugh at gilded butterflies") = g(x1,x2,x3,x4,x5,x5,x6,x7) = 4c923ac
f("Make a better world than ours, Kal") = ?
Solution
I used a python script to identify the hash and an online website to generate hashes.
These were different hashes.
x1=>md5
x2=>sha1
x3=>gost
x4=>havel224,3
x5=>ripemd320
x6=>adler32
x7=>crc32
g(x1,x2,x3,x4,x5,x5,x6,x7) = 4c923ac
Here g(X) is actually the last ending character of all the hashes (x1,x2,x3,x4,x5,x6 and x7)
Make- 529a05ca6c1263aab080ec4f20754411
a- 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
better- 73153b79698ee7372ac5c31bbf0d0a7a929732c7e44ab12cf5ced7de10422b23
world- ba2e9941a5d3aec529ed6f7d5f380d41f846ce42e32772fed503a91d
than- a7b50f9666840aac5165c42c8545c4db0eb21e856aa50e887759ef6f7ea2cbf2a2cf945c1b2e33d9
ours,- 066c01f6
Kal-cbf44918
g(X)=183d968
Answer:183d968
Level 7
There was an image. There is a difference between this image and the one we use for promotion in Social Media profiles.
Solution
After going through Photoshop i got the hidden image which looks like this. I also had adjusted some curves.
Even though the answer was not so clear. i tried a few times and got the answer.
Answer: ImaGeCepTiONed!!
Level 8
Solution
This was a Substitution Cipher. I had used a website for frequency analysis and after few trial and errors, i got the answer.
Answer: our mothers taught us to tell only the truth in a world that resents it. we were trained to tell right from wrong, black from white, in a world that bathed in shades of grey. experience rewrote everysinglelesson which we were taught as children. but now we've grown, and we clearly see. survival of the fittest - thats the only truth that really matters.
Level 9
Solution
There was a chrome extension. i just extracted it with WinRAR and opened the manifest file and got the url to the answer.
Answer:4977871989110552682881652
Level 10
Can u find the password to use this android app??
Solution
I extracted the apk with WinRar, converted the file to jar with dex2jar and used Java Decompiler to decompile it. I got the password from the source.
Answer: merocks
Level 11
Can you find the password of this program?
Solution
A Linux executable was given. Simple static analysis on IDA uncovered the answer.
Level 12
Tintumon has hidden his password inside an archive. The name of archive is "zip.rar". It is split into many parts and is stored in this directory.Download all parts , and find the answer.
Solution
After some trail and errors i found out that the file name is like "zip.part0001.rar" , and ended up like "zip.part1024.rar". I quickly wrote a python script to do the work. I was behind a proxy with NTLM Auth so connectivity with native python code was an issue. So i used IDM console options to do my work. Finally i got the answer after extracting the combined file.
Answer:<sorry i forgot the password> :)
Level 14
Solution
From a clue from Hackmaster forum about "Visualizer" had given me a thought about Sonic Visualizer. Opened the mp3 with Sonic and added a Spectrogram to revel the message.
From a clue from Hackmaster forum about "Visualizer" had given me a thought about Sonic Visualizer. Opened the mp3 with Sonic and added a Spectrogram to revel the message.
Answer: tintu<3dundu
Level 14
Tintumon has hidden his password inside this archive. Help
him recover the password.
Solution
The archive was password protected and the password was the
name of the archive but inside that contains another password protected archive
with password as that archive’s file name. I had extracted almost 6 of them and
then thought of automating the process. Again I had written a small piece of
python script to do the stuff.
Answer: goodwrkdudeugotdans
Level 18
Shashimons accessing an insecure server . Tintumon was able
to get some data. can u analyse the data and find Shashimons password from
Datadump.rar
Solution
Just opened it in Notepad++ and searched for password. A lot
of URLs with password was there but finally got the right password.
Answer: ilovcricket
Level 19
My friend challenged me with this code question and asked me
to find the answer, I have an answer ready but I want to check if it is
correct, so can you also find the answer to the code below?, I was also given a
clue Good luck
NLYLDXIACNGYOAPOXEESTZRIZGWVNIPEWYEHM
Clue:
1 2 3 4 5
1 B G W K Z
2 Q P N D S
3 I O A X E
4 F C L U M
5 T H Y V R
Solution
At first I thought it was Poly fair Cipher since I didn't
find J in the 5x5 matrix, but later figured out it was bifid cipher. There was
a website that helps to crack cipher if we provided the correct input.
Answer: SOMETIMES LIFE BOILS DOWN TO ONE INSANE MOVE
Level 20
Can u find the password to use this application???
Solution
It was again a Linux executable. The password was dynamically
generated, so I used GDB, checked the ESP and got the answer
Answer: mahendrasinghdhoni77198
Level 23
Find the password of the application?
Solution
It was a Linux executable. I just opened it in edb debugger and keep on checking the registers and finally got the answer.
Answer: sherlockholmes
Level 24
My friend created a custom hashing program. Can you find the
plain text for this Hash: 4G;42|4G42;
Solution
I was given an Executable. When I analyzed that, I found out that it was a Java application with an exe wrapper. I just extracted it with WinRAR, got the class file and decompiled it with Java Decompiler. I had manually find out that “fdmfy” in some combination resulted in the answer. I just modified the code and got the answer.
Answer:fydfm
Njoyed reading !!!!!
ReplyDeleteHi Ajin,the tutorial is very nice. There is lot to learn for me.Please let me know if you have any other tutorials like this. thanks
ReplyDelete