We ended the CTF in 16th Place, which we were happy with as our first result as a team.
Buzz buzz, can you find the honey?
From the title of the challenge, I assumed that it was visual basic, so I renamed it to vbs, tried to run it, it failed. I googled Visual Basic file extensions and found .vbe, I ran it and it went through some popups until the flag appeared
Flag: flag{f805593d933f5433f2a04f082f400d8c}
So I just made a hardcoded bot that basically tells you what you wanna hear. Now usually it's a $ for each thing you want it to say but I'll waive the fee for you if you beta test it for me.
$Echo was an easy web challenge that ended up at 50 points.
We are presented with a text box that takes input, and uses the echo program to return our input. After trying to find command injection, we see that the only allowed special characters are ` and <./
There was also a 15 character limit on input. After some research, i found that commands inside backticks would be executed, and the response returned.
`ls` gave us the index.php, and `ls ..` returned a flag.txt
Due to the 15 character limit, it was impossible for us to use the cat command (e.g. `cat ../flag.txt`) so we had to find another way of reading the file. After research, i found that the < character could send input to stdout. This allowed the crafting of the final payload:
`< ../flag.txt` which returned us a flag.
This movie is what pushed me to get into hacking. Good luck decrypting my note, I'm elite.
There are two files provided with the question: notes.txt and hackers.txt
note.txt is a text document with a flag in a 4 digit numerical format
hackers.txt is the script for the movie Hackers
I thought it would be similar to a book cipher so I googled a book cipher decoder and clicked on the first link: decode.fr/book-cipher I input the data into it and it returned the flag
Flag: flag{62D869C6B886DAC2DD743086E451F76B}