Getting into hacking [Hacking Challenges]: Can you hack it?
This is my attempt to solve the “Can you hack it?” Challenge. I will share the solutions and how to achieve thme, without spoiling the secrets.
Can you hack it?
What da heck is Can you hack it?
challenge?. Can you hack it?
is a challenge hosted by AIS - ainfosec
to give participants a chance to join the team. Score a total of 700 points to unlock the ability to submit your score. Your score submission and email will be sent directly to AIS and someone will be in touch.
I like challenges, that’s why I am trying to give it a shot, while I might not solve them all, but I will be learning alot by time I give up.
How to play?
Navigate to the challenge and hover over a challenge tile to flip it. Once a challenge is solved the points will appear in the top right. You may need to refresh the page to update the points depending on how you solved the challenge.
Categories
The challenge has many categories with different difficulties based on the score number (the bigger, the harder):-
- Client-side Protections
- Networking
- Crypto
- Steganography
- Exploitation
- Reverse Engineering
- Input Validation
- Programming
Client-side Protections
Disabled
That’s really easy and stright-forward challenge. button is disabled on the HTML
, so just edit that html tag.
Button Clicker
That’s really interesting one, first I tried to click the button using js
:
|
|
and yeah, as expected my browser crashed lol. After some time playing with the console (which sometimes can contain the answer!), I found the source code for ButtonClicker
.
setting ButtonClicker_num_clicks
with the desired number solves this one.
Weird Input
This one is funny, coz there is a js function which changes the input to ‘a’s. Just as the previous one, make this function do nothing and you will be able to solve it.
Paid Content
This challenge taught me a lot, coz I was searching in the wrong direction. I first checked the source code as usual (and it didn’t look that great).
then I inspected the network and the response I found looked like this:
|
|
can you see it ?, if I could just set this to true before making the request, that would be it.
Networking
HTTP Basic
That’s another easy and stright-forward challenge. Download the http-auth.cap
and open it with wireshark (not that doo doo doo), and filter all POST
(http.request.method == "POST"
) requests (coz you know post requests usually contains data to be sent!).
WPA2 Deauth
Hacking networks!, the good old days. In this challenge I used aircrack-ng
coz why not?
- Extract info from
.cap
|
|
Cracking the password, and here I wasted lot of time trying to find where I put my wordlists lol (for future me, the path is : /usr/share/hack/
).
Crypto
Skip Cipher
This challenge is easy as it clearly says the cipher, so with quick search you will find many online tools to decode, I used this.
Encoded
That’s a kinda interesting one, it says Encoding is not cryptography! (2.0!!! Now with even more layers!)
. At the first glance I thought about that mores code challenge on hackthebox
, and it was close (many layers).
|
|
This looks like a zip
format, so let’s extract the data inside:
|
|
After extracting the data it show flag.txt
which contains base64
string, trying to decode it gives some trash string (but it’s not!):
|
|
as you can see bz
, another compression. Let’s extract again (this time using bash):
|
|
output.txt contains binary (great!):
|
|
Let’s convert it to ASCII:
|
|
Now we have HEX lol (it’s convert it to ASCII again):
|
|
Finally we get the flag: flag{gurfle*he1l0/***********}
ENIGMA
This is really badass challenge!, i wasted too much time in it and I could solve but there are what you should do to be able to solve it properly:
- Inspecting the console, gives us some hints (that’s where you should always start from)
Let’s analysis those hints:
QK JO LU XG DV
looks like plugboard wiring map.UKW B
is indeed the reflector being used.3 of 5 Rotors
it’s not clear what does that mean but I guess it’s the number of used rotors.First 5 digits of Pi
that’s another ambiguous hint, but it could be the (ring settings/Position setting) as"3 14 15"
Metasploit Acquired by Rapid7
hmm the date?!, Metasploit acquired by Rapid7 on20 Oct, 2009
so (ring settings/Position setting) could be ("20 10 09"
,"10 20 09"
). there is another possiblity but I just ignored it.
There are many possiblities and permutations to try, so it’s better to write a code for that
|
|
Ransom
This one looks tough, coz there are only 3 people who managed to solve it, but it’s not!. I managed to solve it in 15m!.
ransom
the binaryimportant_company_data_backup.zip.ransomed
: At the first glance I thought it’s kinda of compressed randomed file so I tried to extract it but it didn’t work!.
- Basic analysis
Maybe static analysis is the way to go ?, so I tried radare2
:
After some playing around I found out that ransom
checks the stats of a file called encrypt_me
- Actual work
I renamed the ransomed data file to
encrypt_me
and run the ransom bin, and Voilà something happened.
As we can see, running the ransomware on that file modified it and it’s compressed file of type bz2
. To find the flag, just extract it and cat the flag.txt
.
XOR
Another interesting question, XOR is always challenging to work with, this time it’s kinda different as I didn’t want to write code lol. That’s why I used dcode as we also know the length of the key and we need to find that key.
I asked chatGPT since AI is really good finding patterns, and here is what I got:
- AI answer :
"It has been discovered that Cj+ provides remarkable facilities"
With quick googling : I found this wiki:
We have the decoded message now : It has been discovered that C++ provides a remarkable facility for concealing the trivial details of a program...
Finally I used this to get the key ! (as far as I remember lol)
Programming
Birthday
When I saw that it only gives you 5 points I thought it’s going to be easy and I was wrong!, it took me so much time as I didn’t know how to properly send the request lol, and what to do as the challenge leave you no where near the solution with really ambiguous hint : [Birthday]: Yes, you need the year too. Hint: I'm alive and far from retirement.
Let’s get started:
- First Inspect the network : you will find that there exist a GET request when you first click on the challenge which fetches the data (date hashed in
SHA-256
and don’t ask me how I know that!)
- Try to crack the hash:
The concept is easy as the hint suggests
"far from retirement"
, I will try all possible dates lol to1900
hehe.
|
|
Now what?!, I got the desired date (here I got stuck lol, I didn’t know how to send to the server lol). The answer is so easy but I was so dumb lol.
And btw, I am the first one to solve it :D
Secure OTP
That was an easy one, once you got all the hints which btw can be found by submitting many times with wrong answers or seen in the response which first clicking the problem card, anyway let’s jump to the solution.
The hints : seed is given, digits are random int from 0 to 9. So based on these 2 factors we can regenerate the OTP.
|
|
PS: make sure to submit before the timer.
Code Breaker
I am a hecker, just like the ones in the movies LOL, that was an easy one. You just try all the possible char at one index, if the score changes, then it’s a correct one, keep it and move to the next index.
PS: Here I used sleep
but it’s not needed, the server doesn’t block you anyways :D.
|
|
Say Hello :D
Sponsor