I love scripting challenges. This CTF has numerous of such challanges. Yay!. But their server had intermittent disconnects and time difference (IST) made it hard to access.

– This is a partial writeup as I did not collect assets… and the server was down after ctf end. I will update writeups if the organizers allow access.

Web

Redirects

  • Challenge: A url which when accessed takes a while (visually) and finally says destination reached.

  • Solve: Looking at the proxy (burpsuite) we find a number a redirects happening.

    • Assuming a configuration like nginx with different endpoint redirecting to subsequent other endpoints. What can go wrong? Maintaining the authentication or session across different redirects!



  • Cookie has the flag.

Scripting

Random Thoughts

  • Challenge: A website which gives random thoughts about hackers. Every refresh gives a different one.

  • Investigating: No complex structure to the web app.

  • Solve: Try to automate and check how many thoughts could I fetch. Also maintain headers like cookies, user-agent while doing this.

import requests, time

cookie = ""
for i in range(10000):
    ts = int(time.time())
    headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36"}
    headers["Referer"] = "http://cbmctf2019.cf:3003/"
    question = requests.get("http://cbmctf2019.cf:5001/", headers=headers, cookies=cookie)
    cookie = question.cookies
    question = question.text
    print question
    if "cbm" in question.lower():
        print question
        break
  • Flag
srimbp:Desktop sri$ python cbmctf2.py 
The hacker community may be small, but it possesses the skills that are driving the global economies of the future.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
The hacker community may be small, but it possesses the skills that are driving the global economies of the future.
There are few sources of energy so powerful as a procrastinating college student.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
Never underestimate the determination of a kid who is time-rich and cash-poor
The hacker community may be small, but it possesses the skills that are driving the global economies of the future.
Is hacking ever acceptable? It depends on the motive.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Never underestimate the determination of a kid who is time-rich and cash-poor
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
Hackers often describe what they do as playfully creative problem solving.
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
Narcissists will never tell you the truth. They live with the fear of abandonment and can't deal with facing their own shame. Therefore, they will twist the truth, downplay their behavior, blame others and say what ever it takes to remain the victim. They are master manipulators and conartists that don't believe you are smart enough to figure out the depth of their disloyalty. Their needs will always be more important than telling you any truth that isn't in their favor..
Never underestimate the determination of a kid who is time-rich and cash-poor
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
The hacker community may be small, but it possesses the skills that are driving the global economies of the future.
Is hacking ever acceptable? It depends on the motive.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
Hackers often describe what they do as playfully creative problem solving.
Narcissists will never tell you the truth. They live with the fear of abandonment and can't deal with facing their own shame. Therefore, they will twist the truth, downplay their behavior, blame others and say what ever it takes to remain the victim. They are master manipulators and conartists that don't believe you are smart enough to figure out the depth of their disloyalty. Their needs will always be more important than telling you any truth that isn't in their favor..
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
Is hacking ever acceptable? It depends on the motive.
There are few sources of energy so powerful as a procrastinating college student.
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
Is hacking ever acceptable? It depends on the motive.
Is hacking ever acceptable? It depends on the motive.
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
Is hacking ever acceptable? It depends on the motive.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
The hacker community may be small, but it possesses the skills that are driving the global economies of the future.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
Never underestimate the determination of a kid who is time-rich and cash-poor
There are few sources of energy so powerful as a procrastinating college student.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Narcissists will never tell you the truth. They live with the fear of abandonment and can't deal with facing their own shame. Therefore, they will twist the truth, downplay their behavior, blame others and say what ever it takes to remain the victim. They are master manipulators and conartists that don't believe you are smart enough to figure out the depth of their disloyalty. Their needs will always be more important than telling you any truth that isn't in their favor..
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Is hacking ever acceptable? It depends on the motive.
The hacker community may be small, but it possesses the skills that are driving the global economies of the future.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
Hackers often describe what they do as playfully creative problem solving.
Never underestimate the determination of a kid who is time-rich and cash-poor
The hacker community may be small, but it possesses the skills that are driving the global economies of the future.
Hackers often describe what they do as playfully creative problem solving.
Hackers often describe what they do as playfully creative problem solving.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
Never underestimate the determination of a kid who is time-rich and cash-poor
Never underestimate the determination of a kid who is time-rich and cash-poor
Is hacking ever acceptable? It depends on the motive.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
Never underestimate the determination of a kid who is time-rich and cash-poor
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
There are few sources of energy so powerful as a procrastinating college student.
Is hacking ever acceptable? It depends on the motive.
Never underestimate the determination of a kid who is time-rich and cash-poor
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Is hacking ever acceptable? It depends on the motive.
Hackers often describe what they do as playfully creative problem solving.
Hackers often describe what they do as playfully creative problem solving.
Never underestimate the determination of a kid who is time-rich and cash-poor
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Narcissists will never tell you the truth. They live with the fear of abandonment and can't deal with facing their own shame. Therefore, they will twist the truth, downplay their behavior, blame others and say what ever it takes to remain the victim. They are master manipulators and conartists that don't believe you are smart enough to figure out the depth of their disloyalty. Their needs will always be more important than telling you any truth that isn't in their favor..
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
There are few sources of energy so powerful as a procrastinating college student.
There are few sources of energy so powerful as a procrastinating college student.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
There are few sources of energy so powerful as a procrastinating college student.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
Hackers often describe what they do as playfully creative problem solving.
Is hacking ever acceptable? It depends on the motive.
Narcissists will never tell you the truth. They live with the fear of abandonment and can't deal with facing their own shame. Therefore, they will twist the truth, downplay their behavior, blame others and say what ever it takes to remain the victim. They are master manipulators and conartists that don't believe you are smart enough to figure out the depth of their disloyalty. Their needs will always be more important than telling you any truth that isn't in their favor..
There are few sources of energy so powerful as a procrastinating college student.
Is hacking ever acceptable? It depends on the motive.
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Is hacking ever acceptable? It depends on the motive.
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
Never underestimate the determination of a kid who is time-rich and cash-poor
Hackers often describe what they do as playfully creative problem solving.
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
There are few sources of energy so powerful as a procrastinating college student.
There are few sources of energy so powerful as a procrastinating college student.
There are few sources of energy so powerful as a procrastinating college student.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Never underestimate the determination of a kid who is time-rich and cash-poor
The hacker community may be small, but it possesses the skills that are driving the global economies of the future.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Hackers often describe what they do as playfully creative problem solving.
Is hacking ever acceptable? It depends on the motive.
The hacker community may be small, but it possesses the skills that are driving the global economies of the future.
There are few sources of energy so powerful as a procrastinating college student.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
Hackers often describe what they do as playfully creative problem solving.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Is hacking ever acceptable? It depends on the motive.
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
The hacker community may be small, but it possesses the skills that are driving the global economies of the future.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
The hacker community may be small, but it possesses the skills that are driving the global economies of the future.
Narcissists will never tell you the truth. They live with the fear of abandonment and can't deal with facing their own shame. Therefore, they will twist the truth, downplay their behavior, blame others and say what ever it takes to remain the victim. They are master manipulators and conartists that don't believe you are smart enough to figure out the depth of their disloyalty. Their needs will always be more important than telling you any truth that isn't in their favor..
Narcissists will never tell you the truth. They live with the fear of abandonment and can't deal with facing their own shame. Therefore, they will twist the truth, downplay their behavior, blame others and say what ever it takes to remain the victim. They are master manipulators and conartists that don't believe you are smart enough to figure out the depth of their disloyalty. Their needs will always be more important than telling you any truth that isn't in their favor..
Never underestimate the determination of a kid who is time-rich and cash-poor
Hackers often describe what they do as playfully creative problem solving.
Never underestimate the determination of a kid who is time-rich and cash-poor
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
Narcissists will never tell you the truth. They live with the fear of abandonment and can't deal with facing their own shame. Therefore, they will twist the truth, downplay their behavior, blame others and say what ever it takes to remain the victim. They are master manipulators and conartists that don't believe you are smart enough to figure out the depth of their disloyalty. Their needs will always be more important than telling you any truth that isn't in their favor..
There are few sources of energy so powerful as a procrastinating college student.
There are few sources of energy so powerful as a procrastinating college student.
Is hacking ever acceptable? It depends on the motive.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
Narcissists will never tell you the truth. They live with the fear of abandonment and can't deal with facing their own shame. Therefore, they will twist the truth, downplay their behavior, blame others and say what ever it takes to remain the victim. They are master manipulators and conartists that don't believe you are smart enough to figure out the depth of their disloyalty. Their needs will always be more important than telling you any truth that isn't in their favor..
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
Very smart people are often tricked by hackers, by phishing. I don't exclude myself from that. It's about being smarter than a hacker. Not about being smart.
Never underestimate the determination of a kid who is time-rich and cash-poor
There are few sources of energy so powerful as a procrastinating college student.
Is hacking ever acceptable? It depends on the motive.
Hackers are arrogant geek romantics. They lack the attentive spirit of inquiry.
Narcissists will never tell you the truth. They live with the fear of abandonment and can't deal with facing their own shame. Therefore, they will twist the truth, downplay their behavior, blame others and say what ever it takes to remain the victim. They are master manipulators and conartists that don't believe you are smart enough to figure out the depth of their disloyalty. Their needs will always be more important than telling you any truth that isn't in their favor..
The hacker community may be small, but it possesses the skills that are driving the global economies of the future.
One can track when you hit refresh in your browser and many more.... by the way flag is cbmctf{s335!on_c00k!35}
One can track when you hit refresh in your browser and many more.... by the way flag is cbmctf{s335!on_c00k!35}

Incomplete Challenges

Response Fast

  • Challenge Had to solve mod math and respond fast to the server to get the flag.

  • Solve:

    • Initially I tried to bruteforce by repeatedly solving this to get the flag.
    • There was a hidden time in the request form, So I tried to use the same and increment it to check if this gives me the flag.
    • By this time the server was down and never came up to try my script again…! :-(
### Scripting - CBMCTF - Are you Fast?

import requests, time, random

for i in range(10000):
    ts = int(time.time())
    question = requests.get("http://cbmctf2019.cf:3003/")
    cookie = question.cookies
    question = question.text
    question = question.split("<br>")
    A, B = question[0].strip("<h1>").split("and")
    A = A.split("=")[1]
    B = B.split("=")[1]
    ts = question[2].split("value=")[1].strip("></form>")
    ts = eval(ts+str(random.randint(1,1000)))

    #print A, B, ts
    
    data = {"answere": int(B)%int(A) ,"time": ts}
    headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36"}
    headers["Referer"] = "http://cbmctf2019.cf:3003/"
    response = requests.post("http://cbmctf2019.cf:3003/check", data=data, cookies=cookie, headers=headers)
    answer = response.text
    if "cbm" in answer or "cbm".upper() in answer:
        print answer
        break

Decode QR Code

  • Challenge Given a website with QR Code to decode and respond

  • Again the ctf was over before I could wake up and run…

  • Untested snippet (might help solving other challenges in the future…)

import requests, time

ts = int(time.time())
question = requests.get("http://cbmctf2019.cf:3004/")
cookie = question.cookies
question = question.text
print question

### Using QRTools
from qrtools import QR
my_QR = QR(filename = "home/user/Desktop/qr.png")
my_QR.decode()
print my_QR.data