NCS Competition 2021 Writeup
Search…
NCS Competition 2021 Writeup
HHousen National Cyber Scholarship Competition 2021 Writeup
Forensics
Crypto
Binary
Networking
Web
WX01 - 1000pts
WE01 - 100pts
WE02 - 100pts
WH01 - 500pts
WH02 - 500pts
WM01 - 250pts
WM02 - 250pts
WM03 - 250pts
WM04 - 250pts
WM05 - 250pts
Challenge Name
Powered By GitBook
WM01 - 250pts

Briefing

View the page at https://cfta-wm01.allyourbases.co and try to get the flag.

Solution

  1. 1.
    When looking around for interesting files we can find an interesting comment in /assets/js/site.js that says // Image slideshow. Moved in from /new-images when each is finalised.
  2. 2.
    Navigating to /new-images shows a list of pictures. Checking each picture to see if the flag is hidden using steganography tricks yields nothing.
  3. 3.
    It took a lot of different ideas but eventually I tried using Google's reverse image search to see if any of the images in /new-images were unique. The image of the macbook with the screen showing "mii-home" got some matches, but none of them had the "mii-home" graphic. Going to /mii-home shows a login page.
  4. 4.
    The username and password for the login page at /mii-home are validated using login.js. We can deobfuscate it with de4js to get the output in login.js. We can run lines 1-18 in the JS console (only if not already on /mii-home) and then define j to hl_b with j = hl_b. Finally, simply run line 28: window[j(0x73)] = 'se' + 'curi' + 'ty-' + 'ca' + j(0x7d) + '/f' + j(0x70);. This will redirect to /mii-home/security-camera/feed/.
  5. 5.
    We can look at the "Office" camera to see a note that says the WiFi password is XGHEV7HGEV, which is the flag.

Flag

XGHEV7HGEV
Previous
WH02 - 500pts
Next
WM02 - 250pts
Last modified 1yr ago
Copy link
Contents
Briefing
Solution
Flag