« back

WolvCTF 2023

Hi friends!

It’s my first CTF. Feeling excited and a little bit worrying too !

I played WolvCTF 2023 which was organized by WolvSec along with my team Invaders0x1. And it was held from 17 March 2023, 20:00 UTC — Sun, 19 March 2023, 20:00

Let me explain the challenges I have solved in WolvCTF 2023.

Charlotte’s Web #

┌──[m4r10@parrot]─[/media/sf_CyberSec/CTF/WolvCTF]
└─$ curl https://charlotte-tlejfksioa-ul.a.run.app/                                           
<!DOCTYPE html>
<html>
<head>
<title>index</title>
<script>
  function start() {
    alert("where's the flag? i swear it was around here somewhere");
  }
</script>
</head>
<body>
<button onclick='start()'>click me for the flag</button>
<!-- /src -->
</body>

</html>

                                                                                                                                                                             
┌──[m4r10@parrot]─[/media/sf_CyberSec/CTF/WolvCTF]
└─$ curl https://charlotte-tlejfksioa-ul.a.run.app/src

import flask

app = flask.Flask(__name__)

@app.route('/', methods=['GET'])
def index():
  return flask.send_file('index.html')

@app.route('/src', methods=['GET'])
def source():
  return flask.send_file('app.py')

@app.route('/super-secret-route-nobody-will-guess', methods=['PUT'])
def flag():
  return open('flag').read()
                                                                                                                                                                                      
┌──[m4r10@parrot]─[/media/sf_CyberSec/CTF/WolvCTF]
└─$ curl https://charlotte-tlejfksioa-ul.a.run.app//super-secret-route-nobody-will-guess -X PUT
wctf{y0u_h4v3_b33n_my_fr13nd___th4t_1n_1t53lf_1s_4_tr3m3nd0u5_th1ng}


Flag : wctf{y0u_h4v3_b33n_my_fr13nd___th4t_1n_1t53lf_1s_4_tr3m3nd0u5_th1ng}

Baby re #

strings baby-re | grep wctf
wctf{Oh10_Stat3_1s_Smelly!}
wctf{Must_be_fr0m_OSU}
wctf{A_t0tally_fake_flag}

By guessing I took wctf{Oh10_Stat3_1s_Smelly!} and It was the right flag

Flag : wctf{Oh10_Stat3_1s_Smelly!}

We will rock you #

The challenge gave us a protected zip file. Then, we crack it with john and the rockyou wordlist :

┌──[m4r10@parrot]─[/media/sf_CyberSec/CTF/WolvCTF]
└─$ zip2john we_will_rock_you.zip > zip.hashes                 
Created directory: /home/kali/.john
ver 1.0 we_will_rock_you.zip/we_will_rock_you/ is not encrypted, or stored with non-handled compression type
ver 1.0 efh 5455 efh 7875 we_will_rock_you.zip/we_will_rock_you/flag.txt PKZIP Encr: 2b chk, TS_chk, cmplen=33, decmplen=21, crc=7D20D45F ts=B816 cs=b816 type=0
                                                                                                                                                                                      
┌──[m4r10@parrot]─[/media/sf_CyberSec/CTF/WolvCTF]
└─$ john --wordlist=/usr/share/wordlists/rockyou.txt zip.hashes
Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP [32/64])
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
michigan4ever    (we_will_rock_you.zip/we_will_rock_you/flag.txt)     
1g 0:00:00:00 DONE (2023-03-20 17:35) 1.176g/s 6548Kp/s 6548Kc/s 6548KC/s mickovgys..michellsmg
Use the "--show" option to display all of the cracked passwords reliably
Session completed. 

┌──[m4r10@parrot]─[/media/sf_CyberSec/CTF/WolvCTF]
└─$ cat we_will_rock_you/flag.txt 
wctf{m1cH1g4n_4_3v3R}

Flag : wctf{m1cH1g4n_4_3v3R}