Challenge: Repo Recon Leak Leak Leak Can you find the secret leak? Source Code: https://github.com/mowzk/repo-recon Walkthrough The challenge page contains a login form where it asks for username and password. The hint is leak. We have to find a token kind of thing to pass authentication. The challenge provides the source code on GitHub: https://github.com/mowzk/repo-recon Solve 1. Reviewing files in the Repo .env file FLAG_VALUE=placeholderflag ADMIN_HASH=$2b$04$9HAfoKBcIKUrTh8F73fL0.aWH/X5dYRnWXL7eikRaxqAEqRlktKM. VIVER=prosogyrous This is the place where developer can potentially drop a token & this can be recorded in one of the commits....

Challenge: BeepBoop Cryptography Help! My IOT device has gone sentient! All I wanted to know was the meaning of 42! It’s also waving its arms up and down, and I… oh no! It’s free! AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Automated Challenge Instructions Detected failure in challenge upload. Original author terminated. Please see attached file BeepBoop for your flag… human. BeepBoop beep beep beep beep boop beep boop beep beep boop boop beep beep boop boop beep beep boop boop beep boop beep beep beep beep boop boop beep beep beep beep boop beep boop boop boop boop beep boop boop beep boop boop boop beep beep boop beep beep boop boop beep boop beep boop boop beep boop boop beep beep boop boop boop beep boop boop boop beep beep boop beep beep boop boop beep beep boop beep boop beep boop boop boop boop beep boop beep beep boop boop boop beep boop boop beep beep boop boop beep beep beep beep boop beep boop boop beep boop boop boop beep beep boop boop beep beep boop boop boop beep boop boop boop beep beep boop beep beep beep boop beep boop boop beep boop beep boop boop boop beep beep boop beep beep boop boop beep boop beep boop boop beep boop boop beep beep boop boop boop beep boop boop boop beep beep boop beep beep boop boop beep beep boop beep boop beep boop boop boop boop beep boop beep beep boop boop boop beep boop boop beep beep boop boop beep beep beep beep boop beep boop boop beep boop boop boop beep beep boop boop beep beep boop boop boop beep boop boop boop beep beep boop beep beep beep boop beep boop boop beep boop beep boop boop boop beep beep boop beep beep boop boop beep boop beep boop boop beep boop boop beep beep boop boop boop beep boop boop boop beep beep boop beep beep boop boop beep beep boop beep boop beep boop boop boop boop beep boop beep beep boop boop boop beep boop boop beep beep boop boop beep beep beep beep boop beep boop boop beep boop boop boop beep beep boop boop beep beep boop boop boop beep boop boop boop beep beep boop beep beep boop boop boop boop boop beep boop Intro The hint is given indirectly in the challenge: waving hands up & down This means it is communicating in binary form: 0 & 1...

Challenge 1: BeepBoop Blog A few robots got together and started a blog! It’s full of posts that make absolutely no sense, but a little birdie told me that one of them left a secret in their drafts. Can you find it? https://beepboop.web.2023.sunshinectf.games Intro The challenge page is a blog that contains multiple posts from different robots. We are a bunch of robots who like posting! We are chronically online, and our posts are not coherent....

Challenge: DDR All the cool robots are playing Digital Dance Robots, a new rythmn game that… has absolutely no sound! Robots are just that good at these games… until they crash because they can’t count to 256. Can you beat the high score and earn a prize? nc chal.2023.sunshinectf.games 23200 Solve 1. Task: Robot will give a 50 arrow string & you have to reply with WASD form. W for up arrow A for left arrow S for down arrow D for right arrow 2....

Challenge: Dill Originally this was going to be about pickles, but .pyc sounds close enough to “pickles” so I decided to make it about that instead. Download: dill.cpython-38.pyc Solve 1. Go to PyC decompile and upload the file. It will show the code. 2. Code: # uncompyle6 version 3.5.0 # Python bytecode 3.8 (3413) # Decompiled from: Python 2.7.5 (default, Jun 20 2023, 11:36:40) # [GCC 4.8.5 20150623 (Red Hat 4....

Intro newsubs is a Python-based command-line tool. Its mission? To make subdomain discovery for Bug Bounty programs a breeze. By leveraging data from Chaos, newsubs streamlines the process of fetching and comparing subdomains across different program versions. Getting started Before we delve into the exciting world of newsubs, let’s ensure you have it set up on your system. Follow these steps: git clone https://github.com/heydc7/newsubs.git cd newsubs pip3 install -r requirements....

Introduction Hello everyone, I hope you are doing well. In this short tutorial, we’ll introduce you to a simple Python tool called “Tinker” that can be used for parameter tampering and help you understand how it works. What is Tinker? Tinker is a Python tool designed to generate multiple deviation payloads of the same input by using parameter tampering. In other words, Tinker helps you explore different variations of a string by toggling between lowercase and uppercase letters....

Automating recon can be a useful tool for improving the efficiency, accuracy, scalability, and security of the recon process. What is Magnify? A tool for spider multiple URLs & check for sensitive variables in code. Why? It is hard to check waybackurls by copy & paste into the browser. Many URLs get 404. Hence, This tool helps to reduce the error links & helps to find sensitive keywords in code....

Introduction Hello, and welcome to my blog! I’m very excited to share my journey of creating this website. I’ve been actively participating in CTFs & learning new concepts continuously. I will be sharing write-ups for CTFs. Stay tuned!