Small IBOH 2024 Writeup
yesterday i played at APU's battle of hackers with my buddies from Sunway's CSC! even though we were beginners, we mananged to do a great job and had fun o/ here's my lazy writeups of the challenges I solved, minus the OSINT ones (may update if i feel like completing the rest of the forensics):
FORENSICS - New Hire
i got first blood on this! inside is a kali zip that contains a "loot" and "recon" folder, the loot folder contains a group policy xml with an encrypted password. this can be decrypted with gpp-decrypt:
gpp-decrypt FKhE/Beywcp8ZLLxH6LszmcuRiXceWaeEXvSJ5jKyJjqJ9vAidZiHVebDcE6n+Wi
and we get half of the flag here:
L1ke_OscP_@gAiN}
the other half can be found in the recon folder, where you'll find sharphound files, no need to open them with bloodhound, they'll be nicely shown with just exiftool
inside the users file, there's a stray b64 encoded text in the data properties description:
W�e� �d�i�d�n�'�t� �l�e�a�r�n� �o�u�r� �l�e�s�s�o�n� �s�o� �t�h�i�s� �i�s� �o�n�e� �h�a�l�f� �o�f� �t�h�e� �f�l�a�g�:� �I�B�O�H�2�4�{�A�D�_�P�W�N�3�d�_�
remove the garbage text:
We didn't learn our lesson so this is one half fo the flag: IBOH24{AD_PWN3d_
put it together, and the flag is
IBOH24{AD_PWN3d_L1ke_OscP_@gAiN}
MISC - Sanity Check
this is a link to a discord server that asks you if you're sane. discord bots are usually written in python if not js, so the solution here is a simple python code injection:
print(flag)
which outputs "flag", kicks you from the main channel, and brings you to the flag channel:
IBOH24{w3lc0m3_7o_IBOH24_e384680f33bd54bdec7db04b6393f3b8}