TCS Hackquest 6 Practice Challenges
Today i am going to discuss with you all about the 3 challenges of TCS Hackquest 6 Practice (JS Master, The Flash, Elawn Musk) in the same order…..
1) JS Master
HINT: Can you recover the key hiding in plain sight?
SOLUTION: I firstly looked up for the page source and there i found something interesting as shown below and that interesting was nothing but something BASE64 Encoded. Decode it, Enter the decoded value and Boooooom you got your flag.
2) The Flash
HINT: Iris and Flash are playing a hide and seek game. Flash being the fastest man alive is not visible to Iris. Can you help Iris spot Flash?
SOLUTION: Go to the given link and there in the URL you will notice a parameter called uuid, whose by default set value is 10 and on changing it to another value by default changes to 10 only. Now we are sure that the logic is behind uuid only but how to see the output of changed uuid as normally it is by default changing it to 10????????
No worries i have got it for you. I hope you all are familiar with the tool known as Burp Suite…..Yes we gonna use this tool for this challenge. Its a simple procedure just refresh and capture the request in Burp Suite, Sent the request to repeater and start noticing response for different uuid because Burp Suite will surely not disappoint you. For more information please have a look on below attached pic…. And booooom we got our flag at uuid=5
3) Elawn Musk
HINT: Elawn Musk has sent a special surprise for our Hackquest participants via Twitter. As always, Elawn Musk has done it in a different way. Here is a collection of his tweets. Try to find the special surprise.
SOLUTION: This one is bit tricky but no problem let’s have a look on the given link and download the CSV file given. In hint the word special seems to be somewhat special to us…Hahaha :)
Search for special in CSV file and yeahhhh we have a special gift which is encrypted :(
This information is not enough, now in this line of special gift there is one more thing which is special (@hqteam). Let’s search this in our CSV file and yoooo we got 5 useful lines. Let’s analyze them and i am also attaching these 5 hints below.
RIJNDAEL…. Read about it and you will get to know that this encrypted gift is encrypted using AES (Advanced Encryption Standard) of 128 bits key size (From hint) now what does padded bats at position 9 means????? This tells us that we have to remove first 8 bits of encrypted gift and then decrypt it. So now we have modified Encrypted gift, Encrypted used (AES 128), Secret key also (from hint) and yes we are also provided with the mode (ECB from hints). So now we have everything. Go to any AES decrypt online, use this information and get the key in PLAIN TEXT :|
Get your flag by using that key…. Yepppppppppiiiieeeeee
