From 848a2015e43637008089e363c543df8840fc6eed Mon Sep 17 00:00:00 2001 From: quantum2409 Date: Mon, 6 Jun 2022 04:44:09 +0530 Subject: [PATCH 1/2] Added assgn 1 --- Assignment_1/1.sh | 11 +++++++++++ Assignment_1/3.sh | 11 +++++++++++ Assignment_1/4.sh | 11 +++++++++++ 3 files changed, 33 insertions(+) create mode 100755 Assignment_1/1.sh create mode 100755 Assignment_1/3.sh create mode 100755 Assignment_1/4.sh diff --git a/Assignment_1/1.sh b/Assignment_1/1.sh new file mode 100755 index 0000000..7ddbfd2 --- /dev/null +++ b/Assignment_1/1.sh @@ -0,0 +1,11 @@ +i=0 +str="HACK" +while read line +do + i=$((i+1)) + if [[ $line == *"$str"* ]]; + then + echo " The word is present in line no. $i" + echo " $line" + fi +done < i_am_hiding_stuff.txt diff --git a/Assignment_1/3.sh b/Assignment_1/3.sh new file mode 100755 index 0000000..7ddf3f7 --- /dev/null +++ b/Assignment_1/3.sh @@ -0,0 +1,11 @@ +i=0 +str="8080" +while read line +do + i=$((i+1)) + if [[ $line == *"$str"* ]]; + then + echo "The link is in line no. $i and the link is given below" + echo " $line" + fi +done < i_am_hiding_stuff.txt diff --git a/Assignment_1/4.sh b/Assignment_1/4.sh new file mode 100755 index 0000000..abded90 --- /dev/null +++ b/Assignment_1/4.sh @@ -0,0 +1,11 @@ +i=0 +str="HACK" +while read line +do + i=$((i+1)) + if [[ $line == *"hackIT"* ]]; + then + echo " line no. is $i and the line is given below:" + echo $line + fi +done Date: Sat, 24 Dec 2022 05:30:07 +0530 Subject: [PATCH 2/2] Add files via upload --- Assignment_2/210029_Abhinav_Garg/cookies.md | 10 ++++++++++ Assignment_2/210029_Abhinav_Garg/get_ahead.md | 9 +++++++++ Assignment_2/210029_Abhinav_Garg/inspector.md | 10 ++++++++++ Assignment_2/210029_Abhinav_Garg/logon.md | 3 +++ Assignment_2/210029_Abhinav_Garg/scavenger_hunt.md | 13 +++++++++++++ .../210029_Abhinav_Garg/some_assembly_required_1.md | 12 ++++++++++++ .../210029_Abhinav_Garg/where_are_the_robots.md | 11 +++++++++++ 7 files changed, 68 insertions(+) create mode 100644 Assignment_2/210029_Abhinav_Garg/cookies.md create mode 100644 Assignment_2/210029_Abhinav_Garg/get_ahead.md create mode 100644 Assignment_2/210029_Abhinav_Garg/inspector.md create mode 100644 Assignment_2/210029_Abhinav_Garg/logon.md create mode 100644 Assignment_2/210029_Abhinav_Garg/scavenger_hunt.md create mode 100644 Assignment_2/210029_Abhinav_Garg/some_assembly_required_1.md create mode 100644 Assignment_2/210029_Abhinav_Garg/where_are_the_robots.md diff --git a/Assignment_2/210029_Abhinav_Garg/cookies.md b/Assignment_2/210029_Abhinav_Garg/cookies.md new file mode 100644 index 0000000..959afa8 --- /dev/null +++ b/Assignment_2/210029_Abhinav_Garg/cookies.md @@ -0,0 +1,10 @@ +# Cookies + +## Approach + +- I started with the burpsuite intercept feature, and used it to intercept information as I entered snickerdoodle or wafer. +- As Burpsuite displayed various information on each step, I noticed that the "Cookie: name=X" element where X was a number which was varying with my input, hence I started changing it manually to obtain the flag for name=18. + +## Flag + +-picoCTF{3v3ry1_l0v3s_c00k135_064663be} \ No newline at end of file diff --git a/Assignment_2/210029_Abhinav_Garg/get_ahead.md b/Assignment_2/210029_Abhinav_Garg/get_ahead.md new file mode 100644 index 0000000..8289893 --- /dev/null +++ b/Assignment_2/210029_Abhinav_Garg/get_ahead.md @@ -0,0 +1,9 @@ +# GET aHEAD + +## Approach + +- The problem takes method requests of GET and POST. I used BurpSuite to intercept the requests and tried changing the method to HEAD. It lead to an empty screen. Hence, I tried interceptiong the server responses as well for the HEAD method and successfully obtained the flag. + +## Flag + +- picoCTF{r3j3ct_th3_du4l1ty_cca66bd3} \ No newline at end of file diff --git a/Assignment_2/210029_Abhinav_Garg/inspector.md b/Assignment_2/210029_Abhinav_Garg/inspector.md new file mode 100644 index 0000000..a191b4a --- /dev/null +++ b/Assignment_2/210029_Abhinav_Garg/inspector.md @@ -0,0 +1,10 @@ +# Insp3ct0r + +## Approach + +- By now, it was pretty clear that the name of the problem is a pun, a hint to the solution. +- Hence, I inspect the code and the flag was present as comment in the html, css and js file cut into three parts, one part of the flag in each file. + +## Flag + +- picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?2e7b23e3} diff --git a/Assignment_2/210029_Abhinav_Garg/logon.md b/Assignment_2/210029_Abhinav_Garg/logon.md new file mode 100644 index 0000000..8738259 --- /dev/null +++ b/Assignment_2/210029_Abhinav_Garg/logon.md @@ -0,0 +1,3 @@ +logon + +picoCTF{th3_c0nsp1r4cy_l1v3s_0c98aacc} \ No newline at end of file diff --git a/Assignment_2/210029_Abhinav_Garg/scavenger_hunt.md b/Assignment_2/210029_Abhinav_Garg/scavenger_hunt.md new file mode 100644 index 0000000..8415956 --- /dev/null +++ b/Assignment_2/210029_Abhinav_Garg/scavenger_hunt.md @@ -0,0 +1,13 @@ +# Scavenger Hunt + +## Approach + +- So I started with inspecting the code. +- Got the first part in index.html +- Got the second part in the css file +- Tried searching for the third part in the .js file but it contained the clue to the third part. +- Hence, found the remaining flags in /robots.txt, /.htaccess, /.DS_Store following the clues along the way. + +## Flag + +- picoCTF{th4ts_4_l0t_0f_pl4c3s_2_lO0k_f7ce8828} \ No newline at end of file diff --git a/Assignment_2/210029_Abhinav_Garg/some_assembly_required_1.md b/Assignment_2/210029_Abhinav_Garg/some_assembly_required_1.md new file mode 100644 index 0000000..4af41d3 --- /dev/null +++ b/Assignment_2/210029_Abhinav_Garg/some_assembly_required_1.md @@ -0,0 +1,12 @@ +# Some Assembly Required 1 + +## Approach + +- inspected the js file +- found ./JIFxzHyW8W which in essentially means a file inside this directory, hence tried to open it by updating the link. +- the updated link dowloads a .txt file +- the flag is visible inside the file + +## Flag + +- picoCTF{8857462f9e30faae4d037e5e25fee1ce} \ No newline at end of file diff --git a/Assignment_2/210029_Abhinav_Garg/where_are_the_robots.md b/Assignment_2/210029_Abhinav_Garg/where_are_the_robots.md new file mode 100644 index 0000000..c5122da --- /dev/null +++ b/Assignment_2/210029_Abhinav_Garg/where_are_the_robots.md @@ -0,0 +1,11 @@ +# where are the robots + +## Approach + +- from the title and the content on the website it seemed very obvious to look into the robots.txt file +- it contains further file where they dont want you to look (as it says on the page) +- add that /1bb4c.html to the link to find the flag + +## Flag + +- picoCTF{ca1cu1at1ng_Mach1n3s_1bb4c} \ No newline at end of file