CTF Write-up : 0xL4ughCTF 2023

After long time i recently participated in “0xL4ugh” CTF. I was able to solve few challenges. Here i am sharing my approach to solve few challenges.

Forensics

ATT IP

Our obejective is to find the C2 Server IP & Port.

Here we have been given open zip file. Once we download it and extract it we will have “AttIP.pcap” file.

So to do pcap analysis we can utilize wireshark but for CTF purpose i generally use following website.

“https://apackets.com/”

So let’s upload PCAP file on above mentioned website. Once processing of PCAP file is complete you will see results.

Now as we need to find IP & Port we can navigate to “Open Ports” section and here we are able to see on unsual port “23927”.

So our flag is:

0xL4ugh{91.243.59.76_23927}

MISC

Detected

So here we need to click on “link” and it will redirect us to following website: http://20.121.121.120:8000/

Also we have been given open PHP file lets open that

It appears that we need to play with session variable. So first thought that comes to my mind was to Delete currently set session value and reload the website.

Now Let’s delete this PHPSESSID and reload the webpage.

and we get our flag:

0xL4ugh{Youuu_R_a_real_Haqqqqqqeer}