SpookyCTF 2024

Miscellaneous

Read the Rules*

Category

Miscellaneous

Tags

Flag

NICC{I_will_behave_now_let_me_in}

Scenario

Go read the rules IN THE DISCORD.

The flag is there.

Enter the flag.

Easy points, we promise.

Solution

The challenge description asks to read the rules in the Discord server. The flag is hidden in the Discord server. Join the Discord server and read the rules to find the flag.

Web Exploitation

cryptid-hunters

Category

Web Exploitation

Tags

sqli

Flag

NICC{1N_PuRSu1T_0F_4LL13S}

Scenario

The intern found some web traffic originating from a known Consortium IP to this website. The website looks like a 7th grader’s project.

Most of NICC took a look at it and blew it off, but Maya thinks there may be something worth looking into. Mary and the others tell her they are too busy and it is a waste of time. She is getting pretty sick and tired of no one taking her seriously. If she finds a lead she is going to follow it. NICC needs all the help they can get, whether its a Sasquatch or a giant clam!

By _m4ch3t3

Hints

Hint 1

The hunters’ webmaster is very tech illiterate. It seems like he just followed some intro level tutorial or used some free AI tool for the code.

Solution

image.png

Well another SQL injection challenge. This time we have a simple login form. We can try to login with some random credentials and see what happens. We can see that the page returns Invalid username or password if we enter wrong credentials. We can try to login with ' OR 1=1 -- as the username and password. This will return list of cryptids. The flag is hidden in the list of cryptids.

paranormal-picture

Category

Web Exploitation

Tags

Flag

NICC{tHe_crYptIds_aRe_waIting_t0_sTrike}

Scenario

One of our recruits is a massive conspiracy theorist. Strangely enough, he has expressed not only that everything is the bite of 87 but also that there’s something strange going on in the dark web that involves Dr. Tom Lei. Though he is a little bit nuts, we think he may be on to something. Figure out what’s going on before it’s too late!

By HackAndQuack

Solution

There is a form on the website that allows you to submit a URL. The website will then request the URL and display the website’s content.

image

After submitting a URL, the website will verify that the URL is a blog by checking if the URL contains the words blog, cryptid, real, 666, and .org. If the URL contains all the words, the website will display the content of the website.

def verifyBlog(url):
    blog_list = ["blog","cryptid","real","666",".org"]
    for word in blog_list:
        if word not in url:
            return False
    return True

To get the flag we need to request the flag page. The flag page is only accessible if the request is coming from 127.0.0.1.

@app.route('/flag')
def flag():
    if request.remote_addr == '::ffff:127.0.0.1' or request.remote_addr == '::1':
        return render_template('flag.html', FLAG=os.environ.get("FLAG"))

    else:
        return render_template('alarm.html'), 403

We need to spoof the URL to contain the words blog, cryptid, real, 666, and .org. We can do this by using the URL http://127.0.0.1/flag?blogcryptidreal666.org