UMDCTF 2021 Write-up

RPCA Cyber Club : team

Web Write-up

The Matrix

curl http://chals5.umdctf.io/:4000 — user-agent robots

UMDCTF-{r0b0t_r3b3ll!0n}

The Matrix Reevolution

Dirb curl http://chals5.umdctf.io/:4002

Part of UDMCTF{}

And you can get : UMDCTF-{r0b0t5_43v3r}

Top of the Charts

UMDCTF-{h3@d1ng_t0w@rd5_th3_l1ght}

IOT Project

AZEEEEEEEEEEEEM

Source code : https://github.com/azeemsm-umdctf/azeemsm-umdctf.github.io/commits/master

You can get Maker.key from https://github.com/azeemsm-umdctf/azeemsm-umdctf.github.io/commit/066a11bbbcc442ea21d865d31c7e89d87d17b407

What is IFTTT? integrate other services on IFTTT with your DIY projects. You can create Applets that work with any device or app that can make or receive a web request. If you’d like to build your own service and Applets, check out the IFTTT platform.

Value 1 is your E-mail

UMDCTF-{g!t_h00k3d}

IOT Project2

IFTTT limits daily usage, it causes a few problems, so we had to DM to admin in discord.

UMDCTF-{tw3et!ng_4nd_t0@st1ng}

Return of the Flag Bay

http://chals5.umdctf.io:4004/

Sql injection to Bypass login and get flag

username : 1'or’1'=’1 password : 1'or’1'=’1

Decode flag cookies with base64

UMDCTF-{84y_w425_3p150d33_23v3n93_0f_7h3_f149_84y}

Forensic and Misc. Write-up

Donnie Docker

kali : ssh user@chal2.umctf.io -p 50000

then server response and Ask Password

kali :umdctf

Now You go into it.

First step: You start docker with docker ps -a

you can see it has an image but not running

Next step: docker run -it -d ubuntu:16.04

Finally : docker exec -it <container id> bash

UMDCTF-{h1dd3n_1m@g35}