TCS HACKQUEST PLAYGROUND WALKTHROUGH


Hello Hackers! I hope you're doing well. This blog is a part of KeyCybr Internship.

Recently I came across the TCS Hackquest Playground, and here I'll be giving an insight into the solution for the same.

The link to register for the same is https://play.tcshackquest.com/register 

This playground is like a warm-up before the actual TCS Hackquest, which is probably scheduled for January 2022.

Let's dive into the challenges.


Challenge 1: Time to play with J.S. 

As you click on "Link here" you'll be redirected to a page that looks like 



You'll have to enter the value here to get the flag. Now, since there's nothing visible on the page, the fundamental thing that should strike you must be viewing the page source!

As you visit the page source, you'll see



The variable contains a base 64 string. On decoding it with the base 64 decoder




You'll get submitthis: {text_to_be_submitted}

As you submit the text and click on Retrieve the Flag, you'll receive your first flag!






Challenge 2: The Flash



As you click on "Gone in a Flash," you'll see a page refresh 10 times in front of your eyes, and you may feel helpless as you won't be able to stop it :P

However, to overcome this, you just need to use burpsuite or zap proxy. 

Intercept request for each uuid and view the response for the same. 

In one of the responses, you'll find the flag!




 Challenge 3: The Elawn Musk



Download the Tweet collection CSV file.

As we analyze the file, you'll find 

and you'll also see 




Now you have the text and the key. All we need to find out is the method of encryption.


From this line, it seems as if we have ECB. On doing further research, you'll come to know that encryption is AES 128 bit ECB mode encryption.

All you have to do is remove the first 8 bits of plain text and use the key.




After doing the same, you'll get a base 64 string. You'll bring plain text on decoding it, which you'll need to enter on the page given in the challenge.

 




Thus you'll get the final flag for the challenge as well.

Overall, the last challenge was a bit tricky, whereas the initial two challenges were comparatively easy.


P.S. Apologies for the blurry images😔. However, I hope that the content covered that up😄


If you like the content, consider connecting with me and pour your knowledge into my D.M.!!😇

Instagram: bhavak_29

LinkedIn: https://www.linkedin.com/in/bhavak-kotak-3b6b071b1/

"Images belong to their respective owners."

Comments

Post a Comment

Popular posts from this blog

Defeating RootME

Image
Hello hackers, Recently I started practicing on  Tryhackme  and came across this easy yet interesting machine named RootME by  ReddyyZ . I strongly recommend the beginners to try this machine out as it would clear the following several concepts of yours one of them being how to bypass file upload functionality and gain a reverse shell on the target system. Not only that, but you'll also have a basic idea about how privilege escalation works. So without taking up any more time of yours, let's jump into the walkthrough.                                                                                        : TASK 1 : Deploying the machine😅 While some of you might think what madness this is we already know that!! My dear friend, you're free to skip this portion then😊😌. Step 1: Connect to OpenVPN [Check the OpenVPN room so that you have an idea] Command used: openvpn {your openvpn file}   Step 2: Click on Start Machine or Start Attack Box. [ I think you can do this:) ] Step
Read more

OWASP TOP 10 Explained

Image
  Hello World! Through this write-up, I’ll try to educate you about OWASP and the OWASP top 10 Vulnerabilities for Web Applications. What is OWASP? OWASP stands for O pen W eb A pplication S ecurity P roject. What does OWASP do? The Internet has connected almost everything to the online world. From making a call to sending messages, making payments, sharing stories, making groups, creating a thread on any topic, and having opinions from various people across the globe and what not! The Internet has made the world a very small place it seems! Now, when you’re spending so much of your time on the internet, it's obvious that your data goes online wherever you sign up. Being a citizen of the modern world, every person who is connected to the internet must know that their data is their ultimate strength and weakness. If in the wrong hands, your data can be used in a way that you cannot even imagine in the wildest of your dreams! Moreover, the recent data breaches and cyber-attacks
Read more