Hackyeaster 2017 Challenges - "Puzzle this!" Solution

https://hackyeaster.hacking-lab.com/hackyeaster/challenge01.html

there is an image that is a puzzle and we need to arrange it to be able to scan the bar code

checking the source code we found that each small image is placed by position from the original scrambled PNG file

arranging the position we get the bar code to scan by the mobile application

Hidden Message A Cyber Criminal is hiding information in the below file. capture the flag? submit Flag in MD5 Format Challenga Link: https://s3-eu-west-1.amazonaws.com/talentchallenges/Forensics/hidden_message.jpg

Hidden Message

A Cyber Criminal is hiding information in the below file. capture the flag? submit Flag in MD5 Format

Challenga Link: https://s3-eu-west-1.amazonaws.com/talentchallenges/Forensics/hidden_message.jpg

Download the image and from the first thought, an image and hidden message, so it should be steganography challenge

checked it against online sites and downloaded application but i cannot find any hidden messages

open teh image in Notepad++, and chacking the data i found the code "b1a1f2855d2428930e0c9c4ce10500d5"

we get the code "b1a1f2855d2428930e0c9c4ce10500d5"

Cyber Talents 2017 Challenges - "LOTR Hero Mania" Solution

LOTR Hero Mania

lord of the rings addict is the user of this application, can you find the creds?, the key is the md5(userpass)

Challenge Link: https://s3-eu-west-1.amazonaws.com/talentchallenges/Reverse/app.apk.zip

Download the APK and decompile it (i use online APD decompiler)

open the java file named MainActivity.java

compare line

if (user.compareTo(MainActivity.this.getUser()) == 0 && pass.compareTo(MainActivity.this.getPass()) == 0) {

getUser function

private String getUser() {
        String resp = this.weezy > 152 ? "Legolas" : "Aragon";
        this.weezy += 100;
        return resp;
    }

getPass function

private String getPass() {
        return this.weezy > 152 ? "Saruman" : "Gandalf";
    }

so the user is Legolas and the password is Saruman

get the MD5 of LegolasSaruman provide the code

we get the code "d710d29360684aef13ea7cdfecf63a3a"

Cyber Talents 2017 Challenges - "G&P List" Solution

G&P List

Just open the file and Capture the flag. Submission in MD5

Challenge Link: https://s3-eu-west-1.amazonaws.com/talentchallenges/Forensics/G%26P+lists.docx

this is a corrupted DOC file, opened and recover it did not give anything

open the file in Notepad++ and check the content, i found

Flag.txt877c1fa0445adaedc5365d9c139c5219PK

we get the code "877c1fa0445adaedc5365d9c139c5219"

Cyber Talents 2017 Challenges - "Hidden Message" Solution

Hidden Message

A Cyber Criminal is hiding information in the below file. capture the flag? submit Flag in MD5 Format

Challenga Link: https://s3-eu-west-1.amazonaws.com/talentchallenges/Forensics/hidden_message.jpg

Download the image and from the first thought, an image and hidden message, so it should be steganography challenge

checked it against online sites and downloaded application but i cannot find any hidden messages

open teh image in Notepad++, and chacking the data i found the code "b1a1f2855d2428930e0c9c4ce10500d5"

we get the code "b1a1f2855d2428930e0c9c4ce10500d5"

Cyber Talents 2017 Challenges - "Crack the Hash" Solution

Crack the Hash 

A hacker leaked the below hash online.Can you crack it to know the password of the CEO? 1ab566b9fa5c0297295743e7c2a6ec27

this seems to be SHA1 code, 
try to decrypt it online using https://hashkiller.co.uk/sha1-decrypter.aspx

we get the code "Iamtheflag"

Cyber Talents 2017 Challenges - "Guess The Password" Solution

Guess The Password 

A hacker leaked the below hash online.Can you crack it to know the password of the CEO?

the flag is the password Hash: 06f8aa28b9237866e3e289f18ade19e1736d809d

this seems to be MD5 code, 
try to decrypt it online using https://hashkiller.co.uk/md5-decrypter.aspx

we get the code "jrahyn+"