Cyshock CTF

On the quest for knowledge, I participated in Cyshock CTF which was on during 14th to 16th May.

I did not get to solve that many challenges since they were quite challenging.

Let's dig in.

Web

An alarming site

Provided is a link through which one is to interact with the website. On typing help i got the list of commands but the command ping looked at me curiously since it was the only one which accepted user input.

Challenge description

I tried to ping google.com and it worked. I proceeded to perform a custom XSS payload and it somewhat worked.

The payload:

<img src=x onerror=alert(1)>

On trying it while using brave browser, it got this popup

Brave browser popup

After the CTF ended and writeups released, I was told that the payload is correct however I had to use firefox browser or change the user-agent. On trying this on Librewolf (privacy focused alternative to firefox), it absolutely works and got the flag

Flag found

Flag: CYSAT{hunt_within_me}

Misc

A new song

Attached is a WAV file. On hearing the wav file, it seemed like morse code.

Challenge description

I proceeded to upload it to morse code world from which as seen on the attached image below, I obtained the flag.

Flag found!

Flag: CYSAT{TAKE_TO_THE_SKY}

Thank you!!!