Try Hack Me [N00bz CTF 2023]
Description of the challenge
brayannoob gave me a ctf challenge and told me
Try to hack me.
First, let’s start our research with the username
When I have to work with username I really appreciate to use the following website: https://whatsmyname.app/.
Let’s check the results I got for the username
When dealing with username I always start with social network such as Instagram, Twitter, Facebook and GitHub so let’s open the GitHub account we found. It’s very interesting because we see on the profile that the user committed something in a repository recently. I will not go through the code because I will lose time, going directly to the commits history is more efficient because we can see the commit message and the changes made into the project.
If we check the most recent commit we can see a secret username
brayan234 (others secrets were present in past commits
and even passwords, but we know that they are not
relevant because the admin told us that we do not have to use any credentials to solve the challenge).
Now, because of the challenge description speaks about
Try to hack me and CTF challenges, as experienced players, we
know that there is a
popular website called
Try Hack Me where hackers
can learn and practice their skills. Let’s check if the username
brayan234 is present on the website.
But how can we find a specific user on the website? Let’s check the profile of one of the player in the leaderboard for example
Now, we know the pattern used by the website to render a user profile. Let’s replace
Kn1ght1972 by the username we
found in the commit:
BINGO , we got it