Sitemap
Open in app

Sign in

Medium Logo
Write
Search

Sign in

NCA CTF: Ghantauke Writeup

3 min readOct 26, 2024

In this blog, I’ll be covering an interesting challenge from the NCA CTF, named Ghantauke. Our team, Haribahadur, secured 2nd place in this CTF. It featured cool and challenging CTFs, and among them, Ghantauke was particularly intriguing to write about. Although we solved the challenge just after the CTF ended due to time constraints, it was a fascinating one to tackle.

Press enter or click to view image in full size
Scoreboard

Initial Phase

The challenge began with a landing page containing an input field, a submit button, and a description that read, ”You’re not coming from Home”. This phrase hinted that the solution might involve manipulating the Referer header, which typically indicates the origin of a request or the previous page the user visited.

Press enter or click to view image in full size

First, I attempted to set the Referer header to localhost, but it didn’t work. Then, I tried 127.0.0.1 which worked, allowing us to proceed to the next part.

Press enter or click to view image in full size
Press enter or click to view image in full size

Next Phase: Trackers

After the request with Referer of localhost was sent, the page displayed a description stating, — ”You are being watched!”. This vaguely suggested that the browser was tracking us, possibly hinting us to to disable tracking.

To address this, I enable Privacy Badger an extension to disable tracking. Alternatively, we can add the DNT (Do Not Track) header, which instructs the browser to disable tracking mechanisms. After sending the DNT header, we were provided with the next clue, allowing us to progress.

Press enter or click to view image in full size
Press enter or click to view image in full size

The Master Cookie

At this stage, after disabling the tracking mechanism the application prompted us to send a MasterCookie with a specific value, which needed to be the SHA-1 hash of the string ”nosk”. After hashing “nosk” using SHA-1 algorithm, we sent the header Cookie with key and value of MasterCookie and the hash of the string.

Press enter or click to view image in full size
Press enter or click to view image in full size

Final Step

Upon submitting the cookie, we were greeted with a response saying, — ”Wrong! You think it’s that easy?”. This made it clear that we needed to supply a correct password or phrase.

Also, By removing the body from the POST request, we received a hint suggesting that the password might resemble a “treasure-opening phrase.

Press enter or click to view image in full size
Press enter or click to view image in full size

After testing various phrases, I eventually tried ”opensesame”, which worked, and we successfully retrieved the flag!

Press enter or click to view image in full size

Key Takeaways

This challenge revolved around concepts regarding the basics of web headers and HTTP requests — essential for tackling CTF challenges. Understanding how to control headers like Referer and DNT, as well as the use of cookies and basic hashing, were crucial to solving Ghantauke. Props to the author and the NCA team for creating such a cool challenge and an outstanding NCA CTF event overall!

Thanks for reading! I hope you learned something.

Ctf
Writeup

--

--

Ams._.Ghimire
Ams._.Ghimire

Written by Ams._.Ghimire

78 followers
34 following

Learner.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech