NCA CTF: Ghantauke Writeup

In this blog, I’ll be covering an interesting challenge from the NCA CTF, named Ghantauke. Our team, Haribahadur, secured 2nd place in this CTF. It featured cool and challenging CTFs, and among them, Ghantauke was particularly intriguing to write about. Although we solved the challenge just after the CTF ended due to time constraints, it was a fascinating one to tackle.

Scoreboard

Initial Phase

The challenge began with a landing page containing an input field, a submit button, and a description that read, ”You’re not coming from Home”. This phrase hinted that the solution might involve manipulating the Referer header, which typically indicates the origin of a request or the previous page the user visited.

First, I attempted to set the Referer header to localhost, but it didn’t work. Then, I tried 127.0.0.1 which worked, allowing us to proceed to the next part.

Next Phase: Trackers

After the request with Referer of localhost was sent, the page displayed a description stating, — ”You are being watched!”. This vaguely suggested that the browser was tracking us, possibly hinting us to to disable tracking.

To address this, I enable Privacy Badger an extension to disable tracking. Alternatively, we can add the DNT (Do Not Track) header, which instructs the browser to disable tracking mechanisms. After sending the DNT header, we were provided with the next clue, allowing us to progress.

The Master Cookie

At this stage, after disabling the tracking mechanism the application prompted us to send a MasterCookie with a specific value, which needed to be the SHA-1 hash of the string ”nosk”. After hashing “nosk” using SHA-1 algorithm, we sent the header Cookie with key and value of MasterCookie and the hash of the string.

Final Step

Upon submitting the cookie, we were greeted with a response saying, — ”Wrong! You think it’s that easy?”. This made it clear that we needed to supply a correct password or phrase.

Also, By removing the body from the POST request, we received a hint suggesting that the password might resemble a “treasure-opening phrase.”

After testing various phrases, I eventually tried ”opensesame”, which worked, and we successfully retrieved the flag!

Key Takeaways

This challenge revolved around concepts regarding the basics of web headers and HTTP requests — essential for tackling CTF challenges. Understanding how to control headers like Referer and DNT, as well as the use of cookies and basic hashing, were crucial to solving Ghantauke. Props to the author and the NCA team for creating such a cool challenge and an outstanding NCA CTF event overall!

Thanks for reading! I hope you learned something.