VU Cyberthon 2022 — What is my name? & handshaking challenge writeups.
Recently I took part in the VU Cyberthon 2022 Capture the flag, I ended up being a little late for the party so I only completed two straightforward challenges, I placed 197th, oh well, better luck next time.
What is my name?- OSINT
Okay enough chit chat, lets get to the first challenge. We are given an image and asked to identify the first and last name of the person seen below.
Using a reverse image search engine such as TinEye makes this challenge rather easy.
We plop the image into TinEye, and receive an odd video link.
Taking a look at the video, we notice the full name of the person towards the middle of the news report.
The flag in this case was Sompong Singita.
Strange but fun!
Handshaking-WPA2 handshake cracking
On to the next one! We are given a packet capture of a WPA2 handshake and we are asked to crack it to obtain the WIFI password, this challenge is also pretty straightforward. Lets get cracking…
First we have a look at the packet capture in Wireshark
Looking at the source address, it is clear that 12:37:2f:3f:d1:9e is the mac address of the access point.
Using this information, we copy the capture file to our kali box and run aircrack against it.
aircrack-ng -w /rockyou.txt -b 12:37:2f:3f:d1:9e VUCYBERTHON2022.capYou can use whichever password list you prefer, the speed of aircrack will be determined by your processor, in this case I use rockyou.txt.
After some time aircrack stops and we see the password, which is also the flag!
Alright that’s all I have for this one, thank you for reading, I do appreciate it.
Remember to never stop learning and always keep hacking!
