Skip to content

2.1.Cybersecurity beginner labs (Cyber Talents)

1. Pay Me

  • I will lock your machine screen or files till you pay me. Who am i ?

Ransomware

2. htmlentities

  • True or False , htmlentities ( convert special characters to its html entity ) can't be exploited to run XSS payload ?

htmlentities() converts special HTML characters (like <, >, &) into HTML entities (&lt;, &gt;, &amp;) β€” this helps protect against XSS when the text is rendered inside normal HTML content.\ However, the protection isn't absolute, because XSS can still occur through other contexts (e.g., inside attributes, JavaScript, CSS, or URLs) or if the function is misconfigured or used incorrectly.

False

3. This is Sparta

  • Morning has broken today they're fighting in the shade when arrows blocked the sun they fell tonight they dine in hell\ open Link in Challenge :

  • go to https://obf-io.deobfuscate.io/ - After deobfuscating, this is what we get :

  • The check() function reads the username and password from two DOM elements (whose IDs are user and pass).

  • The username and password must both be "Cyber-Talent" for the success message to appear.

{J4V4_Scr1Pt_1S_Aw3s0me}

## 4. Hackers Gathering

 **I am a cyber security conference that run in August every year in Las Vegas. I am the largest gathering for Hackers in the whole world. No Credit cards, no online booking , Only Cash allowed . Who am I ?**

 \> `Defcon`

5. Admin has the power

  • Administrators only has the power to see the flag , can you be one ?

After Login : user=> support , password=> x34245323

Here you can see that we have a cookie and a role set to support. Let’s mess with the role, as our aim is to get admin privilege :

Change this role to : admin :

hiadminyouhavethepower

6. Hash3rror

  • we got this corrupted hash password from a Pcap file with a note (password = sha-1(hash-result)).

HASH:77be5d24ed2e3e590045e1d6o7e84i50d2799c19f48ede46804a8734e287df120fΒ 

Calculate String Length :

this hash is SHA-256 but the length of SHA-256 is 64 so there are two caharaters we must remove them , using http://www.sha1-online.com/ Or hexadecimal digits (0=>9:a=>f) the i And o not Hexa : 77be5d24ed2e3e590045e1d67e8450d2799c19f48ede46804a8734e287df120f

SHA-256 Decoder using : https://www.dcode.fr/sha256-hash :

the Plan Text : s3cr3tpassword

using https://gchq.github.io/CyberChef/ , to get Hash to password using β€œsha-1”\ (password = sha-1(hash-result)) :

83874343435092cb681c0d558a84bfeb389c32ed