Szczygielka's hacking notes
  • 🚀Welcome
  • 💻Hack The Box Writeups
    • Linux Machines
      • Busqueda
      • Zipping
      • Clicker
      • Pilgrimage
    • Windows Machines
      • Aero
      • Visual
  • 🚩CTFs Writeups
    • KnightCTF 2024
      • OS, Password, IP Addr, Note, Execution, Path of the Executable, Malicious - Forensics
      • Flag Hunt! - Steganography
      • Oceanic - Steganography
      • README - Web
    • TetCTF 2024
      • TET & 4N6 - Misc/Forensics
    • 0xL4ugh CTF 2024
      • Wordpress - 1 - Forensics
      • Wordpress - 2 - Forensics
      • Gamer - 5 - Forensics
    • 1753CTF 2024
      • Resume - Misc
    • UTCTF 2024
      • OSINT 1 - Forensics
      • OSINT 2 - Forensics
      • Contracts - Forensics
      • Survey - Forensics
      • simple signature - Crypto
      • Anti-dcode.fr - Crypto
      • bits and pieces - Crypto
    • RITSEC CTF 2024
      • Curiosity Helped the Cat - Forensics
      • Failed File Transfer - Crypto
      • Dastardly Evil Scientists - Crypto
      • Secret Door - Misc
      • Guess – Reversing
    • Cyber Apocalypse 2024: Hacker Royale
      • Russian Roulette - Blockchain
      • Recovery - Blockchain
      • Primary Knowledge - Crypto
Powered by GitBook
On this page
  • Task
  • Solution
  1. CTFs Writeups
  2. 1753CTF 2024

Resume - Misc

Previous1753CTF 2024NextUTCTF 2024

Last updated 1 year ago

Task

Hi, I'm Mike and this is my resume. Drop me an email if you want to get some flags, cause I got them all...

Solution

We get the following link:

https://cv-13e304e345c1.1753ctf.com/

Let's go to that webpage:

Due to the information on the website to get the flag, we should e-mail Mike. However, the website has no e-mail address, so we must find a way to get it. Examining the elements of the website, we can see that the avatar of Mike leads us to the following URL:

https://www.gravatar.com/avatar/2471b1362bace767fdc0bb9c7e4df686?s=150

This avatar is hosted by the Gravatar. While visiting the Gravatar website, I came across the following code, which states that the avatar name is created by using a SHA256 hash from the email address:

However, something didn't feel right, because the avatar name in the URL was too short and looked like an MD5 hash:

2471b1362bace767fdc0bb9c7e4df686

While searching for information on how to get more details about the Gravatar user, based on the hash of avatar, we came across this article:

It follows that there is a hidden URL route that allows for user enumeration. However, to enumerate our user, we should know his ID or username. We can check the username by navigating to the following URL containing the user's MD5 hash, which should display the Mike's profile:

https://www.gravatar.com/2471b1362bace767fdc0bb9c7e4df686

In the URL we can see that the username is:

keeponrocking7920420bb4

Navigating to the address should reveal more information about the user: 

https://pl.gravatar.com/keeponrocking7920420bb4.json

We did not receive an e-mail address in the JSON data. Probably we will have to guess or use brute force to crack the hash. Let's start with the first option.

Let's assume that the beginning of the e-mail address is connected with the username, that is keeponrocking7920420bb4. We can also conclude that the e-mail address may be associated with the CTF. The official domain of CTF is 1753ctf.com, so we can initially assume that the e-mail address is connected with this domain.

Let's check the MD5 hashes for the e-mails keeponrocking7920420bb4@1753ctf.com and keeponrocking@1753ctf.com:


szczygielka@hacks$ echo -n keeponrocking7920420bb4@1753ctf.com | md5sum
bf036ba50b7aa06ecdfe48a5f67fcb20  -
szczygielka@hacks$ echo -n keeponrocking@1753ctf.com | md5sum
2471b1362bace767fdc0bb9c7e4df686  -

The hash MD5 for the keeponrocking@1753ctf.com e-mail address is the same as in Mike's avatar. So we get the Mike's e-mail address. Now we should send an e-mail to Mike's address to get the flag.

A few minutes later after sending the e-mail, we get a response with the flag:

Flag:

1753c{i_have_dizzz_flagzz_baby}

Comments about this task:

According to from Stack Overflow, Gravatar has historically used an MD5 hashing algorithm to create an avatar name based on an e-mail address.

🚩
information
LogoOnline avatar service Gravatar allows mass collection of user infoBleepingComputer