Updated: Dec 5, 2022
Two friends of mine and me solved a couple of challagnes in TFC CTF (we solved them together). And in this post, there are writeups for three of them:
CALENDAR - WEB - MEDIUM
We got access to a WordPress website.
Knowing it has something to do with a calendar - while looking around, we tried to notice things that are related to it.
Checking the source code and the HTTP traffic, we saw that this website uses 'modern events calendar lite 5.16.2' plugin.
Searching this plugin in Google showed there is an exploit for this version:
After combining this path with the challenge's URL, a CSV file was downloaded and inside it was the flag:
DEEPLINKS - WEB - EASY
One of my friends in my group solved it.
Deeplinks for iOS and Android are custom URLs that open a specific page or event in a mobile application.
Searching "deeplinks ios" in Google, shows an Apple page explaining deep linking in iOS.
After he accessed the /apple-app-site-association path for the given web application's URL, a file with the deeplink was downloaded and the flag was inside it.
DISCORD SHENANIGANS V2 - MISC - WARMUP
The CTF Discord server had a bot and it was possible to communicate with it.
After requesting the flag in a public channel, it says that the bot is too shy.
After requesting the flag in a private message, it requested to ask nicely.
After asking nicely, the bot gave a hint.
Removing the Zalgo Unicode showed us the actual hint.
There is no such word 'exifltrate'. So we thought, maybe it has something to do with exif, which is metadata that is saved inside image files.
The challenge description said that the answer is in the announcements Discord channel, so we downloaded one of the images in there, used a tool to read the exif data, and we got the flag.