sameer fakhoury
  • Home
  • CTF Writeups
  • Course Summaries
  • Cyber Reports
  • Articles
  • Event Notes
  • About Me
BLOGPOST2

BLOGPOST2

  • the first BLOGPOST was easy, now let’s start playing as a G, My WebSITe is rich with writeups
  • A = organization name
  • B = entropy of the founded text ( flag will have first digit only)
  • C= last team I joined in 2023
  • D= in front your eyes
  • FLAG={A_B_C_D}
  • wrap the flag in BAU{}
    • 💡
    FLAG :
  1. search for sameer fakhoury "website” on google and see any related information
    2. image
  2. let’s open it → https://www.linkedin.com/posts/sameer-fakhoury-67217426a_ctf-capturetheflag-cybersecurity-activity-7119729690361098241-jM7a?trk=public_profile_like_view
    3. image
  3. as we see there it is the website → https://sameerfakhoury.blogspot.com/ - let's open it
      4. image
    1. FLAG → {YoU_FoUnD_mE!} → that was the flag for the first BLOGPOST question
  4. now let’s check if there are any related information in the blog → there is a tag named CTF-Lab and that’s suspicious cause it’s not related to any other labels as competitions or websites or training CTF
      5. image
    1. going to CTF-Lab
  5. there is only one blog and it talks about a story like why a story in a blog for writeups ?? also suspicious
    6. image
  6. open this page we will see some information
      7. image
    1. there is a fragmented flag that says {LOL_YOU_THOUGHT_YOU_FOUND_ME} and a picture but they are not related to the flag
    2. but the URL is suspicious → long long format
      3. image
  7. go to cyberchef → https://gchq.github.io/CyberChef/
      8. image
    1. URL decoding + base32 → gives us the link to → https://www.linkedin.com/in/sameer-fakhoury-67217426a/ and the value of D : URLdeccoding
  8. going to https://www.linkedin.com/in/sameer-fakhoury-67217426a/ to the education section
      9. image
    1. we found a suspicious text
  9. go to cyberchef → https://gchq.github.io/CyberChef/
      10. image
    1. as we see we encoded it base32 → we found a text : You Found Me What is the name of the organization where I participated in the Security Analyst bootcamp?
  10. going back to the question → “entropy of the founded text ( flag will have first digit only)” so we will found the entropy for the founded text in cyberchef → https://gchq.github.io/CyberChef/
      11. image
    1. it’s 4
    2. extra note: Entropy is a measure of information. Entropy of English test is the average number of bits per letter of the text that will be required to translate the language into binary bits.
  11. going back to the founded text You Found Me What is the name of the organization where I participated in the Security Analyst bootcamp? going back to https://www.linkedin.com/in/sameer-fakhoury-67217426a/ to see posts
      12. image
    1. it’s VTF
  12. at the end we will search for → last team I joined in 2023 → going back to https://www.linkedin.com/in/sameer-fakhoury-67217426a/ to see experience
      13. image
    1. GDSE
  • BAU{VTF_4_GDSC_URLdeccoding}

©sameer fakhoury

GitHubLinkedIn