My CTF task for the HackIT 2016 battle

Recently, a great hacker event took place in Ukraine, called HackIT. It is a cybersecurity forum with a large international Capture The Flag (CTF) competition. Being one of the speakers, I decided to donate a realistic CTF challenge to the “hacker battle”. As a result, my task appeared to be hard, probably because of the time constraints, though I still consider it as an easy but very interesting one. Below you can find the description:

Congrats, you are an awesome hacker! Your phishing email was successful. By pretending to be the Facebook’s support team, you managed to get account credentials, both login and password, of your target – famous Peter Parker. Though, could you successfully use this information and break into his account? Prove it!

This is the original response to the phishing email:

email_from_peter

And this was the target’s account:

account_of_peter

Finally, all participants were warned to use ONLY the provided URL when attempting to login to the account (not any of the original Facebook ‘s pages): http://the_actual_challenge_url

During the competition, the actual URL took hackers to the following dummy page:

dummy_fb_page

Of course, just entering the credentials results in the same “Sorry…” message. Any guess, why?..

The solution goes below.


Coming soon…

Leave a Reply

Your email address will not be published. Required fields are marked *