Final Project for Cybersecurity 2021-22 @ Stuyvesant
Cicada 3301 inspired CTF, delving into topics like image steganography, dirbuster, and encryption.
Website is built on React + Node.js
npm i to install all required dependencies
npm start to start up the local development server
all project notes: https://docs.google.com/document/d/19O1Jv3exhyIJpb1WKHl87LLgp-Q_c6ybfzy4AhoCXrA/edit?usp=sharing
main website: http://147.182.222.18/
presentation: https://docs.google.com/presentation/d/1xV6mxhSRTAj6tqIDWGwMXITd-NGWjXFUWJLZND4w5QM/edit#slide=id.p
Continued making progress with the test walkthrough to ensure that our process works. Created a .jpg file embedded with a .txt to binwalk and steghide the .txt file out
Adding functionality to login page, creating react context to store isLoggedIn so /code will redirect back to /login if not authenticated.
Downloaded steghide on DigitalOcean machine and embedded .txt file into .jpeg. Continued working on the test walkthrough to ensure that the CTF runs smoothly.
Modified website to use craco and tailwindcss
Finished checking the walkthrough for the first half of the CTF and started learning BurpSuite for the presentation
Downloaded OBS to record SoundCloud audio. Finalized steps for the first part of the CTF.
Continued work on main webpage, ensuring dirbuster works on site so that puzzle works out.
Created the audio file and the text file to encode/steghide into an image.
Used steghide to create the duck image with the txt file embedded in it using a password.
Debugging netlify issues, where pushing to github would not show changes on netlify production site. Continue to work on making vulnerability for burpsuite to exploit in site.
Completed the first chapter of the CTF. Got started with learning Burp Suite for the presentation and the second chapter of the CTF.
Fixed errors found in the prepared process for the first chapter of the CTF. Began the presentations for the second half of the CTF.
Remade netlify, fixing deployment to production issues.
Finished everything else including the 3D texts, getting the gcode, making the presentation, learning Burp Suite, learning how to do an SQL injection attack on Burp Suite, making the new web pages for the Burp Suite login and the g code and the final page, setting up pm2 and nginx on digitalocean, fixed the netlify issue thats been bugging us for a good week, literally everything. Current time: 4:35AM