CyberKavach QuestCon Series: The Hawkins Incident

-

 

The Hawkins Incident (OSINT)


Welcome back to the PCCOE OWASP Student Chapter's official write-up series for CyberKavach QuestCon! This time, we're diving into the multi-stage OSINT challenge "The Hawkins Incident," created by Ayush Jayatkar.

This challenge was a three-round journey tracking a strange energy surge from Hawkins National Laboratory.

Challenge Details

  • Description: A strange energy surge has been detected once again at Hawkins National Laboratory. Encrypted data is spreading across digital realms — the Normal World and the Upside Down. As an investigator, your task is to track these transmissions, decode the secrets, and close the gate before the Upside Down consumes Hawkins.

  • Flag Format: questCON{STRANGERPYERS_3DEFEAT}


Walkthrough

This investigation was split into three distinct rounds to find the username, password, and the final flag.

Round 1 – The Labgate

  • Goal: Find the password for Round 3.

  • File: Round1.html

  1. Opening Round1.html showed a page with an image. The first step was to check the page's source code (Ctrl + U). This revealed a hidden comment: ``.

  2. Following the hint, we downloaded the image from the <img> tag.

  3. Using a steganography tool (like StegOnline), we extracted hidden text from the image.

  4. The extracted text was a ROT13-encoded string: cnffjbeq=ynontngr1983.

  5. Decoding this with ROT13 gave us the password.

    • Password: labgate1983

Round 2 – The Hidden Transmission

  • Goal: Find the username.

  • File: Round2.html

  1. This page provided a clue.txt file, which contained a long string of binary.

  2. Using a Binary-to-Text converter, we decoded the string, which revealed a URL: https://i.postimg.cc/5tV3pW8n/Round2-metadata.png.

  3. We downloaded this image and inspected its metadata using exiftool or an online viewer.

  4. The Artist metadata field contained a new ciphertext: 5@CD D:7@C 56E 4@?E>.

  5. This string is encoded with ROT47. Decoding it revealed the username.

    • Username: hawkins_1983

Round 3 – The Upside Down Terminal

  • Goal: Combine both halves of the final flag.

  • File: hawkins_terminal.zip

After unzipping the file (using the password labgate1983), we found a directory with two sub-folders:

  1. normal_side/: This folder contained a file with the first part of the flag: STRANGER.

  2. upside_down/: This folder contained a locked archive and a hint file. The hint provided a long hex ciphertext and a key:

    • Ciphertext: 8ebf7404c4d8eda27410d2c68a

    • Key: dee631569787 (The hint specified the key was the part after the #)

  3. The solution was to perform an XOR decryption between the ciphertext and the key.

  4. XORing these two hex values (e.g., using an online tool like CyberChef) resulted in the second half of the flag: PYERS_3DEFEAT.


Final Flag

By combining the clues from the normal_side/ and the upside_down/, we get the complete flag:

questCON{STRANGERPYERS_3DEFEAT}

Congratulations to all the investigators who successfully closed the gate! We'll see you in the next write-up.

Comments

Post a Comment

Popular posts from this blog

CyberKavach QuestCon Series: Upside-Down Vault

-
Image
  🧩 CTF Write-Up: Upside-Down Vault Author: Sai Veer Flag Format: QUESTCON{...} Challenge Type: Multi-Layer Crypto + Stego + Web Service Difficulty: Medium–Hard 🗃️ Files Provided encrypted_flag.bin layer1_puzzle.json layer2_blob.json layer2.enc privkey.enc vault.py vault_pub.pem vault_secret.png 🧠 Challenge Overview The challenge consists of: 3 cryptographic layers 1 steganographic HMAC extraction 1 server verification stage The flag is revealed only after: Extracting the hidden HMAC secret from vault_secret.png . Solving all cryptographic layers. Using the recovered secrets to correctly sign and “seal” a request to the local server ( vault.py ). Finally, retrieving the decrypted flag from /sealed . 🧩 Step-by-Step Walkthrough Step 1 — Extract HMAC Secret from PNG The image vault_secret.png hides an HMAC key in its LSBs. Why The server expects this secret in ctf_secret/secret_mac . It’s later used to generate HMAC signatures for ...
Read more

From Open Networks to Safe Systems: How Firewalls Block the Hacker’s Doorway

-
Image
From Open Networks to Safe Systems: How Firewalls Block the Hacker’s Doorway   In the digital world, every message, photo, and online payment travels through an invisible web of connections called computer networks. Think of it as a massive postal system where billions of tiny data packets constantly move between devices, routers, and servers, each carrying a specific destination address. Just as houses have numbered addresses, every device on a network has an IP address. But instead of physical doors, computers have virtual ones called ports. These are entry and exit points that decide what kind of data can pass through. Some of these digital doors, like those used for websites or emails, need to stay open. Others, if left unlocked, can become invitations for attackers. That is where firewalls come in. A firewall acts as a vigilant security guard at your network’s gate. It checks who is knocking, what they are carrying, and whether they are allowed inside. Home routers do this qui...
Read more

CyberKavach QuestCon Series: VecNet

-
Image
  VecNet Welcome back to the official write-up series for CyberKavach QuestCon! The PCCOE OWASP Student Chapter is here to analyze one of the most fascinating challenges in our event — VecNet, an LLM Jailbreaking and Prompt Injection challenge inspired by Stranger Things. Category: LLM Jailbreaking / Prompt Injection Author: Chirag Ferwani VecNet is an interactive LLM jailbreak challenge inspired by Stranger Things. Players interact with Eleven’s neural assistant deployed in the Upside Down, attempting to extract a hidden flag through creative prompt engineering. The system looks like a Stranger Things knowledge assistant but secretly hides a flag that challengers must extract. Challenge URL: ( https://vecnet.onrender.com ) When you open the challenge, you see a minimal chat interface with a terminal-style monospace font, real-time messaging without chat history, a dark Stranger Things aesthetic, and an input field with a send button. Testing the basic functionality shows that the ...
Read more