I Solved a CTF challenge on my 1st Round of an Interview Process
Hi, Ajak Amico! Welcome back to another blog. Today I will share an experience where I needed to solve a CTF challenge in order to clear my first round, Before starting, if you haven’t subscribed to our channel, do subscribe, guys. Contents related to cyber security, Bug Bounty, and Digital Forensics Investigation.👇
Follow our Youtube Channel: @ajakcybersecurity (361Videos)
Follow on Instagram: AjakCybersecurity
As you know I am applying for job roles in the cybersecurity domain, so there was one company named ‘Cybersift’ they were hiring for a ‘ Pentester / SOC Analyst role, they had two options to clear the first round.
- Submit your resume and CV, via mail so they shortlist you.
(OR)
- Complete a CTF challenge, your resume will be directly sent to the working team.
Now, I know I can able to complete the CTF challenge very easily, and they gave a hint stating, ‘The Flags are in the browser and you can use any tool you need’ I came to know it’s a simple web challenge,
Method 1: (Fail)
I tried to use the Robots.txt directory but resulted in a 404 Error
Method 2: (Fail)
I tried to use Directory brute-forcing using ‘dirsearch’, but nothing worked.
Method 3: (Pass✅)
I remained calm opened Burpsuite sent the ‘https://careers.cybersift.io/careers’ request and captured the response in Burp, to my surprise I was able to see two header files,
’ X-FLAG and DATA-Flag’ both flags started with ‘ey’ which confirmed it was base 64 encoded
Immediately opened the Cyber Chef website, pasted the strings and decrypted the strings. the answer was.
The first flag, identified as x-flag, was decoded from Base64, revealing the message: “It often and on again?”
The second flag, known as data-flag, decoded from Base64, provided the message: “Have you tried turning.”
I was super excited to send the answers along with my resume to the hiring team,
But after sending it there was no response from their side. after a week I replied to them again stating any updates.
and the next day this was a response from their side.
Well, I found all the flags correctly, they just combined both of them. And yeah, finally no use, as they already filled their positions, Anyway that was so Interesting when I solved it and waited for a positive response. but unfortunately, I couldn't land on it. :) See ya meet you in the next blog, don't forget to follow our Instagram handle, for daily posts regarding bug bounty and cybersecurity.
PS: For any Recruiters or any cybersecurity employees seeing this blog, if there is any position/role in the cybersecurity or digital forensics domain in your organization, kindly ping me via ajakcybersec23@gmail.com, Many thanks🙌
— — — — — — — — — — — — — — — — — — — — — — — — — — — — —
“கற்றவை பற்றவை🔥”
Learn Everyday, Happy Hacking 😁🙌
https://www.buymeacoffee.com/Ajak
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Follow our Youtube Channel: @ajakcybersecurity
Follow on Instagram: @ajakcybersecurity.
