TCS HACKQUEST SEASON 8 EXPERIENCE
Hello cyber geeks! Today, I’m thrilled to share my journey through the exhilarating rounds of TCS hackquest season 8. From the intense challenges of round 1 to the strategic maneuvers of round 2, this experience has been nothing short of thrilling. Join me as I delve into the world of hacking, strategy, and problem-solving in one of the most prestigious hacking competitions.
I have solved 5 Challenges in round 1 and 3 in round 2. Let’s look in to them.
ROUND 1
This round was held on 27 Jan 24, We had 6 hours to solve the challenges and 2 hours to make a report. I had a rough start at first, but eventually solved a few. Other challenges were also easy but due to pressure at the time I was unable to solve them. But had a great experience solving them.
Web Chronicle
This challenge was about analysing multiple JSON files.
To solve it my first instinct was to use strings and find words flag or HQ8.
Command: cat * | grep “HQ8”
This gave me a pastebin url, which might possibly contain flag.
By visiting the URL provided, we can see encoded flag.
For decoding the flag, use cyberchef and by line 6 we can assume the encoding was base85 ( 17 times 5 = 85).
Cloak and Dagger
This challenge was about server certificates. Its just simple as viewing the details of cert to get the flag.
Binary Heist
This was a challenge about binary. There was a binary file given to us.
First we need to make it as executable.
Command:chmod +x Binary\ Heist
The binary checks if the provided flag is correct or not.
For reverse engineering this binary we can use multiple tools like IDA, Binary Ninja, Ghidra. I have used online tool Decompiler Explorer, which gives me access to all the tools.
By decompiling it, we can see the flag.
Miss Magic
This challenge was regarding the magic bytes which we can tell by its name.
The given PNG image file was corrupted.
Let us view the hex code.
The real PNG hex code is “89 50 4E 47 0D 0A 1A 0A”. So lets change the first 8 bytes of file. We can use hexed (an online hex editor).
Now by saving the file and exporting. We can open the image. This also does not work.
By reviewing documentation from wikipedia of PNG, the file is also missing IHDR chunk length.
Let’s add the IHDR size “00 00 00 0D”.
Exporting the file will give us final image of flag.
Data Bandit
This challenge was hugely based on programming skills.
For this I have created a python script, which will extract the flag from text file.
You can find the code here.
After 10 days, I got a mail that I have been shortlisted for round 2🎉.
ROUND 2
This round was held same as previous, but we were asked to join a microsoft teams which was proctored. We were given time span of 2 hours to solve the challenges. Initially there were 3 challenges and 2 were added as time progressed.
Request Tracker
This challenge had a website which has traceroute functionality.
Let us catch the request and changing the subdomain.
This returned “sub-domain not found, use PATCH”
Changing the method to PATCH will give “PATCH method can only be done through localhost”
We can use “X-Forwarded-For: 127.0.0.1”. This will give us the flag.
Office Leaks
This challenge has a image file which was cropped out.
By opening this file in hexed. We can find “ff c0” bytes and after 3 bytes of this there will be 4 bytes (2 bytes of img height, 2 bytes of img width).
Now we will increase the height of image by changing the bytes “ff c0 00 11 08 05 F5” to “ff c0 00 11 08 10 F5”.
Exporting and saving the file will give us the flag.
Kohra
This challenge was about QR code. The given file had QR code but is missing top right corner.
We can use any image tool to copy the cube from other corner. I have used greenshot tool (which is very helpful for creating notes too).
By using online QR reader.
We can decrypt this using cyberchef to get our flag.
Interview
Exactly 10 days later, I recieved a mail that I was shortlisted for TCS Digital, and I had attended the interview in office, which went very smoothly. It was quite a good experience.
TCS also had invited Top 10 for award cermony which was held on HYD campus on 29 feb 24. Sadly I was not in top 10.
Few weeks later, I have recieved a mail about my selection to TCS Digital role🎉🎉.
If you have any queries or want to connect with me, feel free to reach out to me.
LinkedIn : https://www.linkedin.com/in/rohithboya/
