Bookface

Before we start, read more about following tools & vulnerabilities. It will contains in this CTF hydra screen - CVE-2017-5618 knock and also you can read more about additional security method called port knocking So let’s start as usual with nmap. nmap -F --top-ports 10 -sV 10.10.219.90 Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-10 16:37 CET Stats: 0:00:07 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 0....

February 10, 2020 · 8 min · Matus Bursa

Daily Bugle

Hi guys, today we look at CTF called Daily Bugle and we try to gain root priviledges. :) Let’s play. NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read this post! [Task 1] First question is pretty simple. Open the article and you can find the answer Access the web server, who robbed the bank? spiderman [Task 2] $ curl http://10.10.86.172/media/system/js/mootools-more.js 2>/dev/null | grep MooTools.More MooTools.More={version:"1.4.0.1",build:"a4244edf2aa97ac8a196fc96082dd35af1abab87"};(function(){Events.Pseudos=function(h,e,f){var d="_monitorEvents:";var c=function(i){return{store:i....

February 6, 2020 · 6 min · Matus Bursa

Impossible Password

Welcome here in new year, I would like to introduce one of easy CTF in reverse engineering category radare2 [gdb] $ r2 ./impossible_password.bin [0x004006a0]> aaa ... [0x004006a0]> afl 0x004006a0 1 41 entry0 0x00400610 1 6 sym.imp.__libc_start_main 0x004005f0 1 6 sym.imp.putchar 0x00400600 1 6 sym.imp.printf 0x00400620 1 6 sym.imp.srand 0x00400630 1 6 sym.imp.strcmp 0x00400650 1 6 sym.imp.time 0x00400660 1 6 sym.imp.malloc 0x00400670 1 6 sym.imp.__isoc99_scanf 0x00400680 1 6 sym.imp.exit 0x00400690 1 6 sym....

January 27, 2020 · 2 min · Matus Bursa

OSCE Prologue or How to get Secret key to CTP?

If you want to register to CTP, you will need something they call Registration Code and Secret Key. So firstly, there is interesting file /fc4.js function fc4me(srvstr) { if(!document.pleazfc4me.email.value || !document.pleazfc4me.securitystring.value) { alert("Please fill in all the required fields!"); return false; } if(document.pleazfc4me.securitystring.value != hexMD5("\x74\x72\x79\x68\x61\x72\x64\x65\x72"+srvstr)) { alert("Registration Authorization String not accepted! Try Harder! "); return false; } else { document.pleazfc4me.submit(); } } So all you need to do is setup some js variables in browser console and call fc4me(srvstr)...

January 22, 2020 · 3 min · Matus Bursa