Inclusion

Hi guys, after long time I have 5 minutes for playing game, so let’s play. I see new game called Inclusion with describe A beginner level LFI challenge. Yes, this is something I want to play and have been done quick. So I am starting VPN tunnel to our playground and click on magic button Deploy machine. As always first scan ports opened on the machine. $ nmap -T4 -sV 10....

March 16, 2020 · 3 min · Matus Bursa

Blue

Hello everyone, today we look at the CTF with MS17-010 vulnerability. So let’s start with nmap scan. $ nmap -sV -p0-1000 --script vuln 10.10.223.243 Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-12 14:40 CET Nmap scan report for 10.10.223.243 Host is up (0.043s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC |_clamav-exec: ERROR: Script execution failed (use -d to debug) 139/tcp open netbios-ssn Microsoft Windows netbios-ssn |_clamav-exec: ERROR: Script execution failed (use -d to debug) 445/tcp open microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP) |_clamav-exec: ERROR: Script execution failed (use -d to debug) Service Info: Host: JON-PC; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: |_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED |_smb-vuln-ms10-054: false |_smb-vuln-ms10-061: NT_STATUS_ACCESS_DENIED | smb-vuln-ms17-010: | VULNERABLE: | Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) | State: VULNERABLE | IDs: CVE:CVE-2017-0143 | Risk factor: HIGH | A critical remote code execution vulnerability exists in Microsoft SMBv1 | servers (ms17-010)....

February 12, 2020 · 13 min · Matus Bursa

Bookface

Before we start, read more about following tools & vulnerabilities. It will contains in this CTF hydra screen - CVE-2017-5618 knock and also you can read more about additional security method called port knocking So let’s start as usual with nmap. nmap -F --top-ports 10 -sV 10.10.219.90 Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-10 16:37 CET Stats: 0:00:07 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 0....

February 10, 2020 · 8 min · Matus Bursa

Daily Bugle

Hi guys, today we look at CTF called Daily Bugle and we try to gain root priviledges. :) Let’s play. NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read this post! [Task 1] First question is pretty simple. Open the article and you can find the answer Access the web server, who robbed the bank? spiderman [Task 2] $ curl http://10.10.86.172/media/system/js/mootools-more.js 2>/dev/null | grep MooTools.More MooTools.More={version:"1.4.0.1",build:"a4244edf2aa97ac8a196fc96082dd35af1abab87"};(function(){Events.Pseudos=function(h,e,f){var d="_monitorEvents:";var c=function(i){return{store:i....

February 6, 2020 · 6 min · Matus Bursa

Impossible Password

Welcome here in new year, I would like to introduce one of easy CTF in reverse engineering category radare2 [gdb] $ r2 ./impossible_password.bin [0x004006a0]> aaa ... [0x004006a0]> afl 0x004006a0 1 41 entry0 0x00400610 1 6 sym.imp.__libc_start_main 0x004005f0 1 6 sym.imp.putchar 0x00400600 1 6 sym.imp.printf 0x00400620 1 6 sym.imp.srand 0x00400630 1 6 sym.imp.strcmp 0x00400650 1 6 sym.imp.time 0x00400660 1 6 sym.imp.malloc 0x00400670 1 6 sym.imp.__isoc99_scanf 0x00400680 1 6 sym.imp.exit 0x00400690 1 6 sym....

January 27, 2020 · 2 min · Matus Bursa