awesec.com
n00bs CTF Labs Write-Up | aweSEC
http://www.awesec.com/writeups/n00bs_ctf/n00bs_CTF.php
N00bs CTF Labs by Infosec Institute - Write-Up. Recently launched a small CTF consisting of 15 mini challenges. Since this CTF was aimed towards beginners, I've included are little more details and references in my solutions and the setup than I usually do in my write-ups, with the hope that it might be useful for those who have not much experience in CTFs and penetration testing. For most challenges I have used Burp Suite. For Levels 6 and 13 I used Wireshark. May the source be with you! Copying that st...
tiagoalexandre.com
Infosecinstitute CTF 2 - LEVEL 3
http://www.tiagoalexandre.com/security/ctf/2015/07/01/Level-3
Infosecinstitute CTF 2 - LEVEL 3. This will be solution for Level 3 Practical Web Hacking. In this level we are told to attept a privilege escalation, the objective is to register a user with an ADMIN role, and exploit a Data Validation. We are told that the information is saved in text file, from this information we can assume that the several fields are some home separated by different chars souch as $ # etc. Their are many ways to implement this functionality the ones i suspected were:. The only field...
icheernoom.blogspot.com
ICheer_No0M: n00bs CTF Labs by Infosec Institute Write-up
http://icheernoom.blogspot.com/2015/03/n00bs-ctf-labs-by-infosec-institute.html
N00bs CTF Labs by Infosec Institute Write-up ICheer No0M. Hacking Security Analysis CTF Write-up. วันพฤหัสบดีที่ 12 มีนาคม พ.ศ. 2558. N00bs CTF Labs by Infosec Institute Write-up. Infosec Institute n00bs CTF Labs. Root@ubuntu: # curl -s http:/ ctf.infosecinstitute.com/levelone.php grep flag! Infosec flagis welcome - root@ubuntu: #. Paste URL of QRCODE Image to http:/ zxing.org/w/decode.jspx. And result as morse code. HTTP Header of http:/ ctf.infosecinstitute.com/levelfour.php. Root@ubuntu: # strings app...
tiagoalexandre.com
Infosecinstitute CTF 2 - LEVEL 8
http://www.tiagoalexandre.com/security/ctf/2015/07/02/Level-8
Infosecinstitute CTF 2 - LEVEL 8. This will be solution for Level 8 Practical Web Hacking. This level we have file upload Unrestricted file uploads. Form, the objective is to bypass the protection in place and find a way to upload and execute our javascript payload. The vulnerabilities are usualy about the detection of the file type, the usual implementations are:. File type based on extention (the worst kind there is! After creating a file with wour payload with png extension.
tiagoalexandre.com
Infosecinstitute CTF 2 - LEVEL 10
http://www.tiagoalexandre.com/security/ctf/2015/07/02/Level-10
Infosecinstitute CTF 2 - LEVEL 10. This will be solution for Level 10 Practical Web Hacking. This level we have a browser game, the objective is to find a way to win the game wihout losing to much time. This level is very similar to level 1, in the way that nothing in the users side should be trusded, so here’s what we need to do. Find out how the game stores its scorres, and how it’s sync’d to the server (if it is). Inspect the html and see if we can find clues on how the game works.
tiagoalexandre.com
Infosecinstitute CTF 2 - LEVEL 9
http://www.tiagoalexandre.com/security/ctf/2015/07/02/Level-9
Infosecinstitute CTF 2 - LEVEL 9. This will be solution for Level 9 Practical Web Hacking. This level we are told that we have a broken Session management. As i explained in level 5 this usualy means we have a broken session id, and the usual flaws are:. Depercated hashing algorithm like md5,md4 sha1 etc. Unsafe session ids based on time or user imput.
kotowski.com
Blog
https://www.kotowski.com/blog
Capture the flag (Infosec Institute n00bs CTF Labs). Published: 15 March 2015. From the welcome page at http:/ ctf.infosecinstitute.com/. I decided to try this challenge when a friend mentioned it to me. It was quite challenging! Here are my results. The clue on level 1 is a picture of Yoda with the text "May the source be with you! This, of course, led me to view the source. After doing so, I noticed the first commented line:. I downloaded the corrupted file and opened it with notepad. Level 4 shows a p...
556forensics.com
March 2015 - 556 Forensics
http://www.556forensics.com/2015/03
Now browsing by month. On March 31, 2015. Light It Up Blue – Autism Awareness. On April 2, I will turn the background of the 556 Forensics page blue, in support of the Light It Up Blue autism awareness program that is put on by the Autism Speaks. I will provide links below to aid you in discovering more about what autism and asperger syndrome is, and hopefully you to, will have the chance to meet a completely mind-changing person with one of these spectrum conditions. Autism Society of America. I have al...
tiagoalexandre.com
Infosecinstitute CTF 2 - LEVEL 13
http://www.tiagoalexandre.com/security/ctf/2015/07/02/Level-13
Infosecinstitute CTF 2 - LEVEL 13. This will be solution for Level 13 Practical Web Hacking. This level we are told that we have to find a way to redirect our selfs to other domain, this means that we need to exploit a Unvalidated Redirect or Forward. The the information we need is given to us after the last level as seen in the picture. We can try to excute a direct redirect with the same parameter and the url that we what. Find out if the protection is case senstive.
tiagoalexandre.com
Infosecinstitute CTF 2 - LEVEL 7
http://www.tiagoalexandre.com/security/ctf/2015/07/02/Level-7
Infosecinstitute CTF 2 - LEVEL 7. This will be solution for Level 7 Practical Web Hacking. This level we have a simple login screen, the objective is to exploit a A3 Cross-Site Scripting. This types of vulnerabilities exploit the interpreter in the browser to achieve client site code execution (Javascript). The objective is to inset a html tag with our name in it, for that we need to see some details about the implementation. Break end the hidden tag. Create tag with the required string. Enjoy level 8 :).