1411, 2021

K3RN3L CTF 2021: Kiddie Pool – 3in1 / Writeup

Ulli Weichert/ November 14, 2021/ hacking, IT-Security, Write-Ups/ 0Kommentare

3in1 Description Like Nescafeeeee! Attachments https://ctf.k3rn3l4rmy.com/kernelctf-distribution-challs/nescafeee/AES.py Todos To decrypt the string in the given AES.py script (String is in scriptfile as a comment). from Crypto.Cipher import AES from Crypto.Hash import SHA256 f = open('progress.txt', 'r') password = ("abda") hash_obj = SHA256.new(password.encode('utf-8')) hkey = hash_obj.digest() def encrypt(info): msg = info BLOCK_SIZE = 16 PAD = "{" padding = lambda s: s

Weiterlesen

1111, 2021

DamCTF 2021: rev – seed / Writeup

Christian Leipold/ November 11, 2021/ IT-Security, Write-Ups/ 0Kommentare

DamCTF 2021 rev/seed m0x Having a non-weak seed when generating "random" numbers is super important! Can you figure out what is wrong with this PRNG implementation? seed.py is the Python script used to generate the flag for this challenge. log.txt is the output from the script when the flag was generated. What is the flag? Downloads log.txt seed.py Given was

Weiterlesen

1111, 2021

DamCTF 2021: malware – sneaky-script / Writeup

Christian Leipold/ November 11, 2021/ IT-Security, Write-Ups/ 0Kommentare

DamCTF 2021 malware/sneaky-script (forensics/rev) captainGeech We recovered a malicious script from a victim environment. Can you figure out what it did and if any sensitive information was exfiltrated? We were able to export some PCAP data from their environment as well. Downloads files.zip Given was a pcap file and a bash script. -rwxr-xr-x 1 root root 516 5. Nov 05:35

Weiterlesen

1111, 2021

DamCTF 2021: misc – bad-patterns / Writeup

Christian Leipold/ November 11, 2021/ IT-Security, Write-Ups/ 0Kommentare

DamCTF 2021 misc/bad-patterns BaboonWithTheGoon A hacker was too lazy to do proper encryption. However, they left us some examples of how their encryption "algo" was supposed to work. original text : "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris

Weiterlesen

2610, 2021

DEADFACE CTF 2021: Steganography8 – Syncopated Beat / Writeup

Marco Schmidt/ Oktober 26, 2021/ IT-Security, Write-Ups/ 0Kommentare

Syncopated Beat Points 300 Description We know there’s a hidden message somewhere here, but none of our steg tools are able to reveal it. Maybe we need to think outside the box? It is a well-known fact that demons sometimes hide messages in music. Demons speak lyrics to the musicians, and the demons insinuate their evil messages into the song.

Weiterlesen

2610, 2021

DEADFACE CTF 2021: Steganography9 – Spectres / Writeup

Marco Schmidt/ Oktober 26, 2021/ IT-Security, Write-Ups/ 0Kommentare

Spectres Points 450 Description We intercepted this image from a suspected insider threat at De Monne Financial. It looks like parts of the image were cut out, but based on conversations between DEADFACE and the insider, we believe DEADFACE’s wallet address is hidden in this image. Image Getting the flag Take the picture to https://aperisolve.fr/ -> Just read the flag

Weiterlesen

2610, 2021

Command Injection – Usable payloads

Ulli Weichert/ Oktober 26, 2021/ hacking, IT-Security/ 0Kommentare

Useful payloads Here are some valuable payloads for both Linux & Windows command injection on a vulnerable web-application. Feel free! Linux Payload Description whoami See what user the application is running under. ls List the contents of the current directory. You may be able to find files such as configuration files, environment files (tokens and application keys), and many more

Weiterlesen

1810, 2021

DEADFACE CTF 2021: Cryptography2 – Poor MEGAN! / Writeup

Ulli Weichert/ Oktober 18, 2021/ IT-Security, Write-Ups/ 0Kommentare

Poor MEGAN! Points 20 Description Oh, NO! Poor Megan! She’s just been bitten by a ZOMBIE! We can save her if we act fast, but the formula for the antidote has been scrambled somehow. Figure out how to unscramble the formula to save Megan from certain zombification. Enter the answer as flag{here-is-the-answer}. The formula for the antidote: j2rXjx9dkhW9eLKsnMR9cLDVjh/9dwz1QfGXm+b9=wKslL1Zpb45 Getting the

Weiterlesen

1810, 2021

DEADFACE CTF 2021: Exploitation3 – Password Insecurities / Writeup

Ulli Weichert/ Oktober 18, 2021/ IT-Security, Write-Ups/ 0Kommentare

Password Insecurities Points 50 Description It looks like DEADFACE is going after the password of one of De Monne’s customers: Haily Poutress. She has since changed her password, but De Monne is looking for ways to improve password requirements. De Monne would like you to crack the password from the database leak to determine if Haily’s password was secure enough.

Weiterlesen

1810, 2021

DEADFACE CTF 2021: Forensics7 – Blood Bash 4 / Writeup

Ulli Weichert/ Oktober 18, 2021/ IT-Security, Write-Ups/ 0Kommentare

Blood Bash 4 Points 200 Description A sensitive file from De Monne was exfiltrated by mort1cia. It contains data relating to a new web portal they’re creating for their consumers. Read the contents of the file and return the flag as flag{flag_goes_here}. Username: bl0ody_mary Password: d34df4c3 bloodbash.deadface.io:22 Get the flag We find a sus file in the homedirectory of the

Weiterlesen