NahamCon CTF 2022 / Wizard

Ulli Weichert/ Mai 3, 2022/ IT-Security, Write-Ups/ 0Kommentare

Wizard You have stumbled upon a wizard on your path to the flag. You must answer his questions! PS (not challenge related), thank you so much to Hadrian for supporting NahamCon 2022! Press the Start button on the top-right to begin this challenge. Solving To solve this challenge, you need to connect to your own instance via netcat. Then you

Weiterlesen

NahamCon CTF 2022 / EXtravagant

Ulli Weichert/ Mai 3, 2022/ IT-Security, Write-Ups/ 0Kommentare

EXtravagant I’ve been working on a XML parsing service. It’s not finished but there should be enough for you to try out. The flag is in /var/www Press the Start button on the top-right to begin this challenge. Solving To solve this one, we need to upload our own malformed XML document (XML external entity (XXE) injection). Create a XML

Weiterlesen

JerseyCTF 2022 / crypto – would-you-wordle

Ulli Weichert/ April 10, 2022/ IT-Security, Write-Ups/ 0Kommentare

would-you-wordle Points: 250 Someone left this secret text string and unfinished Wordle. Can you put them together to get the flag? pUpPHg3KfB15MG2KGtQQMDEECPOF8oa3VA== Solving Okay lets have a look at it. The hint tells us something about "Ron’s code". This should be RC4 according to this: RC4 (for ‚Ron’s Code 4‘) is a stream cipher developed by Ronald L. Rivest in

Weiterlesen

picoCTF 2022: forensics – Torrent Analyze

Ulli Weichert/ April 5, 2022/ IT-Security, Write-Ups/ 0Kommentare

Torrent Analyze Description SOS, someone is torrenting on our network. One of your colleagues has been using torrent to download some files on the company’s network. Can you identify the file(s) that were downloaded? The file name will be the flag, like picoCTF{filename}. Captured traffic. Solving Loading the pcap file into wireshark and started looking at it. At the beginning

Weiterlesen

picoCTF 2022: forensics – St3g0

Ulli Weichert/ April 5, 2022/ IT-Security, Write-Ups/ 0Kommentare

St3g0 Description Download this image and find the flag. Download image Solving Looking at the hint We know the end sequence of the message will be $t3g0. Okay, I did some google research with that $t3g0 and found an interessting article. Downloaded the script from the github repo run it with the image FLAG 🙂 #import libraries import sys import

Weiterlesen

picoCTF 2022: Crypto – substitution challenges

Ulli Weichert/ April 4, 2022/ IT-Security, Write-Ups/ 0Kommentare

Substitution Challenges Because this challenges are all very similar, we will not describe them in own articles 🙂 . Solving Substitutions cypher replace the 26 letters of an alphabet with other letters (one letter matches only one other). If you can find out which letter was replaced with which letter, then you can crack this cypher relatively easily. The best

Weiterlesen

picoCTF 2022: Crypto – rail-fence

Ulli Weichert/ April 3, 2022/ IT-Security, Write-Ups/ 0Kommentare

rail-fence Description A type of transposition cipher is the rail fence cipher, which is described here. Here is one such cipher encrypted using the rail fence with 4 rails. Can you decrypt it? Download the message here. Put the decoded message in the picoCTF flag format, picoCTF{decoded_message}. Solving So – there is everything we need to know in the challenge

Weiterlesen