EZ-CTF2022 / MISC – Wavie Wave

Ulli Weichert/ Mai 7, 2022/ IT-Security, Write-Ups/ 0Kommentare

Wavie Wave solved 200 points Solves: 146 Medium What the hell is this sound that got into my "Chill Bird Vibes Vol XXI" mixtape? https://a.tmp.ninja/oLAHFlds.zip Flag format: EZ-CTF{FULL_MESSAGE} Solving Let’s have a look at the spectogram of this wave file. Maybe there is something hidden 🙂 EZ-CTF{KNOW_YOUR_SPECTOGRAAAAMS}

EZ-CTF2022 / Cryptography – No Kidding

Ulli Weichert/ Mai 7, 2022/ IT-Security, Write-Ups/ 0Kommentare

No Kidding 70 points Solves: 209 Easy No Other Kids Invent Anything like this…lol Flag Format EZ-CTF{WHATEVER_THE_MESSAGE_IS_ALL_CAPS} Solving This looks like Multi-tap or something similar… let’s just use the numbers and see what happens. I’ll use dcode.fr for this. 8/44/444/7777\\\444/7777\\\8/44/33\\\555/2/6/33/7777/8\\\222/8/333\\\333/555/2/4\\\33/888/33/33/33/33/777 T H I S\\I S\\T H E\\L A M E S T\\C T F\\F L A G\\E V E E

Weiterlesen

EZ-CTF2022 / Cryptography – McFly

Ulli Weichert/ Mai 7, 2022/ IT-Security, Write-Ups/ 0Kommentare

McFly 125 points Solves: 14 Easy Riib_fc_I1deo_B1ff3n_Bpz_Yoo_Mdsxfkt_XoPxhatt Flag format: EZ-CTF{D3c0d3d_Message} Solving This is a fun one 🙂 The hint for the challenge is this given picture Okay what do we see here? This is Biff, the oponent of Marty McFly from the back to the future movies… a classic 😀 But something seems off in this picture… in the movie

Weiterlesen

NahamCon CTF 2022 / EXtravagant

Ulli Weichert/ Mai 3, 2022/ IT-Security, Write-Ups/ 0Kommentare

EXtravagant I’ve been working on a XML parsing service. It’s not finished but there should be enough for you to try out. The flag is in /var/www Press the Start button on the top-right to begin this challenge. Solving To solve this one, we need to upload our own malformed XML document (XML external entity (XXE) injection). Create a XML

Weiterlesen

JerseyCTF 2022 / web – apache-logs

Ulli Weichert/ April 10, 2022/ IT-Security, Write-Ups/ 0Kommentare

apache-logs Points: 100 An apache log file that contains recent traffic was pulled from a web server. There is suspicion that an external host was able to access a sensitive file accidentally placed in one of the company website’s directories. Someone’s getting fired… Identify the source IP address that was able to access the file by using the flag format:

Weiterlesen

JerseyCTF 2022 / osint – dns-joke

Ulli Weichert/ April 10, 2022/ IT-Security, Write-Ups/ 0Kommentare

dns-joke Points: 100 Description A system administrator hasn’t smiled in days. Legend has it, there is a DNS joke hidden somewhere in www.jerseyctf.com. Can you help us find it to make our system administrator laugh? Solving To get the flag, check the dns entries of the www.jerseyctf.com subdomain. jerseyctf.com TXT @192.168.178.1 +short "jctf{DNS_J0k3s_t@k3_24_hrs}" This script will help you get the

Weiterlesen

JerseyCTF 2022 / mist – root-me

Ulli Weichert/ April 10, 2022/ IT-Security, Write-Ups/ 0Kommentare

root-me Points: 400 SSH into the challenge host, 0.cloud.chals.io on port 19777 Username: ubuntu Password: jctf2022! Find the flag Solving We have login credentials for a server… so let’s dive in: ssh ubuntu@0.cloud.chals.io -p 19777 Okay… first we check sudo permissions, therefore just use sudo -l, but we don’t have any permissions. So let’s look for some other quickwins, shall

Weiterlesen