DEADFACE CTF 2022 // Going Old School

Christian Leipold/ Oktober 18, 2022/ IT-Security, Write-Ups/ 0Kommentare

GOING OLD SCHOOL TYPE: CRYPTOGRAPHY Challenge Unable to use their RSA encryption program, luciafer resorts to using old school techniques to send a message out to the team. Can you decipher the code and find the flag? Submit the flag as flag{flag text} Download Image SHA1: 1afcf5cc3a64f3924f27425ed344fbe4545c5554 env.deadface.io Solution The link provided was the following image. At first sight we

Weiterlesen

DEADFACE CTF 2022 // Pandora´s Box

Christian Leipold/ Oktober 18, 2022/ IT-Security, Write-Ups/ 0Kommentare

Pandora´s Box TYPE: CRYPTOGRAPHY Challenge Pandora´s box, we have found it! Even better, the last travelers knew the numbered code to get in but they couldn’t figure out the transcription. Figure out the the transcription’s translation to find the flag! Download Image SHA1: 8e613787658d2d5828448aa182e2bb4904c124a8 Submit the flag as: flag{word_word_word_word} Solution Given was the follwing image So it looks like that

Weiterlesen

DEADFACE CTF 2022 // SQL Challenges

Ulli Weichert/ Oktober 17, 2022/ IT-Security, Write-Ups/ 0Kommentare

SQL Challenges Like last year, there were several SQL Challenges that build on each other and whose solutions are discussed below. Prepare SQL To work with the SQL files we suggest to import the backup into a MySQL DBMS, so you can connect to the database and select the infos out of it 🙂 I used a maria-db docker container.

Weiterlesen

NahamCon CTF 2022 / Wizard

Ulli Weichert/ Mai 3, 2022/ IT-Security, Write-Ups/ 0Kommentare

Wizard You have stumbled upon a wizard on your path to the flag. You must answer his questions! PS (not challenge related), thank you so much to Hadrian for supporting NahamCon 2022! Press the Start button on the top-right to begin this challenge. Solving To solve this challenge, you need to connect to your own instance via netcat. Then you

Weiterlesen

NahamCon CTF 2022 / EXtravagant

Ulli Weichert/ Mai 3, 2022/ IT-Security, Write-Ups/ 0Kommentare

EXtravagant I’ve been working on a XML parsing service. It’s not finished but there should be enough for you to try out. The flag is in /var/www Press the Start button on the top-right to begin this challenge. Solving To solve this one, we need to upload our own malformed XML document (XML external entity (XXE) injection). Create a XML

Weiterlesen

JerseyCTF 2022 / web – apache-logs

Ulli Weichert/ April 10, 2022/ IT-Security, Write-Ups/ 0Kommentare

apache-logs Points: 100 An apache log file that contains recent traffic was pulled from a web server. There is suspicion that an external host was able to access a sensitive file accidentally placed in one of the company website’s directories. Someone’s getting fired… Identify the source IP address that was able to access the file by using the flag format:

Weiterlesen

JerseyCTF 2022 / osint – dns-joke

Ulli Weichert/ April 10, 2022/ IT-Security, Write-Ups/ 0Kommentare

dns-joke Points: 100 Description A system administrator hasn’t smiled in days. Legend has it, there is a DNS joke hidden somewhere in www.jerseyctf.com. Can you help us find it to make our system administrator laugh? Solving To get the flag, check the dns entries of the www.jerseyctf.com subdomain. jerseyctf.com TXT @192.168.178.1 +short "jctf{DNS_J0k3s_t@k3_24_hrs}" This script will help you get the

Weiterlesen