OCEAN What can you do in an ocean of files? nc server.challenge.ctf.thefewchosen.com 1338 Hints There is an official hint: Hint for ocean: The chal file is not relevant. That’s just a shell (basically the entrypoint). Try listing folders and subfolders Todos So we looked around for a while and found this directory (Magic trick was to use ls -R instead
AAAAA AAAAA. That’s all Download AAAAA Okay – first of all, like always I run file on this AAAAA file. This will tell us, that this is a data file. After that, I tried binwalk. BÄM There is an image included. My colleague uses CyberChef for this. There you can import the file and run Extract files on. I just
I recently wrote a Flask web application in Python. When I put it online, I of course ran Nikto over it. Since I was immediately confronted with the usual suspects, I wanted to write down the solution for this weak point as a reminder to myself and possibly for your support. Vulnerabilities What vulnerabilities do we encounter again and again?
Deep Bielsa: ‚A man with new ideas is a madman, until his ideas triumph‘ Given is this foto: Todos Okay guys – this one is an easy one, but I did not solved that by my own! My personal rabbitholes Disclaimer: I couldn’t solve the challenge and had to bang my head on the edge of the table for hours
Noise Messi: ‚When the year starts, the objective is to win with all the team, personal records are secondary‘ Todos Given was this picture: In this stego challenges the first approach is to check the file type and look for some strings. $ ~ # file challenge.png challenge.png: PNG image data, 926 x 1262, 8-bit grayscale, non-interlaced That looks normal…
Friends Bielsa: ‚Everything is allowed, except stop fighting‘ Given was this image: Todos Like always – I check strings and exiftools and the file itself! But no command give us something. $ ~ # file messi.jpg messi.jpg: JPEG image data, JFIF standard 1.01, aspect ratio, density 1×1, segment length 16, baseline, precision 8, 720×628, components 3 exiftool messi.jpg > messi.jpg_exifdata
3in1 Description Like Nescafeeeee! Attachments https://ctf.k3rn3l4rmy.com/kernelctf-distribution-challs/nescafeee/AES.py Todos To decrypt the string in the given AES.py script (String is in scriptfile as a comment). from Crypto.Cipher import AES from Crypto.Hash import SHA256 f = open('progress.txt', 'r') password = ("abda") hash_obj = SHA256.new(password.encode('utf-8')) hkey = hash_obj.digest() def encrypt(info): msg = info BLOCK_SIZE = 16 PAD = "{" padding = lambda s: s
BSides-Jeddah-CTF Writeups to the BSides Jeddah CTF – 2021 Situation – BSides Jeddah BSides Jeddah is coming up with a blueteam flavored CTF this year hosted by CyberDefenders. This will be a Jeopardy-style intermediate CTF with a few harder challenges, including network analysis, memory forensics, and malicious document analysis. To get latest updates, follow us on twitter @JeddahBsides , @CyberDefenders.
BSides-Jeddah-CTF Writeup to the BSides Jeddah CTF – 2021 Situation – BSides Jeddah BSides Jeddah is coming up with a blueteam flavored CTF this year hosted by CyberDefenders. This will be a Jeopardy-style intermediate CTF with a few harder challenges, including network analysis, memory forensics and malicious document analysis. To get the latest updates, follow us on twitter @JeddahBsides ,
Useful payloads Here are some valuable payloads for both Linux & Windows command injection on a vulnerable web-application. Feel free! Linux Payload Description whoami See what user the application is running under. ls List the contents of the current directory. You may be able to find files such as configuration files, environment files (tokens and application keys), and many more