Category Archives: CTF

Security Espresso – Challenge for def.camp tickets

I found the flag pretty easy but, sadly, out of 9 other people that solved it .. random.org did not like me that much :))

Here is a writeup for the challenge.

It all started with a FB post and a promise I made with myself .. never go to paid security conferences if I don’t get there by freeΒ  :Β and here it was .. a simple form:

First thing, first was to test with a random email and password so I can catch errors and so on. The first error was about a wrong username so I took the emails present on the same page and tried them until I found the correct one, then started hydra to brute force it (well, I haven’t seen the hints so I tried it with another dictionary at first).

hydra -l contact@security.security -P rockyou.txt 45.76.95.148 -s 5000 http-post-form “/:email=^USER^&password=^PASS^&submit=fdf:F=Wrong password!” -vV -t 32 -f

After getting access to the system, there was a hint in the text itself so I tried to see a point so I can increase the level from 0 to 10 to see what happens. There were no endpoints so … hmm .. looked in the cookies, found one that was looking like an md5 string so I used a “decrypt” website and it was “0” … LOL, all I had to do was to md5(“10”) then replace the cookie content and that was all πŸ™‚

 

CTF : 2018 : ReplyCTF : Web : CAPTCHAFLAG

Datele problemei:

M-am uitat in codul sursa si am vazut :
<!– HACKED VUVkYWRtTnRNR2RaVjA0d1lWYzVkVkJUU1hWTWVVa3JVRWRzZFdOSVZqQkpTRkkxWTBkVk9VbHVUakZaYlRGd1pFTkpaMkp0Um5SYVZEQnBZME5KWjJSdFJuTmtWMVU1U1cxNGRtSkRTV2RRYW5kMllWYzFkMlJZVVNzPQ== –>

Cand vad “=” imi sare gandul automat la base64 .. am folosit de 3 ori un decoder pentru el si am dat de stringul initial:

<form action=”./”><input type=”submit” name=”p” value=”lol” ></input>Β 

Am apelat URL-ul ?p=lol si am observat ca cele 3 imagini cu numere se schimba .. sunt intre 1 si 15 si .. in codul sursa se observa ca tot base64 e numele lor πŸ™‚

Le-am luat pe toate 15 in ordine crescatoare si a reiesit stringul ..
Q29tZSBvbiBpdCBIHRvIG92ZXJjb214gY29uZ3JhdHVsYXRpb25zLCB5b3UndmUgZm91bmQgdGhlIGZpcnN0IGZsYWc6CntGTEc6MVRzNEwwTmdXNHlUMDdoM1QwcDFmWTBVVzRuTjRSMGNLblIwTEx9Ck5vdyB3aWxsIHlvdSBiZSBhYmxlIHRvIG92ZXJjb21lIHRoZSBuZXh0IGxldmVsPyA7KQ==

Pus tot pe base64decode.org ..
Come on it Hέ™\^ congratulations, you’ve found the first flag:
{FLG:1Ts4L0NgW4yT07h3T0p1fY0UW4nN4R0cKnR0LL}
Now will you be able to overcome the next level? πŸ˜‰

Yuppy .. we have the flag πŸ™‚ That was all folks!

WebSec – Cookies

Cateva lucruri/concepte:

  • Acces cookieuri

Sa definim niste termeni:
Avem domain.com – domeniul de baza/root
test1.domain.com si test2.domain.com – subdomenii nivel 1 ale domain.com
a.test1.domain.com – subdomeniu nivel 2 al test1.domain.com

1. Un cookie setat pe domeniul principal domain.com este accesibil TUTUROR subdomenilor sale, indiferent de nivel
2. Un cookie setat pe test1.domain.com este accesibil TUTUROR subdomenilor sale, indiferent de nivel (ca mai sus) DAR nu este accesibil celorlalte subdomenii de pe acelasi nivel cu el insusi (deci test2.domain.com nu poate citi acest cookie).
3. O aplicatie poate seta cookieuri: (sub)domeniului pe care ruleaza, tuturor subdomeniilor sale SI parintelui sau.
Deci: de pe test1.domain.com putem seta cookieuri: test1.domain.com, domain.com si a.test1.domain.com

 

  • Flaguri
  1. secure … accesibile doar prin https
  2. http-only .. inaccesibile din limbaje client-side (javascript)

CTF – Pregatire sistem

M-am tot gandit (in timp ce mergeam pe strada :)) ) si cred ca, solutia ideala momentan, este o masina virtuala. De ce? Pai … o poti muta de pe un laptop pe altul foarte usor, instalezi virtualbox, copiezi fisierul si asta e tot + poti face backup/restore extrem de usor (e un singur fisier totul, nu?).

Ca sistem de operare am ales Lubuntu (https://lubuntu.net/downloads/) .. mult mai putine resurse necesare decat Ubuntu. De ce nu o versiune mai de “doamne-ajuta”? Pai .. sunt pline de tot felul de tool-uri inutile mie (sunt interesat de partea de web, nu RE, crypto and so on) + multe alte motive ce tin de incredere.

Ca browsere folosesc Chrome/ium pentru partea de browsing normala si Firefox pentru a-l folosi cu Burp (https://portswigger.net/burp/communitydownload) + Firebug. 2 browsere sunt mai ok pentru ca nu mai stai sa tot activezi/dezactivezi setarile de proxy + nu-mi place sa am add-onuri (stiu, sunt add-onuri pentru enable/disable proxy-uri).

O sa tot adaug chestii instalate cu fiecare CTF la care particip, in functie de nevoi, nu doar asa sa am cat mai multe tool-uri πŸ˜›

!!! Orice sugestie e mai mult decat binevenita !!!