Category Archives: CTF

How to crack the password on a PDF file?

Once in a while you need to do this (in CTFs, not real life lol) .. so the easiest way is to install john the ripper ( , i recommend the jumbo edition) and use its utility called pdf2john to extract the hash needed for john to crack:

PATH_TO/ password-protected.pdf > pdf.john

Then start john and happy cracking πŸ™‚

For the dictionary attack you can use the best list I ever saw (2019):

Example with one of the files from the above repository:

john –wordlist=PATH_TO_DICTIONARY pdf.john

or for a brute-force approach

john –incremental:ASCII pdf.john

Good luck!

Simple, no? πŸ™‚

PS: This cheat-sheet really helps:

Security Espresso – Challenge for tickets

I found the flag pretty easy but, sadly, out of 9 other people that solved it .. did not like me that much :))

Here is a writeup for the challenge.

It all started with a FB post and a promise I made with myself .. never go to paid security conferences if I don’t get there by freeΒ  :Β and here it was .. a simple form:

First thing, first was to test with a random email and password so I can catch errors and so on. The first error was about a wrong username so I took the emails present on the same page and tried them until I found the correct one, then started hydra to brute force it (well, I haven’t seen the hints so I tried it with another dictionary at first).

hydra -l -P rockyou.txt -s 5000 http-post-form “/:email=^USER^&password=^PASS^&submit=fdf:F=Wrong password!” -vV -t 32 -f

After getting access to the system, there was a hint in the text itself so I tried to see a point so I can increase the level from 0 to 10 to see what happens. There were no endpoints so … hmm .. looked in the cookies, found one that was looking like an md5 string so I used a “decrypt” website and it was “0” … LOL, all I had to do was to md5(“10”) then replace the cookie content and that was all πŸ™‚


CTF : 2018 : ReplyCTF : Web : CAPTCHAFLAG

Datele problemei:

M-am uitat in codul sursa si am vazut :

Cand vad “=” imi sare gandul automat la base64 .. am folosit de 3 ori un decoder pentru el si am dat de stringul initial:

<form action=”./”><input type=”submit” name=”p” value=”lol” ></input>Β 

Am apelat URL-ul ?p=lol si am observat ca cele 3 imagini cu numere se schimba .. sunt intre 1 si 15 si .. in codul sursa se observa ca tot base64 e numele lor πŸ™‚

Le-am luat pe toate 15 in ordine crescatoare si a reiesit stringul ..

Pus tot pe ..
Come on it Hέ™\^ congratulations, you’ve found the first flag:
Now will you be able to overcome the next level? πŸ˜‰

Yuppy .. we have the flag πŸ™‚ That was all folks!

WebSec – Cookies

Cateva lucruri/concepte:

  • Acces cookieuri

Sa definim niste termeni:
Avem – domeniul de baza/root si – subdomenii nivel 1 ale – subdomeniu nivel 2 al

1. Un cookie setat pe domeniul principal este accesibil TUTUROR subdomenilor sale, indiferent de nivel
2. Un cookie setat pe este accesibil TUTUROR subdomenilor sale, indiferent de nivel (ca mai sus) DAR nu este accesibil celorlalte subdomenii de pe acelasi nivel cu el insusi (deci nu poate citi acest cookie).
3. O aplicatie poate seta cookieuri: (sub)domeniului pe care ruleaza, tuturor subdomeniilor sale SI parintelui sau.
Deci: de pe putem seta cookieuri:, si


  • Flaguri
  1. secure … accesibile doar prin https
  2. http-only .. inaccesibile din limbaje client-side (javascript)

CTF – Pregatire sistem

M-am tot gandit (in timp ce mergeam pe strada :)) ) si cred ca, solutia ideala momentan, este o masina virtuala. De ce? Pai … o poti muta de pe un laptop pe altul foarte usor, instalezi virtualbox, copiezi fisierul si asta e tot + poti face backup/restore extrem de usor (e un singur fisier totul, nu?).

Ca sistem de operare am ales Lubuntu ( .. mult mai putine resurse necesare decat Ubuntu. De ce nu o versiune mai de “doamne-ajuta”? Pai .. sunt pline de tot felul de tool-uri inutile mie (sunt interesat de partea de web, nu RE, crypto and so on) + multe alte motive ce tin de incredere.

Ca browsere folosesc Chrome/ium pentru partea de browsing normala si Firefox pentru a-l folosi cu Burp ( + Firebug. 2 browsere sunt mai ok pentru ca nu mai stai sa tot activezi/dezactivezi setarile de proxy + nu-mi place sa am add-onuri (stiu, sunt add-onuri pentru enable/disable proxy-uri).

O sa tot adaug chestii instalate cu fiecare CTF la care particip, in functie de nevoi, nu doar asa sa am cat mai multe tool-uri πŸ˜›

!!! Orice sugestie e mai mult decat binevenita !!!