pcap-1 Writeup [ACSC 2023]
Category : Forensics
Difficulty : Warm-up
Challenge Description12345Here is a packet capture of my computer when I was preparing my presentation on Google Slides. Can you reproduce the contents of the slides?Note: If you find a "fake flag", submit it here. Some text next to the flag says that it is not accepted, but now it is. There are 2 flags in the challenge, and both are accepted. Part 1 accepts the flag that is easier to get.flag format: ACSC\{[ -~]+\}
We are given a r ...
Looking Glass [HTB]
Category : Web
Difficulty : Easy
Challenge Description1We've built the most secure networking tool in the market, come and check it out!
We are given an IP address and a port to connect to , we are not provided with a source code. If we open the website we find the following interface
We can do the commands ping and traceroute on an IP address that we can provideSome of you might already spotted the vulnerability here. However, let’s open BurpSuite and take a look at the request that w ...
Hacker's Playground 2022 Writeup - DocxArchive
Categories : Rev / Misc
Points : 110
Solves : 101
Challenge Description123I developed a simple and useful program that attaches a file into word file. But... why I cannot open file?I thought I developed perfect program, but it was not true. Wait, where is the source file?I cannot find my attachment file! I think I need to extract attachment file from word.
We are given a RecoverMe.docx file to download. It is a Microsoft Word 2007+ file. If we try to open it we get an error saying th ...
THE TEXT EDITOR JAIL writeup [247CTF]
Description1We didn't have time to setup and test a proper jail, so this text editor will have to do for now. Can you break free
We are given a website that when we connect to we get a vim over a ttyd web terminal. This challenge is straightforward and pretty simple we just need to escape the vim prompt in order to get the flag.
If we do some research on how to escape vim we come across this amazing blog post from hacktricks https://book.hacktricks.xyz/linux-hardening/privilege-escalation/ ...
DiceCTF @ HOPE Writeups
Webflag-viewerChallenge Descriptionhttps://flag-viewer.mc.ax/
We got a the following webpage and two files app.py,server.py
The most important part in the source code inapp.py is the following
123456789@server.post('/flag')async def flag(request): data = await request.post() user = data.get('user', '') if user != 'admin': return (302, '/?message=Only the "admin" user can see the flag!') return (302, f'/?message ...
Cyber Apocalypse CTF 2022 Writeups
ForensicsPuppeteerChallenge Description1Planet Longhir is known for it's top-tier researchers. Due to their dedication in science and engineering, their military equipment is the most advanced one in the galaxy. In fact, the prototype DES-3000, a self-propelled precision-strike missile that is capable of reaching targets even in Ratnik galaxy, is being used to disable Galactic Federation's communication satellites. The mystery that Miyuki is trying to solve is, how the satellite's ...
TJCTF 2022 Writeups
Forensicsfake-geoguessrChallenge Description1We don't do guess challs here at TJCTF, so that means no Geoguessr 😞 Since I took this photo myself, though, you can find out precisely where it was taken, and some Bonus Content™️, from my Camera Model Name to the Circle Of Confusion. Maybe you'll find a flag there?
12345678910111213141516└─$ exiftool lake.jpg ExifTool Version Number : 12.41File Name : lake.jpg[REDACTED]Cop ...
ångstromCTF 2022 Writeups
MiscConfettiChallenge Description123"From the sky, drop like confetti All eyes on me, so V.I.P All of my dreams, from the sky, drop like confetti" - Little Mix confetti.pngAuthor: cavocado
We are given a png file to work with
I tried running different tools like strings , exiftool , binwalk , zsteg … but nothing seems to give any results. Then I tried checking with pngcheck
We notice that we got an error because the picture has additional data after the IEND chunk. Looking with xxd ...
WolvSec CTF 2022 Writeups
ForensicsLecture_22_ForensicsChallenge DescriptionMy professor told me I might find something useful in these slides… Lecture_22__Forensics.pdf
We are given a PDF file to download.
The first thing I always do when I get a PDF file in a CTF challenge is the pdftotext command , It basically converts the pdf to plain text
1pdftotext Lecture_22__Forensics.pdf output.txt
We stored our output in an output.txt file that if we take a look at it we can see our flag.
Flag : wsc{y0u_c4nT_$ee_m3 ...
web-intro writeup [DCTF 2022]
Hello friends, in this article we gonna take a look at the challenge web-intro from the DCTF 2022.
Challenge description : Are you an admin?
We are given an address to connect to the website : 35.246.158.241:31589.When entering the website we see this messages saying Access Denied
Looking at the source code we can’t see anything. But if we look at the cookies we can see our session.
Taking the value to jwt.io to decode it , we get the following :
{"logged_in": false}
As we ...