serioton

Category : Forensics Difficulty : Warm-up Challenge Description12345Here is a packet capture of my computer when I was preparing my presentation on Google Slides. Can you reproduce the contents of the slides?Note: If you find a "fake flag", submit it here. Some text next to the flag says that it is not accepted, but now it is. There are 2 flags in the challenge, and both are accepted. Part 1 accepts the flag that is easier to get.flag format: ACSC\{[ -~]+\} We are given a r ...

Category : Web Difficulty : Easy Challenge Description1We've built the most secure networking tool in the market, come and check it out! We are given an IP address and a port to connect to , we are not provided with a source code. If we open the website we find the following interface We can do the commands ping and traceroute on an IP address that we can provideSome of you might already spotted the vulnerability here. However, let’s open BurpSuite and take a look at the request that w ...

Categories : Rev / Misc Points : 110 Solves : 101 Challenge Description123I developed a simple and useful program that attaches a file into word file. But... why I cannot open file?I thought I developed perfect program, but it was not true. Wait, where is the source file?I cannot find my attachment file! I think I need to extract attachment file from word. We are given a RecoverMe.docx file to download. It is a Microsoft Word 2007+ file. If we try to open it we get an error saying th ...

Description1We didn't have time to setup and test a proper jail, so this text editor will have to do for now. Can you break free We are given a website that when we connect to we get a vim over a ttyd web terminal. This challenge is straightforward and pretty simple we just need to escape the vim prompt in order to get the flag. If we do some research on how to escape vim we come across this amazing blog post from hacktricks https://book.hacktricks.xyz/linux-hardening/privilege-escalation/ ...

Webflag-viewerChallenge Descriptionhttps://flag-viewer.mc.ax/ We got a the following webpage and two files app.py,server.py The most important part in the source code inapp.py is the following 123456789@server.post('/flag')async def flag(request): data = await request.post() user = data.get('user', '') if user != 'admin': return (302, '/?message=Only the "admin" user can see the flag!') return (302, f'/?message ...

ForensicsPuppeteerChallenge Description1Planet Longhir is known for it's top-tier researchers. Due to their dedication in science and engineering, their military equipment is the most advanced one in the galaxy. In fact, the prototype DES-3000, a self-propelled precision-strike missile that is capable of reaching targets even in Ratnik galaxy, is being used to disable Galactic Federation's communication satellites. The mystery that Miyuki is trying to solve is, how the satellite's ...

Forensicsfake-geoguessrChallenge Description1We don't do guess challs here at TJCTF, so that means no Geoguessr 😞 Since I took this photo myself, though, you can find out precisely where it was taken, and some Bonus Content™️, from my Camera Model Name to the Circle Of Confusion. Maybe you'll find a flag there? 12345678910111213141516└─$ exiftool lake.jpg ExifTool Version Number : 12.41File Name : lake.jpg[REDACTED]Cop ...

MiscConfettiChallenge Description123"From the sky, drop like confetti All eyes on me, so V.I.P All of my dreams, from the sky, drop like confetti" - Little Mix confetti.pngAuthor: cavocado We are given a png file to work with I tried running different tools like strings , exiftool , binwalk , zsteg … but nothing seems to give any results. Then I tried checking with pngcheck We notice that we got an error because the picture has additional data after the IEND chunk. Looking with xxd ...

ForensicsLecture_22_ForensicsChallenge DescriptionMy professor told me I might find something useful in these slides… Lecture_22__Forensics.pdf We are given a PDF file to download. The first thing I always do when I get a PDF file in a CTF challenge is the pdftotext command , It basically converts the pdf to plain text 1pdftotext Lecture_22__Forensics.pdf output.txt We stored our output in an output.txt file that if we take a look at it we can see our flag. Flag : wsc{y0u_c4nT_$ee_m3&# ...

Hello friends, in this article we gonna take a look at the challenge web-intro from the DCTF 2022. Challenge description : Are you an admin? We are given an address to connect to the website : 35.246.158.241:31589.When entering the website we see this messages saying Access Denied Looking at the source code we can’t see anything. But if we look at the cookies we can see our session. Taking the value to jwt.io to decode it , we get the following : {"logged_in": false} As we ...