CTF – Tunelko. Random (in)security.

Reimonware H-C0N 2023

CTF

Reimonware H-C0N 2023

With the 5th H-C0N 2023 cybersecurity congress held in LaNave (Madrid), some friends asked me to collaborate with a challenge for the CTF that was organised from 21 to 25 February. The congress itself deserves it and the people who…

ASIS CTF 2020. Web Warmup.

CTF

ASIS CTF 2020. Web Warmup.

Hello all, friends. 20 months from my last post! We could say i'm not too much active on this blog , ha-ha. This weekend had the opportunity to test some ASIS CTF 2020 challenges and join this legendary CTF with…

CSAW. Red Team competition. «Babyrev»

CTF

CSAW. Red Team competition. «Babyrev»

Babyrev is reversing challenge on CSAW "Red team competition" where have to pass 99 rounds of input 4-digits code based on some check function. Main graph on IDA: Disassembly of check(): Dump of assembler code for function check: 0x0000000000400893 <+0>:…

Cybercamp 2018 quals: “Friend, where is my password?”

CTF

Cybercamp 2018 quals: “Friend, where is my password?”

Intro As a frequently player on cybergames and ctf's this year wanted play on prequal of Cybercamp CTF 2018 organized by INCIBE. This allows me to take a snapshot of the maturity and quality of both platforms and challenges, apart from…

Cybercamp 2018 quals: «Oh my G0d!»

CTF

Cybercamp 2018 quals: «Oh my G0d!»

Intro As a frequently player on cybergames and ctf's this year wanted play on prequal of Cybercamp CTF 2018 organized by INCIBE. This allows me to take a snapshot of the maturity and quality of both platforms and challenges, apart from…

Cybercamp 2018 quals: «Unnecessary redundancy»

CTF

Cybercamp 2018 quals: «Unnecessary redundancy»

Intro

As a frequently player on cybergames and ctf’s this year wanted play on prequal of Cybercamp CTF 2018 organized by INCIBE. This allows me to take a snapshot of the maturity and quality of both platforms and challenges, apart from having a good time solving some problems (not always played as tunelko :))

Efiens CTF – mediumRE

CTF

Efiens CTF – mediumRE

Hi folks. This post is about a Efiens challenge, easy-medium RE that my colleague Cothan publish on twitter as a part of a set of them included on Efiens CTF. As described on his tweet, is an easy ctf that try…

VulnDocker VM, NotSoSecure. Easy mode.

CTF docker docker-security

VulnDocker VM, NotSoSecure. Easy mode.

A new VM is released by NotSoSecure company called VulnDocker. What a coincidence, you're auditing docker security trying to learn and understand and a vm appears as challenge flavour. Perfect. On boot we can see the modes (yes, VM has…

hackburger.ee [all writeups]

CTF

hackburger.ee [all writeups]

I've decided to publish http://hackburger.ee writeups https://gist.github.com/tunelko/13766c5eaba923811ff7da9b520870bd

S21SEC [DCS17CTF] – Namibia

S21SEC [DCS17CTF] – Namibia

Hi mates, During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will…

S21SEC [DCS17CTF] – Ucrania

S21SEC [DCS17CTF] – Ucrania

Hi mates, During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will…

S21SEC [DCS17CTF] – Finlandia

S21SEC [DCS17CTF] – Finlandia

Hi mates, During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will…

S21SEC [DCS17CTF] – Mauritania

S21SEC [DCS17CTF] – Mauritania

Hi mates, During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will…

S21SEC [DCS17CTF] – Somalia

S21SEC [DCS17CTF] – Somalia

Hi mates, During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will…

S21SEC [DCS17CTF] – Venezuela

S21SEC [DCS17CTF] – Venezuela

Hi mates, During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will…

BITSCTF – Tom and Jerry (50 points)

BITSCTF – Tom and Jerry (50 points)

I have a little time to join on BITSCTF with my team defconUA and want to put some writeup on one of the task i was working. They give us a pcapng named 'Cat.pcapng'. Ok, challenge name is "Tom and…

IHackLabs, aprende de los mejores

CTF labs Wargame

IHackLabs, aprende de los mejores

Introducción Recientemente he probado "IHackLabs", una plataforma de aprendizaje, laboratorios y certificaciones para estudiantes y profesionales. Me he reunido con Diana y Carlos, la gente detrás de esta idea, en "Sh3llCON2017 Congreso de Seguridad". Todo el trabajo en torno a…

LSE Epita format string

CTF

LSE Epita format string

Time ago i can't write on this blog. It's normal when your time is full dedicated to work and study. Now, i have one hour to publish something related guess with ? Yes, ctf challenges :) Since this is only…

Hackover CTF – messagecenter

Hackover CTF – messagecenter

A long time since last writeup so i have decided comment a simple web level solved on "Hackover CTF". It's very old vulnerability related with type safe comparation on PHP and serialize function. We have a web login with normal test…

n00bs CTF Labs by Infosec Institute – 2nd edition

n00bs CTF Labs by Infosec Institute – 2nd edition

Here another edition of n00bs infosec CTF. 13 Levels, i will add as soon as i can complete, so stay tuned and keep visiting this post. Remember first edition ?. Level 2 A simple calculator. Need to inject something that breaks…

HITB TEASER: SATCOM

CTF

HITB TEASER: SATCOM

WEB 1000

SATCOM
Our division of foreign cyber affairs has been hard at work lately. While mapping out some obscure subnets (which we think belong to the intelligence agency that is investigating HEAVENWEB) we’ve come accross a Sattelite Communications Center. One of our employees managed to snag a copy of some source code before they further locked down the platform. Luckily the login frontend still seems to be reachable.

Can you help us gain access to the platform and find out which information has been compromised?

n00bs CTF Labs by Infosec Institute

CTF

n00bs CTF Labs by Infosec Institute

This time InfoSec Institute bring us the opportunity to learn a very basic concepts for n00bs on a CTF with 15 Levels. Level 1 Just browse the source and see the comment.  flag: infosec_flagis_welcome Level 2 Seems we…

CTF teaser Insomnihack 2015 [ynos – web100]

CTF teaser Insomnihack 2015 [ynos – web100]

First, happy new year to all. This time we are going to see how to solve ynos task from the last weekend, Insomnihack 2015 teaser. Good work to the people behind the scenes :). This web task presents several vulnerabilites…

MakeMeFeeWet^Hb [No cON Name 2014 CTF – QUALS]

MakeMeFeeWet^Hb [No cON Name 2014 CTF – QUALS]

This challenge has a a bit more complicated solution proceess and more fun to learn. We have a login page that stay inmmutable to our several injection attacks. The only weird thing is a comment on the source page, vim…

WEBster [No cON Name 2014 CTF – QUALS]

This year "No cON Name Capture The Flag" quals had more than three challenges to compete for the final, so big thanks to organizers to extend last year limit. At now ( 09:27 am GMT+2 ), @DefCon-UA (dcua team) have…

Second NotSoSecure SQLiLab CTF

CTF

Second NotSoSecure SQLiLab CTF

Dear fellow Hackers!, thanks for signing up for the 2nd SQLiLab CTF. The CTF is now on!. Before you go all out hacking the CTF, here are some rules of the engagement: 1. Strictly no brute-forcing. There is no need…

CTF

Mission 1 & Mission 2 Write-Ups – Security-BSides London

Hi all!. Last february i have participated on Security BSides Challenges, here: https://www.securitybsides.org.uk/challenge1.html https://www.securitybsides.org.uk/challenge2.html Yesterday @AlecRWaters contacts me to confirm that we get second position on both challenges. So got a ticket to this infosec conference. "Hi , I’m delighted to announce…

CTF

PHDays 2014 Quals: PHP_JL writeup

This time another great quals CTF organized by guys and girls of PHdays. PHP_JL was another PHP with safe_mode and functions disabled. First we have to notice is the source of html output: <!-- Notice: Undefined index: code in /var/www/index.php…

Ghost in the Shellcode 2014: Write-up CTF247

This weekend we have 46 hours of hard ctf. Organization let tou play a 'doom-style' game that could be decompiled and must be pwned to achieve some missions. This task is one of two web challenges, a parody of CTF365 (lol).Going…

Preventing ‘SQLi’ Cheatsheet during attack-defense CTF (Basic approach)

Preventing ‘SQLi’ Cheatsheet during attack-defense CTF (Basic approach)

This document explains how to prevent, in several ways, SQLi attack. We can patch this lines as examples below, if we found vulnerable PHP sentences during attack-defense CTF. Of course, it depends on the way they use PHP and there’s…

XSS Challenges

CTF Wargame XSS

XSS Challenges

Here's my journal to solve all the XSS Challenges writed by yamagata21 on http://xss-quiz.int21h.jp/, This is an starter level to people who want to learn some cross-site scripting and its several ways to inject on differents browsers. XSS Challenges http://xss-quiz.int21h.jp Stage1: http://xss-quiz.int21h.jp…

NotSoSecure SQLi CTF – writeup

Access to challenge using a proxy like burp or zap and submit data to login. Notice the forwarded to: http://ctf.notsosecure.com/71367217217126217712/checklogin.php that contains: 7365637265745f72656769737465722e68746d6c This could be decoded '7365637265745f72656769737465722e68746d6c'.decode('hex') in python to read secret_register.html >>> '7365637265745f72656769737465722e68746d6c'.decode('hex') 'secret_register.html' The registration page offers…

CTF Reversing Wargame

Format string attack. Introduction.

On this post we are going to learn more about format string attacks. On Internet you can find a lot of resources talking about the topic, so this is another one. What is a format string and how to recognize…

ASIS CTF – simple pcap «spcap» writeup

A simple task named spcap (simple pcap). We open it with wireshark and get the Statistics->Conversations. Some SSH, HTTP on it. Apply this filter on HTTP: ip.addr==172.16.133.133 && tcp.port==52694 && ip.addr==172.16.133.149 && tcp.port==80 We notice that if we follow TCP…

29C3 CTF: Node writeup

29C3 CTF: Node writeup

This 29C3 from Chaos Computer Club hackers. We participate as dcua team, awesome people trying the best effort for the challenges. Nice job! Node Points: 200 Solves: 18 Description Node.js is smart, fast, easy and secure... Don't you think so too?…

CTF Hack.lu: Mini Zombie Business (+100pt) write-up

CTF Hack.lu: Mini Zombie Business (+100pt) write-up

We got to make some business with our zombie in https://ctf.fluxfingers.net:2076/mini/. There's a zombie image and at first look we get some data encoded on it. <form/name="a"/data-a="Fcabdux ehiktgmaj:nopylqrsvf_wz("){}.?L="></form> <div/id="a"></div>//id="a" <img/src="zomb.png"/onclick="dafuq()"/> There is a <script> tag with several unescape functions and…

CTF Hack.lu: 20 – Nerd safe house (+100 pt) write-up

CTF Hack.lu: 20 – Nerd safe house (+100 pt) write-up

Mission This zombie apocalypse is a tough thing. Dozens of zombies are following you and looking forward to have a nice snack, when some fat guy appears. You outrun him easily, so eating all of him will keep the zombies…