S21SEC [DCS17CTF] – Namibia
Hi mates, During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will…
![S21SEC [DCS17CTF] – Namibia](https://i0.wp.com/blogs.tunelko.com/wp-content/uploads/2017/05/score.jpg?fit=768%2C382&ssl=1)
S21SEC [DCS17CTF] – Ucrania
Hi mates, During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will…
S21SEC [DCS17CTF] – Finlandia
Hi mates, During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will…
S21SEC [DCS17CTF] – Mauritania
Hi mates, During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will…
S21SEC [DCS17CTF] – Somalia
Hi mates, During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will…
S21SEC [DCS17CTF] – Venezuela
Hi mates, During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will…
BITSCTF – Tom and Jerry (50 points)
I have a little time to join on BITSCTF with my team defconUA and want to put some writeup on one of the task i was working. They give us a pcapng named 'Cat.pcapng'. Ok, challenge name is "Tom and…
IHackLabs, aprende de los mejores
Introducción Recientemente he probado "IHackLabs", una plataforma de aprendizaje, laboratorios y certificaciones para estudiantes y profesionales. Me he reunido con Diana y Carlos, la gente detrás de esta idea, en "Sh3llCON2017 Congreso de Seguridad". Todo el trabajo en torno a…
n00bs CTF Labs by Infosec Institute – 2nd edition
Here another edition of n00bs infosec CTF. 13 Levels, i will add as soon as i can complete, so stay tuned and keep visiting this post. Remember first edition ?. Level 2 A simple calculator. Need to inject something that breaks…
Ghost in the Shellcode 2014: Write-up CTF247
This weekend we have 46 hours of hard ctf. Organization let tou play a 'doom-style' game that could be decompiled and must be pwned to achieve some missions. This task is one of two web challenges, a parody of CTF365 (lol).Going…
Preventing ‘SQLi’ Cheatsheet during attack-defense CTF (Basic approach)
This document explains how to prevent, in several ways, SQLi attack. We can patch this lines as examples below, if we found vulnerable PHP sentences during attack-defense CTF. Of course, it depends on the way they use PHP and there’s…
XSS Challenges
Here's my journal to solve all the XSS Challenges writed by yamagata21 on http://xss-quiz.int21h.jp/, This is an starter level to people who want to learn some cross-site scripting and its several ways to inject on differents browsers. XSS Challenges http://xss-quiz.int21h.jp Stage1: http://xss-quiz.int21h.jp…
NotSoSecure SQLi CTF – writeup
Access to challenge using a proxy like burp or zap and submit data to login. Notice the forwarded to: http://ctf.notsosecure.com/71367217217126217712/checklogin.php that contains: 7365637265745f72656769737465722e68746d6c This could be decoded '7365637265745f72656769737465722e68746d6c'.decode('hex') in python to read secret_register.html >>> '7365637265745f72656769737465722e68746d6c'.decode('hex') 'secret_register.html' The registration page offers…
Format string attack. Introduction.
On this post we are going to learn more about format string attacks. On Internet you can find a lot of resources talking about the topic, so this is another one. What is a format string and how to recognize…
ASIS CTF – simple pcap «spcap» writeup
A simple task named spcap (simple pcap). We open it with wireshark and get the Statistics->Conversations. Some SSH, HTTP on it. Apply this filter on HTTP: ip.addr==172.16.133.133 && tcp.port==52694 && ip.addr==172.16.133.149 && tcp.port==80 We notice that if we follow TCP…
29C3 CTF: Node writeup
This 29C3 from Chaos Computer Club hackers. We participate as dcua team, awesome people trying the best effort for the challenges. Nice job! Node Points: 200 Solves: 18 Description Node.js is smart, fast, easy and secure... Don't you think so too?…
CTF Hack.lu: Mini Zombie Business (+100pt) write-up
We got to make some business with our zombie in https://ctf.fluxfingers.net:2076/mini/. There's a zombie image and at first look we get some data encoded on it. <form/name="a"/data-a="Fcabdux ehiktgmaj:nopylqrsvf_wz("){}.?L="></form> <div/id="a"></div>//id="a" <img/src="zomb.png"/onclick="dafuq()"/> There is a <script> tag with several unescape functions and…
CTF Hack.lu: 20 – Nerd safe house (+100 pt) write-up
Mission This zombie apocalypse is a tough thing. Dozens of zombies are following you and looking forward to have a nice snack, when some fat guy appears. You outrun him easily, so eating all of him will keep the zombies…
Publicado enWargame
OWASP 2012 Online Competition
Para los que queráis 'hackear' en un entorno seguro y legal, Hacking-Lab ha promovido a través de su patrocinador OWASP un nuevo wargame con la posibilidad de ganar algún premio, como la asistencia a las AppSec USA y AppSEC Latam 2012. Personalmente…
Publicado enWargame
II Wargame SecurityByDefault («feellikecsi series»)
Dentro de la competición había una serie de pruebas de análisis forense. Los organizadores te proporcionan un fichero imagen y debes indicar una serie de datos que te piden, a saber: feellikecsi_rls: Release name y version del sistema afectado. feellikecsi_knl:…
Publicado enWargame
II Wargame SecurityByDefault («keyconsole»)
En primer lugar gracias a las personas detrás de SbD por organizar este concurso y enhorabuena a los ganadores, esperamos sus write-ups ansiosos. Este reto consistía en conocer el token al ejecutar el fichero que proporcionaba la prueba 'keyconsole'. Al…
Publicado enWargame
II Wargame SecurityByDefault («errorz»)
En el reto se nos muestra una imagen donde hay una calavera pirata que nos sugiere que puede haber algún error en la imagen. Después de pasar por varias herramientas de extracción de metadatos exif y conocer todo tipo de…