Browsing Category

Wargame

ihacklabs
CTF, labs, Wargame,

IHackLabs, aprende de los mejores

Introducción Recientemente he probado “IHackLabs”, una plataforma de aprendizaje, laboratorios y certificaciones para estudiantes y profesionales. Me he reunido con Diana y Carlos, la gente detrás de esta idea, en “Sh3llCON2017 Congreso de Seguridad”. Todo el trabajo en torno a los laboratorios están destinados a reproducir los ejercicios del mundo

CTF, Wargame,

Ghost in the Shellcode 2014: Write-up CTF247

This weekend we have 46 hours of hard ctf. Organization let tou play a ‘doom-style’ game that could be decompiled and must be pwned to achieve some missions. This task is one of two web challenges, a parody of CTF365 (lol).Going to ctf247.2014.ghostintheshellcode.com. was pretty simple since we notice there was

final
CTF, Wargame, XSS,

XSS Challenges

Here’s my journal to solve all the XSS Challenges writed  by yamagata21 on http://xss-quiz.int21h.jp/, This is an starter level to people who want to learn some cross-site scripting and its several ways to inject on differents browsers. XSS Challenges http://xss-quiz.int21h.jp Stage1: http://xss-quiz.int21h.jp Solution: <script>alert(document.domain);</script> Stage2: http://xss-quiz.int21h.jp/stage2.php?sid=e93e71eed43c3ab5668af6a5aa603cf66eedce70 Solution: “><script>alert( alert(document.domain))</script> Stage3: http://xss-quiz.int21h.jp/stage-3.php?sid=d362dd49b96c30f3e9a4a6ea0abafb0cef59ed2d Solution: The input in text box

CTF, Wargame,

NotSoSecure SQLi CTF – writeup

Access to challenge using a proxy like burp or zap and submit data to login. Notice the forwarded to: http://ctf.notsosecure.com/71367217217126217712/checklogin.php that contains: 7365637265745f72656769737465722e68746d6c This could be decoded ‘7365637265745f72656769737465722e68746d6c’.decode(‘hex’) in python to read secret_register.html >>> '7365637265745f72656769737465722e68746d6c'.decode('hex') 'secret_register.html' The registration page offers four fields that, when you register, create some session_id encoded

LittleSnapper
CTF, Wargame,

29C3 CTF: Node writeup

This 29C3 from Chaos Computer Club hackers. We participate as dcua team, awesome people trying the best effort for the challenges.  Nice job! Node Points: 200 Solves: 18 Description Node.js is smart, fast, easy and secure… Don’t you think so too? Hint: google and other sites always look at one file before

CTF, Wargame,

#PoliCTF 2012: “Este cifrado no es indescifrable”

This entry was a flash challenge in the PoliCTF event. The cipher was [ Vigènere (es) |  Vigènere (en) ] and the key SIXTEENTHCENTURYCRYPTO. 1. Open Cryptool and analyze Histogram, Frequency and set in text options the alphabet to use. (A-Z). Don’t identify yet? :-) YWLWIZRGPPKYHHUMPRJAHKEMCBVWGMVCTBEIXGBVDDKHZQPBRXRKYWTGBIEGFFJXDSEIKRSJLHBCTCKYTGCKCIASUWJYSVGLVHIIXLPBCPPDNHAVB-MLIFXJWVVMSFDVYCUTAATFTVXUXATEAJOZJKKWDYFWXBMMXVHUKIACIPRJVKPLAMKETWEARINSXXVLRKERWXGHQOBXSSVVOQRFIIYVZMCMVWZBUCXUHZGMZIIIRCERTOSFBPHJXUXWCWGNMLYNCWPLGGKFTXIQPPVLFHGVMPVQSXOLPLKXLRXUFSSLIDCCNDJEPDWLWCWGKBIKYXUTCNVZGTHAWKHJEABJGLBECUYAZRWHIYPQPIGBNSFQNKEKFKJLDOSEJBKXLR5MOCHNRNYYVZQHTRDGKHPSAZLTVRFYDZGICSUMLIHBRKFHTGXVFYFSVFDDNFVIFECPVOLUXBLCKBQNLPGRZISXEPVMANIPAUKRJVPTTFWWCVSYELLVLBLYNFQUMCHHOIKMYWGHZRINDCJSUGCRMSNMKGSABKKGVFTLVZGZLVLVGCQXHMAMVVIYXJYMPVQPGREMKPMXUZBPWJBFCQQFLQXCFBEXMVJTFYLLUYTYWJCLAWDMQAIXENUELRHHDYASCJLSVQKEMIHHMESAOYIQCKGDGKGZALAMYEHNANRMICVRGCMVWQOISARKDQVQLIWDGIRWXAWIKLXSZXHPMAZUEBHFPIACKMTASAVESNMFMYERJVCCNBUQXMMSAHMVVHMBRLFKFTMFMBEBWXUXYGMFLIDCVYGCZHWZOBFPLPYQRTPCKFVYGHVCMVQKCMFGAVLRKYTPWVJIROFLFGNYFMPEIVGNFJGIYCVSSVAHTTEXZUMBGUEBYYCGXCFKBRSYUTKVLRYLVCFFKIHCTRBVXXBMOKRXTHUQRVYZTGQWRLEASBAASHGINFCMCRXBKWOLERQLFUXRFMFDULPKXWDTXGGIPHLTGVGAPMWIADGTGZJBXCNGKUSYBWZRKEENHIJARUQMFLPQRUHQUGFKFXLVSXMXRAUHZVSOEUDCYVJAVSJBXBRPLMOGVRTLVRJFQTFCJMOXWTBGZKFYXNYYPFRWXFKIKWXLRRDKPYUYYCNUYRVCMVQTFPRUBVETTCERTLRWUSLWIWMJLHBTIYHIBGPXDDKHZMDNMPGRFQYAXYUMPCWAHCCQKMSEZBYTSEBEEMYNFNRCMLFWMXVDUQALHONCTVYUKOALTASABNSFRGUYNYTKCGKCJLFLIEFXAJIEXQVPGRKNKWSLLYTVBUSGQFPBZAJTMCLDAZBWXSPHYTYCMSFSTICPLCFIKWVSORVWSSRILPEFKBHBKMKLIJRTYISGMBVZGJRDYMGCXGHMARVWVCTHZAAFSINFFMAMSXUXUQAUBAYAJRLRXZDWOTHEZLBVPRKBVNTFKXLSVGLNSVQXYJICKIDGUVBNHIHMXVIEAWHNPUXXVKCEBTWWFZBMYVAPHUCBNLJGNVLIHPWLFXRXPHUUIAMFRQVEGVAHAALNKLGMVGRQMBRRUZJTGQWTXLXRVZOVMQXMKPQPCSMVWWIWFEVELAXBKYDGPURWBGUWRGXVLHMYLNMCKFCJDDKUGBQXRQBKLVLNGZFSTYSCWFWLVXEVFTNQETKYRREZRXSSFEFLLIQMVGQOXXKFGWGUMVGNKHZIZULTJBKYMCTZLDNFEMJHVCUBZJSCXQRQVFPTFWFLQAIABKSFXUTNWYKILTLGBCPMMGRTUFJEXYUMORPTFCJMQAERJHYFWGAYPYTVNTKGHMZMMZRLZQMSRILTGJCTGBGBEBRKVYAJIPKCDCUFDIAWKOLOIVAFLPXEXGRGPLLZGCOVQHCSHMOGRVPILJFJSVZSKBVHYEYEVYXUXZZDVYMUGCNMJUIVGHWCWFNHDYTBCSUILQCRSYFXLYLNMCJCGZDNHIXMBEEWVYLGPNGXZDAFSLHIDLPXIONLPUIRDNYCPZYHDMGCQHWXNGKDIFBXVKGFLTRSSZCKSQGHUKKUMILRUZBTMVWOXMIWBYWCVYBUDCPKYCWHGOBMLIEPLULNEFXGXVRWXASNFYXLBYUQZRFVVPVYYILVSTIGIZRKLXIEUYWMTXMIMVWSBRMWJXHNPYHPVQQLLSVFQXQH 2. Automatic Vigènere Decipher of the given text:

zombusiness
CTF, Wargame,

CTF Hack.lu: Mini Zombie Business (+100pt) write-up

We got to make some business with our zombie in https://ctf.fluxfingers.net:2076/mini/. There’s a zombie image and at first look we get some data encoded on it. <form/name="a"/data-a="Fcabdux ehiktgmaj:nopylqrsvf_wz(&quot;){}.?L="></form> <div/id="&#x61;"></div>//id="a" <img/src="zomb.png"/onclick="dafuq()"/> There is a <script> tag with several unescape functions and after convert it from url-encode and unicode text we get:

Wargame,

OWASP 2012 Online Competition

Para los que queráis ‘hackear’ en un entorno seguro y legal, Hacking-Lab ha promovido a través de su patrocinador OWASP un nuevo wargame con la posibilidad de ganar algún premio, como la asistencia a las AppSec USA y AppSEC Latam 2012. Personalmente me gustan este tipo de ‘challenges’, ya que despiertan en