Browsing Category


CTF, labs, Wargame,

IHackLabs, aprende de los mejores

Introducción Recientemente he probado «IHackLabs», una plataforma de aprendizaje, laboratorios y certificaciones para estudiantes y profesionales. Me he reunido con Diana y Carlos, la gente detrás de esta idea, en «Sh3llCON2017 Congreso de Seguridad». Todo el trabajo en torno a los laboratorios están destinados a reproducir los ejercicios del mundo

CTF, Wargame, XSS,

XSS Challenges

Here’s my journal to solve all the XSS Challenges writed  by yamagata21 on, This is an starter level to people who want to learn some cross-site scripting and its several ways to inject on differents browsers. XSS Challenges Stage1: Solution: <script>alert(document.domain);</script> Stage2: Solution: «><script>alert( alert(document.domain))</script> Stage3: Solution: The input in text box

CTF, Wargame,

NotSoSecure SQLi CTF – writeup

Access to challenge using a proxy like burp or zap and submit data to login. Notice the forwarded to: that contains: 7365637265745f72656769737465722e68746d6c This could be decoded ‘7365637265745f72656769737465722e68746d6c’.decode(‘hex’) in python to read secret_register.html >>> '7365637265745f72656769737465722e68746d6c'.decode('hex') 'secret_register.html' The registration page offers four fields that, when you register, create some session_id encoded

CTF, Wargame,

29C3 CTF: Node writeup

This 29C3 from Chaos Computer Club hackers. We participate as dcua team, awesome people trying the best effort for the challenges.  Nice job! Node Points: 200 Solves: 18 Description Node.js is smart, fast, easy and secure… Don’t you think so too? Hint: google and other sites always look at one file before

CTF, Wargame,

CTF Mini Zombie Business (+100pt) write-up

We got to make some business with our zombie in There’s a zombie image and at first look we get some data encoded on it. <form/name="a"/data-a="Fcabdux ehiktgmaj:nopylqrsvf_wz(&quot;){}.?L="></form> <div/id="&#x61;"></div>//id="a" <img/src="zomb.png"/onclick="dafuq()"/> There is a <script> tag with several unescape functions and after convert it from url-encode and unicode text we get:


OWASP 2012 Online Competition

Para los que queráis ‘hackear’ en un entorno seguro y legal, Hacking-Lab ha promovido a través de su patrocinador OWASP un nuevo wargame con la posibilidad de ganar algún premio, como la asistencia a las AppSec USA y AppSEC Latam 2012. Personalmente me gustan este tipo de ‘challenges’, ya que despiertan en