NullCON #ackIm CTF 2017 Write-UP(Web-1)

Posted On // Leave a Comment

we are always excited for #ackIm CTF.

I was palying this CTF from 2k12. and This is the one of the best CTF I ever lets not waste time and start the Journey.

When you login to Portal you find the below details.

Obliviously the first step Is to Hit the WEB challenge coz I assume that it will be easy but that assumption got killed bruatally.

So the challange was

Chris Martin wants to go home. Can you help him get there as soon as possible?
And the URL which ask for the username password.

after looking source code I notice that my scroll bar is too long

In The End i think I Found the Flag

And i think its easy but, it wasnt a flag.

it was base64  sting which gives the md5 hash

Base64 -->; MD5 -->; Coldplayparadise.

This Time I was sure that this must be username/password.

When i put this as username password.

It Gives me

Mismatch in host table! Please contact your administrator for access. IP logged.

A quick idea to add X-Forwded-For: will give you the first flag.

And The Flag is

The flag is: 4f9361b0302d4c2f2eb1fc308587dfd6

Yay so Finally we did it. 

hope you understand that how my first assumption got brutally Killed.

[Read more]

diff alternative for window

Posted On // Leave a Comment
Dear all

Background :- you must wondering why i am writing this but believe me when you have only windows environment without internet access its hell lot of difficult to find the difference.

Scenario :- you have two csv/text/xls  that having more than 10k Lines and you need to find out the difference in between. condition is that you have only windows machine that too without internet access.

...So after googling on my cellphone i come up with command call fc which save my life ;) from performing too many manual check to automating whole task.

Example:-  We have two file with below data

                     File 1                                                                          File 2 

This data is same                                                                   This data is same
This data is missing

Now See how fc find the difference

Note :- White space make's hell lot of difference in result.

[Read more]

How to get registry value using cmd

Posted On // Leave a Comment

While I was working on automation somewhere, I came across situation where I need registry value to validate in script. so hunt began guess simply typing reg command in cmd and wow the command return valid.

Reg /?

So after looking help I understand  that either export will help me or query

Task was to get the firewall setting firewall state of windows, so after googling  I got the below path


Then running reg query path-to-query  got expected out output

C:\>reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\Dom

    DisplayNotification    REG_DWORD    0x1
    DefaultInboundAction    REG_DWORD    0x1
    AllowLocalIPsecPolicyMerge    REG_DWORD    0x1
    AllowLocalPolicyMerge    REG_DWORD    0x1
    DefaultOutboundAction    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x0

Simply using findstr will give us expected output 

C:\>reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\Dom
ainProfile\ | findstr /i "Enable"

    EnableFirewall    REG_DWORD    0x0

So using reg query you can query any registry key  and using reg export you can export the key into specific files

Below is the quick powershell  script which checks  verify the key value


Sample Output:


[Read more]

How to verify Windows credential using command line

Posted On // Leave a Comment
HI All,

We were working on some assignment where we had requirement to verify the credential using command line

After fighting a lot with net command I came to conclusion that we can map a domain default share using net use command.

So simple script which try to authenticate with given credential to domain using net use.


Note :- password is not masked in script.

Sample Output :-


[Read more]

How To Get Windows Audit Policy Using Command Line

Posted On // Leave a Comment
Hi All

A quick tip for windows cmd lovers

fetching audit policy is always a pain, many of us are not aware of the small utility by windows called as command auditpol.


Auditpol is the simple command line utility which  give us the audit policy in windows 



Auditpol give us complete detailed view of audit policy it follows the below syntax 

Auditpol command (get/set/list/backup/restore/clear/remove) Optional(user/domain)category, subcategory   

As the first time user we are not aware of category so first task is to find category 

auditpol /list /category  : This will give us the category present in server 
Account Logon
Account Management
Detailed Tracking
DS Access
Object Access
Policy Change
Privilege Use

Same way we can list the subcategory 

auditpol /list /subcategory:"Account Logon"

Now we will see how it will fetch the values of policy using auditpol 

Auditpol /get /category:"Account Logon","Logon /Logoff" 

Note :- You can list one or more categories using comma separated values 

Happy Auditing.. :)
[Read more]

OverTheWire Natas Solution Level 1-10

Posted On // Leave a Comment
After completing bandit I can not stop myself from playing NATAS. this is again beautiful game. so here we go.

Natas Level 0

Given :- 

Username: natas0 
Password: natas0 

After Login to this page  you will get this 

Simply viewing the source you will get the password for next level

Password for natas 1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto

Natas Level 1

Given :

Username: natas1


After logging Here it show's right click is disable, as I don't use mouse i just click CTRL+U  

It give us password.

key is :- ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi 

Natas Level 2


Username: natas2


After logging here it says Nothing is here, Next step is to view Code. 

hmm here I found something suspicious in /files/pixel i just list the contain in /files 
User.txt gives us the password.
NATAS Level 3

Username: natas3

After login here It Says nothing. 

After viewing Source code it shows Even google cant find This First thing Click on my mind is robot.txt and its a correct guess

here You will get the path to key 

And the Key is here
key :- Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ


Username: natas4

This level is fairly easy when you logged in with credential you will get this 
This clearly tells us to change the referrer to given url once you change the header you will get the key

key :-iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq


Username: natas5

In this level once you logged in with credential It Says you are not Logged in.
with little bit knowledge of webapp first thought came in mind is to check cookie and pointed it to right direction > ctrl+shift+i > alert(document.cookie) shows loggedin=0 simply changing this to 1 gives the key

key :- aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1

NATAS Level 6
Username: natas6


As level is getting high game is becoming more and more interested After logging in it ask to enter secret and the option which says view source code i clicked on that i got clue.

Source code clearly state that Secret is in includes/

Entering that secret will give us key for next Level

Key :- 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9


Username: natas7

This level also follow same pattern but with Directory trivial Logging shows nothing
Then Source Code Gives the path to files 
Navigating to path Gives us key to next Level

key :- DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe


Username: natas8

From here they Start making game lil bit tough  After logging the ask to enter the Secret 
When we glance on code it shows that secret is getting encode using php script so next step is to decode the same using same function copying that code and changing encode to decode will give us secret 
And that secret give key to LEVEL 9 

Key is :- W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl

Natas 9

Username: natas9

The Real game begin here first hard task start here. it ask for find word contain  

looking at the code what we understand that Linux command execute without any Sanity  so lets make out hands dirty by rce simply entering keyword; ls /etc/ gives /etc/natas_webpass/

Further cat /etc/natas_webpass/natas10 gives us the key for next level

Key :- nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu

Natas 10

Username: natas10

This time they add some sanity but the way is also cool to solve this

Code shows that it will not allow & and ; but here we got that it use preg_match so lets try searching this .* /etc/natas_webpass/natas11 and hurry we get key

Here is the key

Key  :- U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK


Enough for today now will write remaining tomorrow....

Stay tuned

[Read more]

OverTheWire Bandit Solution's.

Posted On // Leave a Comment
OverTheWire WarGame Bandit Solution's. 

A superb game by overthewire a very good brain exercise... 

Anyone who want to optimize Linux Skills must try this.... Highly appreciated Below are the screenshot's I captured while playing  

Level 0

Level 1


Level 2

Level 3

Level 4

Level 5

Level 6

Level 8

Level 9

Level 10

Key :- truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

Level 11

Key :- IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

Level 12

Key :- 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

Level 14

Key :- 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

Level 15

Key :- BfMYroe26WYalil77FoDi9qh59eK5xNr

Level 16

key:- cluFn7wTiGryunymYOu4RcffSxQluehd

Level 17

Key :- kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

Level 18

Key :-IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

Level 19

Key :- GbKksEFF4yrVs6il55v6gwY5aVje5f0j

Level 20

Key :-gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr

Level 21


Level 22

Key :- jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n

Level 23

Key :- UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ

Level 24

Key :- uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG

Level 26

Key :- 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z

Superb journey End Here with Super class trick ;) 


[Read more]