NullCON #ackIm CTF 2017 Write-UP(Web-1)

Posted On // Leave a Comment


we are always excited for #ackIm CTF.

I was palying this CTF from 2k12. and This is the one of the best CTF I ever play.so lets not waste time and start the Journey.


When you login to Portal you find the below details.

Obliviously the first step Is to Hit the WEB challenge coz I assume that it will be easy but that assumption got killed bruatally.


So the challange was

Chris Martin wants to go home. Can you help him get there as soon as possible?
And the URL which ask for the username password.

after looking source code I notice that my scroll bar is too long




In The End i think I Found the Flag


And i think its easy but, it wasnt a flag.

it was base64  sting which gives the md5 hash

Base64 -->; MD5 -->; Coldplayparadise.


This Time I was sure that this must be username/password.


When i put this as username password.

It Gives me

Mismatch in host table! Please contact your administrator for access. IP logged.


A quick idea to add X-Forwded-For: 127.0.0.1 will give you the first flag.




And The Flag is




The flag is: 4f9361b0302d4c2f2eb1fc308587dfd6



Yay so Finally we did it. 

hope you understand that how my first assumption got brutally Killed.


[Read more]

diff alternative for window

Posted On // Leave a Comment
Dear all


Background :- you must wondering why i am writing this but believe me when you have only windows environment without internet access its hell lot of difficult to find the difference.

Scenario :- you have two csv/text/xls  that having more than 10k Lines and you need to find out the difference in between. condition is that you have only windows machine that too without internet access.

...So after googling on my cellphone i come up with command call fc which save my life ;) from performing too many manual check to automating whole task.


Example:-  We have two file with below data

                     File 1                                                                          File 2 

This data is same                                                                   This data is same
This data is missing


Now See how fc find the difference




Note :- White space make's hell lot of difference in result.





[Read more]

How to get registry value using cmd

Posted On // Leave a Comment
HI ALL,

While I was working on automation somewhere, I came across situation where I need registry value to validate in script. so hunt began guess simply typing reg command in cmd and wow the command return valid.

Reg /?

So after looking help I understand  that either export will help me or query

Task was to get the firewall setting firewall state of windows, so after googling  I got the below path

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\

Then running reg query path-to-query  got expected out output

C:\>reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\Dom
ainProfile\

 HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile
    DisplayNotification    REG_DWORD    0x1
    DefaultInboundAction    REG_DWORD    0x1
    AllowLocalIPsecPolicyMerge    REG_DWORD    0x1
    AllowLocalPolicyMerge    REG_DWORD    0x1
    DefaultOutboundAction    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x0



Simply using findstr will give us expected output 

C:\>reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\Dom
ainProfile\ | findstr /i "Enable"

    EnableFirewall    REG_DWORD    0x0





So using reg query you can query any registry key  and using reg export you can export the key into specific files


Below is the quick powershell  script which checks  verify the key value

Script:




Sample Output:



-Kaustubh

[Read more]

How to verify Windows credential using command line

Posted On // Leave a Comment
HI All,

We were working on some assignment where we had requirement to verify the credential using command line

After fighting a lot with net command I came to conclusion that we can map a domain default share using net use command.

So simple script which try to authenticate with given credential to domain using net use.

Script:-



Note :- password is not masked in script.

Sample Output :-




-Kaustubh

[Read more]

How To Get Windows Audit Policy Using Command Line

Posted On // Leave a Comment
Hi All

A quick tip for windows cmd lovers

fetching audit policy is always a pain, many of us are not aware of the small utility by windows called as command auditpol.

Auditpol 

Auditpol is the simple command line utility which  give us the audit policy in windows 

Usage

auditpol


Auditpol give us complete detailed view of audit policy it follows the below syntax 

Auditpol command (get/set/list/backup/restore/clear/remove) Optional(user/domain)category, subcategory   

As the first time user we are not aware of category so first task is to find category 

auditpol /list /category  : This will give us the category present in server 
Account Logon
Account Management
Detailed Tracking
DS Access
Logon/Logoff
Object Access
Policy Change
Privilege Use
System

Same way we can list the subcategory 

auditpol /list /subcategory:"Account Logon"

Now we will see how it will fetch the values of policy using auditpol 

Auditpol /get /category:"Account Logon","Logon /Logoff" 


Note :- You can list one or more categories using comma separated values 

Happy Auditing.. :)
[Read more]

OverTheWire Natas Solution Level 1-10

Posted On // Leave a Comment
After completing bandit I can not stop myself from playing NATAS. this is again beautiful game. so here we go.

Natas Level 0

Given :- 

Username: natas0 
Password: natas0 
URL: http://natas0.natas.labs.overthewire.org

Solution 
After Login to this page  you will get this 


Simply viewing the source you will get the password for next level


Password for natas 1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto


Natas Level 1

Given :

Username: natas1
URL:      http://natas1.natas.labs.overthewire.org


Solution 

After logging Here it show's right click is disable, as I don't use mouse i just click CTRL+U  


It give us password.


key is :- ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi 

Natas Level 2

Given 

Username: natas2
URL:      http://natas2.natas.labs.overthewire.org

Solution

After logging here it says Nothing is here, Next step is to view Code. 


hmm here I found something suspicious in /files/pixel i just list the contain in /files 
 
User.txt gives us the password.
 
NATAS Level 3

Given 
Username: natas3
URL:      http://natas3.natas.labs.overthewire.org

Solution
After login here It Says nothing. 

After viewing Source code it shows Even google cant find This First thing Click on my mind is robot.txt and its a correct guess


here You will get the path to key 




And the Key is here
key :- Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ

NATAS 4

Given 
Username: natas4
URL:      http://natas4.natas.labs.overthewire.org

This level is fairly easy when you logged in with credential you will get this 
 
This clearly tells us to change the referrer to given url once you change the header you will get the key


key :-iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq


NATAS 5

Given 
Username: natas5
URL:      http://natas5.natas.labs.overthewire.org

In this level once you logged in with credential It Says you are not Logged in.
 
with little bit knowledge of webapp first thought came in mind is to check cookie and pointed it to right direction > ctrl+shift+i > alert(document.cookie) shows loggedin=0 simply changing this to 1 gives the key

key :- aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1

NATAS Level 6
Given 
Username: natas6
URL:      http://natas6.natas.labs.overthewire.org

Solution

As level is getting high game is becoming more and more interested After logging in it ask to enter secret and the option which says view source code i clicked on that i got clue.



Source code clearly state that Secret is in includes/secret.inc

Entering that secret will give us key for next Level


Key :- 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9

NATAS LEVEL 7

Given 
Username: natas7
URL:      http://natas7.natas.labs.overthewire.org

Solution
This level also follow same pattern but with Directory trivial Logging shows nothing
 
Then Source Code Gives the path to files 
Navigating to path Gives us key to next Level


key :- DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe

NATAS 8

Given 
Username: natas8
URL:      http://natas8.natas.labs.overthewire.org

Solution
From here they Start making game lil bit tough  After logging the ask to enter the Secret 
When we glance on code it shows that secret is getting encode using php script so next step is to decode the same using same function copying that code and changing encode to decode will give us secret 
  
And that secret give key to LEVEL 9 

Key is :- W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl

Natas 9

Given 
Username: natas9
URL:      http://natas9.natas.labs.overthewire.org

Solutions 
The Real game begin here first hard task start here. it ask for find word contain  

looking at the code what we understand that Linux command execute without any Sanity  so lets make out hands dirty by rce simply entering keyword; ls /etc/ gives /etc/natas_webpass/



Further cat /etc/natas_webpass/natas10 gives us the key for next level



Key :- nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu

Natas 10

Given 
Username: natas10
URL:      http://natas10.natas.labs.overthewire.org

This time they add some sanity but the way is also cool to solve this


Code shows that it will not allow & and ; but here we got that it use preg_match so lets try searching this .* /etc/natas_webpass/natas11 and hurry we get key

Here is the key


Key  :- U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK

Cheers

Enough for today now will write remaining tomorrow....

Stay tuned



[Read more]

OverTheWire Bandit Solution's.

Posted On // Leave a Comment
OverTheWire WarGame Bandit Solution's. 

A superb game by overthewire a very good brain exercise... 

Anyone who want to optimize Linux Skills must try this.... Highly appreciated Below are the screenshot's I captured while playing  


Level 0



Level 1

  

Level 2



Level 3



Level 4



Level 5



Level 6


Level 8


Level 9


Level 10

Key :- truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk


Level 11


Key :- IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

Level 12



Key :- 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

Level 14


Key :- 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

Level 15


Key :- BfMYroe26WYalil77FoDi9qh59eK5xNr

Level 16



key:- cluFn7wTiGryunymYOu4RcffSxQluehd

Level 17


Key :- kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

Level 18


Key :-IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

Level 19


Key :- GbKksEFF4yrVs6il55v6gwY5aVje5f0j


Level 20


Key :-gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr

Level 21


Key:-Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI

Level 22


Key :- jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n

Level 23


Key :- UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ

Level 24


Key :- uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG

Level 26


Key :- 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z

Superb journey End Here with Super class trick ;) 

Enjoy...........


[Read more]