NullCON #ackIm CTF 2017 Write-UP(Web-1)



we are always excited for #ackIm CTF.

I was palying this CTF from 2k12. and This is the one of the best CTF I ever play.so lets not waste time and start the Journey.


When you login to Portal you find the below details.

Obliviously the first step Is to Hit the WEB challenge coz I assume that it will be easy but that assumption got killed bruatally.


So the challange was

Chris Martin wants to go home. Can you help him get there as soon as possible?
And the URL which ask for the username password.

after looking source code I notice that my scroll bar is too long




In The End i think I Found the Flag


And i think its easy but, it wasnt a flag.

it was base64  sting which gives the md5 hash

Base64 -->; MD5 -->; Coldplayparadise.


This Time I was sure that this must be username/password.


When i put this as username password.

It Gives me

Mismatch in host table! Please contact your administrator for access. IP logged.


A quick idea to add X-Forwded-For: 127.0.0.1 will give you the first flag.




And The Flag is




The flag is: 4f9361b0302d4c2f2eb1fc308587dfd6



Yay so Finally we did it. 

hope you understand that how my first assumption got brutally Killed.


Comments

Post a Comment

Popular posts from this blog

Contact US

Proven IT-Security specialist with having more than dozen of exploit published online in 0day.today, exploitdb, packetstorm, securityweek, author of few 0day and CVE, Author of K-auth authentication system and I-IPS (software appliance for IPS/IDS for small and large scale organization),Listed in few hall of fames like Apple, Nokia etc, conducted N number of VA/WA/PT for Reputed client, Implemented SIEM/SOC at large Media House, expertise in log analysis, scripting, technical audit, Linux, windows, Areas of interest in Information Security domain are: Buffer Overflows, exploitation, Reverse Engineering, Shell coding, Tool building, Malware analysis and IDS. Active Participant in Null community, designed CTF which was still unbreakable, Currently working as Sr.Security analyst at network intelligence India Pvt .Ltd prior to security 3 years of extensive experience in administration, ||Security enthusiastic || Love Coding reverse engineering Exploitation || Security analyst || Linux My L…
Read more

OverTheWire Natas Solution Level 1-10

Image
After completing bandit I can not stop myself from playing NATAS. this is again beautiful game. so here we go.
Natas Level 0 Given :- 
Username: natas0  Password: natas0  URL: http://natas0.natas.labs.overthewire.org
Solution  After Login to this page  you will get this 

Simply viewing the source you will get the password for next level

Password for natas 1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto

Natas Level 1 Given :
Username: natas1 URL: http://natas1.natas.labs.overthewire.org

Solution 
After logging Here it show's right click is disable, as I don't use mouse i just click CTRL+U  

It give us password.

key is :- ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi 
Natas Level 2 Given 
Username: natas2 URL: http://natas2.natas.labs.overthewire.org
Solution
After logging here it says Nothing is here, Next step is to view Code.

hmm here I found something suspicious in /files/pixel i just list the contain in /files  User.txt gives us the password. NATAS Level 3

 Given  Username: natas3 URL: http…
Read more

Fuzzing IoT devices for Memory corruption 0' Days.

Image
TL;DR  Summery This article is about discovering the memory corruption vulnerabilities in IoT Device, Upon reading this article you will understand from setting up device for fuzzing to developing a complete working exploit. what we called it Zero to hero kind of stuff also you can expect a lot of memes and some extra ज्ञान..  
Prerequisite   Before we start I would like to give some basics about the post and terms which we are using here.
IoT Devices

IoT Devices generally consist of RISC mechanism those who are not able to recollect this you can remember your old days of engineering where you might have broke your head for understanding the  working of 8041/8051 micro-controllers. so RISC stands for Reduced Instruction Set Computer and below are the list of processor which you can see widely used in IoT. MIPS.ARM.ST Micro-controller.MediaTek MT3620.Quectel BG96. There are plenty of resources available on internet to read/explore about this stuff. so suggest have a look at datasheets …
Read more