NullCON #ackIm CTF 2017 Write-UP(Web-1)



we are always excited for #ackIm CTF.

I was palying this CTF from 2k12. and This is the one of the best CTF I ever play.so lets not waste time and start the Journey.


When you login to Portal you find the below details.

Obliviously the first step Is to Hit the WEB challenge coz I assume that it will be easy but that assumption got killed bruatally.


So the challange was

Chris Martin wants to go home. Can you help him get there as soon as possible?
And the URL which ask for the username password.

after looking source code I notice that my scroll bar is too long




In The End i think I Found the Flag


And i think its easy but, it wasnt a flag.

it was base64  sting which gives the md5 hash

Base64 -->; MD5 -->; Coldplayparadise.


This Time I was sure that this must be username/password.


When i put this as username password.

It Gives me

Mismatch in host table! Please contact your administrator for access. IP logged.


A quick idea to add X-Forwded-For: 127.0.0.1 will give you the first flag.




And The Flag is




The flag is: 4f9361b0302d4c2f2eb1fc308587dfd6



Yay so Finally we did it. 

hope you understand that how my first assumption got brutally Killed.


Comments

Post a Comment

Popular posts from this blog

Contact US

Proven IT-Security specialist with having more than dozen of exploit published online in  0day.today, exploitdb, packetstorm, securityweek , author of few 0day and CVE, Author of  K-auth authentication system  and  I-IPS  (software appliance for IPS/IDS for small and large scale organization),Listed in few hall of fames like Apple, Nokia etc, conducted N number of VA/WA/PT for Reputed client, Implemented SIEM/SOC at large Media House, expertise in log analysis, scripting, technical audit, Linux, windows, Areas of interest in Information Security domain are: Buffer Overflows, exploitation, Reverse Engineering, Shell coding, Tool building, Malware analysis and IDS. Active Participant in Null community, designed CTF which was still unbreakable, Currently working as Sr.Security analyst at network intelligence India Pvt .Ltd prior to security 3 years of extensive experience in administration, ||Security enthusiastic || Love Coding reverse engineering Exploitation || Security analyst ||
Read more

OverTheWire Natas Solution Level 1-10

Image
After completing bandit I can not stop myself from playing NATAS. this is again beautiful game. so here we go. Natas Level 0 Given :-  Username: natas0  Password: natas0  URL: http://natas0.natas.labs.overthewire.org Solution  After Login to this page  you will get this  Simply viewing the source you will get the password for next level Password for natas 1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto Natas Level 1 Given : Username: natas1 URL: http://natas1.natas.labs.overthewire.org Solution  After logging Here it show's right click is disable, as I don't use mouse i just click CTRL+U   It give us password. key is :- ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi  Natas Level 2 Given  Username: natas2 URL: http://natas2.natas.labs.overthewire.org Solution After logging here it says Nothing is here, Next step is to view Code.   hmm here I found something suspicious in /files/pixe
Read more

The Story of Blind SSRF leads to internal Host discovery.

Image
Background  After reading a Lots of tweets on SSRF, I have decided to test for only SSRF for bug bounty. Generally I work on Synack platform due to precise scope and response time.  I Love Hackerone also  but due to limited resource and lack of automation I fails/hate to to do lots of discovery stuff. whether its a content discovery or assets discovery I hate both lol.  Because sometimes it take too long on my  intel Core i5 with 16 GB and 20MBPS connection just to discover a assest/content, Hence I prefer to have a defined scope for testing so that I can spend more time on  or sharpening the my testing skills than Discovery skills.  Approach Since on this platform also there are many targets and many skilled researcher hence you have to be very specific while selecting targets, its really hard to believe that the bug submitted after 20 Mins of target getting Live can be dup and the bug identifier says your  bug id is targetname-13  I mean what..! 13 Bugs in 20 Mins, How
Read more