MACDONALDS I’m a huge Ronald fan. My fan page doubles down as my cloud storage page! You’ll never find my secrets! http://server.challenge.ctf.thefewchosen.com:1339 Todos Okay, after opening the webservice we get some hints for the webserver he is hosting on his macos we were looking into some google research. There are quite some issues with this .DS_Store files. Okay lets try,
I recently wrote a Flask web application in Python. When I put it online, I of course ran Nikto over it. Since I was immediately confronted with the usual suspects, I wanted to write down the solution for this weak point as a reminder to myself and possibly for your support. Vulnerabilities What vulnerabilities do we encounter again and again?
Deep Bielsa: ‚A man with new ideas is a madman, until his ideas triumph‘ Given is this foto: Todos Okay guys – this one is an easy one, but I did not solved that by my own! My personal rabbitholes Disclaimer: I couldn’t solve the challenge and had to bang my head on the edge of the table for hours
Noise Messi: ‚When the year starts, the objective is to win with all the team, personal records are secondary‘ Todos Given was this picture: In this stego challenges the first approach is to check the file type and look for some strings. $ ~ # file challenge.png challenge.png: PNG image data, 926 x 1262, 8-bit grayscale, non-interlaced That looks normal…
Friends Bielsa: ‚Everything is allowed, except stop fighting‘ Given was this image: Todos Like always – I check strings and exiftools and the file itself! But no command give us something. $ ~ # file messi.jpg messi.jpg: JPEG image data, JFIF standard 1.01, aspect ratio, density 1×1, segment length 16, baseline, precision 8, 720×628, components 3 exiftool messi.jpg > messi.jpg_exifdata
K3RN3L CTF 202 Zabomb You received a suspicious file from the k3rn3l4rmy hacking group, the title says, ‘Not a Zip Bomb, Please Open’, you decide NOT to open it and instead try to reverse it. It is recommended that you do NOT open this, it will fill your entire disk. Solving the challenge Luckily unzip was not able to do
3in1 Description Like Nescafeeeee! Attachments https://ctf.k3rn3l4rmy.com/kernelctf-distribution-challs/nescafeee/AES.py Todos To decrypt the string in the given AES.py script (String is in scriptfile as a comment). from Crypto.Cipher import AES from Crypto.Hash import SHA256 f = open('progress.txt', 'r') password = ("abda") hash_obj = SHA256.new(password.encode('utf-8')) hkey = hash_obj.digest() def encrypt(info): msg = info BLOCK_SIZE = 16 PAD = "{" padding = lambda s: s
DamCTF 2021 rev/seed m0x Having a non-weak seed when generating "random" numbers is super important! Can you figure out what is wrong with this PRNG implementation? seed.py is the Python script used to generate the flag for this challenge. log.txt is the output from the script when the flag was generated. What is the flag? Downloads log.txt seed.py Given was
DamCTF 2021 malware/sneaky-script (forensics/rev) captainGeech We recovered a malicious script from a victim environment. Can you figure out what it did and if any sensitive information was exfiltrated? We were able to export some PCAP data from their environment as well. Downloads files.zip Given was a pcap file and a bash script. -rwxr-xr-x 1 root root 516 5. Nov 05:35
DamCTF 2021 misc/bad-patterns BaboonWithTheGoon A hacker was too lazy to do proper encryption. However, they left us some examples of how their encryption "algo" was supposed to work. original text : "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris