picoCTF 2022: web – Inspect HTML

Ulli Weichert/ April 7, 2022/ IT-Security, Write-Ups/ 0Kommentare

Inspect HTML Description Can you get the flag? Go to this website and see what you can discover. Solving Downloaded website via ‚wget http://saturn.picoctf.net:49609/‘ or inspect the website directly. Looked into the file via ‚vi‘. At the end is a comment with the flag. For flag use ‚./get_flag.sh‘ #!/bin/bash wget "http://saturn.picoctf.net:49609/index.html" grep -o "picoCTF{.*}" index.html rm -rf index.html

picoCTF 2022: web – Forbidden Paths

Ulli Weichert/ April 7, 2022/ IT-Security, Write-Ups/ 0Kommentare

Forbidden Paths Description Can you get the flag? Here’s the website. We know that the website files live in ‚/usr/share/nginx/html/‘ and the flag is at ‚/flag.txt‘ but the website is filtering absolute file paths. Can you get past the filter to read the flag? Solving Open the site and you will see a form, where you can read files. Some

Weiterlesen

picoCTF 2022: forensics – Torrent Analyze

Ulli Weichert/ April 5, 2022/ IT-Security, Write-Ups/ 0Kommentare

Torrent Analyze Description SOS, someone is torrenting on our network. One of your colleagues has been using torrent to download some files on the company’s network. Can you identify the file(s) that were downloaded? The file name will be the flag, like picoCTF{filename}. Captured traffic. Solving Loading the pcap file into wireshark and started looking at it. At the beginning

Weiterlesen

picoCTF 2022: forensics – St3g0

Ulli Weichert/ April 5, 2022/ IT-Security, Write-Ups/ 0Kommentare

St3g0 Description Download this image and find the flag. Download image Solving Looking at the hint We know the end sequence of the message will be $t3g0. Okay, I did some google research with that $t3g0 and found an interessting article. Downloaded the script from the github repo run it with the image FLAG 🙂 #import libraries import sys import

Weiterlesen