English [Trend Micro 2016] [Misc 100 – PCAP] Write Up


Category: Misc(iot and network)
Points: 100

Please analyze this pcap.
Download the file

Decrypt the downloaded file by the following command.

> unzip files21.zip
> openssl enc -d -aes-256-cbc -k gcCbBJN5pIHiL8JiJ8Xj -in files21.enc -out files21_ok.zip
> unzip files21_ok.zip

Continue reading [Trend Micro 2016] [Misc 100 – PCAP] Write Up

English [ABCTF 2016] SE and XSS – The art of phishing and trolling

Impenetrable Fortress – 200 – Web Exploitation
Some times an application is secure and you have to find another way around. Log in with admin credentials and you will receive a flag. Try it here!

Hint: Gotta go around.

A national american CTF, called ABCTF, was organised by high-schoolers from July 15th to 22nd. It was pretty fun, however some challenges remained very mysterious.
Especially a web challenge, called Impenetrable Fortress. You will see in this article the way we found a very unique way of solving it, involving some Social Engineering and the exploitation of a Cross-Site-Scripting vulnerability.

This also demonstrates how using the new javascript features can lead to a powerful XSS, conducting to a very effective phishing attack.
A Proof of Concept is now available.
Continue reading [ABCTF 2016] SE and XSS – The art of phishing and trolling