Description
Hey, I made my first website today.
It’s pretty cool and web 7.9.
http://web.chal.csaw.io:8000/
All posts by vic511
[ABCTF 2016] SE and XSS – The art of phishing and trolling
Impenetrable Fortress – 200 – Web Exploitation
Some times an application is secure and you have to find another way around. Log in with admin credentials and you will receive a flag. Try it here!Hint: Gotta go around.
A national american CTF, called ABCTF, was organised by high-schoolers from July 15th to 22nd. It was pretty fun, however some challenges remained very mysterious.
Especially a web challenge, called Impenetrable Fortress. You will see in this article the way we found a very unique way of solving it, involving some Social Engineering and the exploitation of a Cross-Site-Scripting vulnerability.
This also demonstrates how using the new javascript features can lead to a powerful XSS, conducting to a very effective phishing attack.
A Proof of Concept is now available.
Continue reading [ABCTF 2016] SE and XSS – The art of phishing and trolling
[Secuinside 2016] [Web 100 – trendyweb] Write up
Description
Trendy~! Web~
The flag reader is on /.http://chal.cykor.kr:8082
http://52.78.11.234:8082p.s.
If the download doesn’t work, try this:
https://gist.github.com/Jinmo/e49dfef9b7325acb12566de3a7f88859and it requires data/ folder
Continue reading [Secuinside 2016] [Web 100 – trendyweb] Write up
[NDH 2016] [CRACKME 150 – Don’t be too Evil. Just a little bit.] Write Up
Description
Only true Evil people can access this flag!
Thank you, Steven M. Bellovin !
- Score
- 150
- Link
- telnet://evil.wargame.ndh:3514
Continue reading [NDH 2016] [CRACKME 150 – Don’t be too Evil. Just a little bit.] Write Up
[Internetwache CTF 2016] [Exploit 60 – EquationSolver] Write Up
Description
I created a program for an unsolveable equation system. My friend somehow forced it to solve the equations. Can you tell me how he did it?
Service: 188.166.133.53:12049
Continue reading [Internetwache CTF 2016] [Exploit 60 – EquationSolver] Write Up