[IceCTF 2016] [Forensics 150 – Root of All Evil] Write UpOh no! Dr.Evil managed to get into one of ours servers, we don’t know what he did. I took an image of the file system, can you take a look and see what he left behind? Note to Foreign teams: Please make a ticket when you solve Root of All Evil and make sure you include proof.
Continue reading [IceCTF 2016] [Forensics 150 – Root of All Evil] Write Up
[IceCTF 2016] Back on the eventHello folks,
During the last 2 weeks, the IceCTF was running and now it’s over.
We finished 15th on 1695 teams. 🙂
[Trend Micro 2016] [Misc 100 – PCAP] Write UpCategory: Misc(iot and network)
Points: 100Please analyze this pcap.
Download the fileDecrypt the downloaded file by the following command.
> unzip files21.zip
> openssl enc -d -aes-256-cbc -k gcCbBJN5pIHiL8JiJ8Xj -in files21.enc -out files21_ok.zip
> unzip files21_ok.zip
Continue reading [Trend Micro 2016] [Misc 100 – PCAP] Write Up
[Trend Micro 2016] [Misc 100 – PCAP] Write Up [ABCTF 2016] SE and XSS – The art of phishing and trollingImpenetrable Fortress – 200 – Web Exploitation
Some times an application is secure and you have to find another way around. Log in with admin credentials and you will receive a flag. Try it here!Hint: Gotta go around.
A national american CTF, called ABCTF, was organised by high-schoolers from July 15th to 22nd. It was pretty fun, however some challenges remained very mysterious.
Especially a web challenge, called Impenetrable Fortress. You will see in this article the way we found a very unique way of solving it, involving some Social Engineering and the exploitation of a Cross-Site-Scripting vulnerability.
This also demonstrates how using the new javascript features can lead to a powerful XSS, conducting to a very effective phishing attack.
A Proof of Concept is now available.
Continue reading [ABCTF 2016] SE and XSS – The art of phishing and trolling
