Tag Archives: #ctf
[ABCTF 2016] SE and XSS – The art of phishing and trolling
Impenetrable Fortress – 200 – Web Exploitation
Some times an application is secure and you have to find another way around. Log in with admin credentials and you will receive a flag. Try it here!Hint: Gotta go around.
A national american CTF, called ABCTF, was organised by high-schoolers from July 15th to 22nd. It was pretty fun, however some challenges remained very mysterious.
Especially a web challenge, called Impenetrable Fortress. You will see in this article the way we found a very unique way of solving it, involving some Social Engineering and the exploitation of a Cross-Site-Scripting vulnerability.
This also demonstrates how using the new javascript features can lead to a powerful XSS, conducting to a very effective phishing attack.
A Proof of Concept is now available.
Continue reading [ABCTF 2016] SE and XSS – The art of phishing and trolling
[Secuinside 2016] [Web 100 – trendyweb] Write up
Description
Trendy~! Web~
The flag reader is on /.http://chal.cykor.kr:8082
http://52.78.11.234:8082p.s.
If the download doesn’t work, try this:
https://gist.github.com/Jinmo/e49dfef9b7325acb12566de3a7f88859and it requires data/ folder
Continue reading [Secuinside 2016] [Web 100 – trendyweb] Write up
[NDH 2016] Back on the event
Hello everyone,
This week-end was THE week-end. We were on the Nuit Du Hack, one of the most known french conference and CTF.
From Saturday 10AM to Sunday 7AM, there was talks, workshops, and challenges.
The organizers were here for us also, which is really nice 🙂
[NDH 2016] [FORENSICS 200 – I’M AFRAID OF A GH0ST NAMED POISON IVY] Write Up
Description
You must find the flag.
Download the pcap : poisonIvy.pcap
Continue reading [NDH 2016] [FORENSICS 200 – I’M AFRAID OF A GH0ST NAMED POISON IVY] Write Up