Tag Archives: #writeup

English [IceCTF 2016] [Crypto 140 – Sand Castle] Write Up

Description

We found this very mysterious image, it doesn’t look complete and there seems to be something hidden on it… does this mean anything to you?
sandcastle_d4ba9f13fe0b0da8778f07f068c7bc2179494459d38d4a25ba5af1beb01f1201
This flag is not in the standard flag format. The flag contains digits and no special characters, convert the message to lowercase and then add IceCTF{message} to it.

Continue reading [IceCTF 2016] [Crypto 140 – Sand Castle] Write Up

English [IceCTF 2016] [Forensics 150 – Root of All Evil] Write Up

Description

Oh no! Dr.Evil managed to get into one of ours servers, we don’t know what he did. I took an image of the file system, can you take a look and see what he left behind? Note to Foreign teams: Please make a ticket when you solve Root of All Evil and make sure you include proof.

Continue reading [IceCTF 2016] [Forensics 150 – Root of All Evil] Write Up

English [ABCTF 2016] SE and XSS – The art of phishing and trolling

Impenetrable Fortress – 200 – Web Exploitation
Some times an application is secure and you have to find another way around. Log in with admin credentials and you will receive a flag. Try it here!

Hint: Gotta go around.

A national american CTF, called ABCTF, was organised by high-schoolers from July 15th to 22nd. It was pretty fun, however some challenges remained very mysterious.
Especially a web challenge, called Impenetrable Fortress. You will see in this article the way we found a very unique way of solving it, involving some Social Engineering and the exploitation of a Cross-Site-Scripting vulnerability.

This also demonstrates how using the new javascript features can lead to a powerful XSS, conducting to a very effective phishing attack.
A Proof of Concept is now available.
Continue reading [ABCTF 2016] SE and XSS – The art of phishing and trolling