728x90
반응형

Tenable

The ultimate mutant marvel team-up

install nessus essentials

 

import it

 

export it

 

open with xml


Forensics

H4ck3R_m4n exp0sed! 1

 

extract butter.jpg


H4ck3R_m4n exp0sed! 2

 

extract it


H4ck3R_m4n exp0sed! 3

 

use dataz

hex -> ascii -> base64 -> hex -> jpg file


Cat Taps

usb keyboard packet capture file

github.com/TeamRocketIst/ctf-usb-keyboard-parser

 

TeamRocketIst/ctf-usb-keyboard-parser

This is the updated script from https://teamrocketist.github.io/2017/08/29/Forensics-Hackit-2017-USB-ducker/ - TeamRocketIst/ctf-usb-keyboard-parser

github.com

hmm

 

abawazeeer.medium.com/kaizen-ctf-2018-reverse-engineer-usb-keystrok-from-pcap-file-2412351679f4

 

kaizen-ctf 2018 — Reverse Engineer usb keystrok from pcap file

yesterday was a great experience for me to attend all kind of joubert , one of the challenges i could not solve and understand in the…

abawazeeer.medium.com


Fix Me

There are dummy bytes between chunks.

 

Check position of dummy bytes using tweakPNG.exe

and then remove dummy bytes using HxD.

repeat.


Stego

Easy Stego

stegsolve.jar

 

stegsolve.jar


Hackerman

 


Numerological

 

3637 3639 3734 3265 3639 3666 3266 3461 3734 3461 3631 3538


Weird Transmission

ourcodeworld.com/articles/read/956/how-to-convert-decode-a-slow-scan-television-transmissions-sstv-audio-file-to-images-using-qsstv-in-ubuntu-18-04

 

How to convert (decode) a Slow-Scan Television transmissions (SSTV) audio file to images using QSSTV in Ubuntu 18.04

Learn how to convert an SSTV audio file to an image using the QSSTV in your Ubuntu 18.04 Desktop.

ourcodeworld.com


Reverse Engineering

The only tool you'll ever need


Pwntown 1

i just ran the corrdior in normal then flag was out. hmm


Crypto

Easy Peasy

base64 -> hex2ascii -> caesar cipher


Web App

Stay Away Creepy Crawlers

at ./robots.txt

728x90

Can't find it

 

flag is at a 404 not found page.


Source of All Evil


Show me what you got

directory indexing

 

flag is at ./images/alidi3sd.txt


Certificate of Authenticity

go to https://

get a certificate


Ripper Doc

./certified_rippers.php

edit cookie false to true


Headers for you inspiration


 

Spring MVC 1


Spring MVC 2


Spring MVC 3


Spring MVC 4


Spring MVC 5


Spring MVC 6


Spring MVC 7 (Hiding in Plain Sight)

./?name=please


Spring MVC 8 (Sessionable)

./other?name=admin

and go ./


Follow The Rabbit Hole

output -> hex -> png file


Misc

Esoteric

--[----->+<]>.++++++.-----------.++++++.[----->+<]>.----.---.+++[->+++<]>+.-------.++++++++++.++++++++++.++[->+++<]>.+++.[--->+<]>----.+++[->+++<]>++.++++++++.+++++.--------.-[--->+<]>--.+[->+++<]>+.++++++++.>--[-->+++<]>.

 

brainfuck

www.dcode.fr/brainfuck-language

 

Brainfuck Language - Online Decoder, Translator, Interpreter

Tool to decode/encode in Brainfuck. Brainf**k is a minimalist programmation language that takes its name from two words that refer to a kind of cerebral masturbation.

www.dcode.fr


Quit messing with my flags


Find the encoding

base58


One Byte at a Time

we know flag starts with "flag{"

then we can get xor key "0x77", "0x10", "0x02"

brute force it!


Not JSON

 

base64 to hex

 

abcdefghjiklmnopqrstuvwxyz_{} is table

index : dummy 1byte : data

05 0B 00 06 1B 12 0E 0d 1A 0E 05 1A 00 1A 01 12 0E 0D 1C

to dec

and +1


Forwards from Grandma

we can find { and } in title

morse code!

FWD: -> .

RE: -> -

# -> _


Broken QR

fix using Microsoft Paint

 

728x90
반응형

'CTF Write Up' 카테고리의 다른 글

BSidesSF CTF 2021 write up  (0) 2021.03.09
TRUST CTF 2021 write up  (0) 2021.02.28
Tenable CTF 2021 write up  (0) 2021.02.23
Union CTF 2021 Write up  (0) 2021.02.22
darkCON CTF 2021 write up  (0) 2021.02.21
SecureBug CTF 2021 write up  (0) 2021.02.18

+ Recent posts