Tenable
The ultimate mutant marvel team-up
install nessus essentials
import it
export it
open with xml
Forensics
H4ck3R_m4n exp0sed! 1
extract butter.jpg
H4ck3R_m4n exp0sed! 2
extract it
H4ck3R_m4n exp0sed! 3
use dataz
hex -> ascii -> base64 -> hex -> jpg file
Cat Taps
usb keyboard packet capture file
github.com/TeamRocketIst/ctf-usb-keyboard-parser
TeamRocketIst/ctf-usb-keyboard-parser
This is the updated script from https://teamrocketist.github.io/2017/08/29/Forensics-Hackit-2017-USB-ducker/ - TeamRocketIst/ctf-usb-keyboard-parser
github.com
hmm
abawazeeer.medium.com/kaizen-ctf-2018-reverse-engineer-usb-keystrok-from-pcap-file-2412351679f4
kaizen-ctf 2018 — Reverse Engineer usb keystrok from pcap file
yesterday was a great experience for me to attend all kind of joubert , one of the challenges i could not solve and understand in the…
abawazeeer.medium.com
Fix Me
There are dummy bytes between chunks.
Check position of dummy bytes using tweakPNG.exe
and then remove dummy bytes using HxD.
repeat.
Stego
Easy Stego
stegsolve.jar
stegsolve.jar
Hackerman
Numerological
3637 3639 3734 3265 3639 3666 3266 3461 3734 3461 3631 3538
Weird Transmission
How to convert (decode) a Slow-Scan Television transmissions (SSTV) audio file to images using QSSTV in Ubuntu 18.04
Learn how to convert an SSTV audio file to an image using the QSSTV in your Ubuntu 18.04 Desktop.
ourcodeworld.com
Reverse Engineering
The only tool you'll ever need
Pwntown 1
i just ran the corrdior in normal then flag was out. hmm
Crypto
Easy Peasy
base64 -> hex2ascii -> caesar cipher
Web App
Stay Away Creepy Crawlers
at ./robots.txt
Can't find it
flag is at a 404 not found page.
Source of All Evil
Show me what you got
directory indexing
flag is at ./images/alidi3sd.txt
Certificate of Authenticity
go to https://
get a certificate
Ripper Doc
./certified_rippers.php
edit cookie false to true
Headers for you inspiration
Spring MVC 1
Spring MVC 2
Spring MVC 3
Spring MVC 4
Spring MVC 5
Spring MVC 6
Spring MVC 7 (Hiding in Plain Sight)
./?name=please
Spring MVC 8 (Sessionable)
./other?name=admin
and go ./
Follow The Rabbit Hole
output -> hex -> png file
Misc
Esoteric
--[----->+<]>.++++++.-----------.++++++.[----->+<]>.----.---.+++[->+++<]>+.-------.++++++++++.++++++++++.++[->+++<]>.+++.[--->+<]>----.+++[->+++<]>++.++++++++.+++++.--------.-[--->+<]>--.+[->+++<]>+.++++++++.>--[-->+++<]>.
brainfuck
www.dcode.fr/brainfuck-language
Brainfuck Language - Online Decoder, Translator, Interpreter
Tool to decode/encode in Brainfuck. Brainf**k is a minimalist programmation language that takes its name from two words that refer to a kind of cerebral masturbation.
www.dcode.fr
Quit messing with my flags
Find the encoding
base58
One Byte at a Time
we know flag starts with "flag{"
then we can get xor key "0x77", "0x10", "0x02"
brute force it!
Not JSON
base64 to hex
abcdefghjiklmnopqrstuvwxyz_{} is table
index : dummy 1byte : data
05 0B 00 06 1B 12 0E 0d 1A 0E 05 1A 00 1A 01 12 0E 0D 1C
to dec
and +1
Forwards from Grandma
we can find { and } in title
morse code!
FWD: -> .
RE: -> -
# -> _
Broken QR
fix using Microsoft Paint
'CTF Write Up' 카테고리의 다른 글
| BSidesSF CTF 2021 write up (0) | 2021.03.09 |
|---|---|
| TRUST CTF 2021 write up (0) | 2021.02.28 |
| Union CTF 2021 Write up (0) | 2021.02.22 |
| darkCON CTF 2021 write up (0) | 2021.02.21 |
| SecureBug CTF 2021 write up (0) | 2021.02.18 |