User contributions for Exf

30 September 2022

• 11:2411:24, 30 September 2022 diff hist +52 Top-Secret No edit summary Tag: Visual edit
• 11:2411:24, 30 September 2022 diff hist 0 N File:Top-secret-task.PNG No edit summary current
• 11:2311:23, 30 September 2022 diff hist +54 Top-Secret No edit summary Tag: Visual edit
• 11:2111:21, 30 September 2022 diff hist −3 Top-Secret No edit summary Tag: Visual edit
• 11:2111:21, 30 September 2022 diff hist +36 Top-Secret No edit summary Tag: Visual edit: Switched
• 11:1911:19, 30 September 2022 diff hist +1,340 N Top-Secret Created page with "===Description=== Management found out that the highly sensitive and top secret documents are accessible to all! They must be hidden ASAP! 150pts ===Task=== You must protect this apache web server with authentication! Configure basic authentication to protect the page Use these credentials for auth: Username: mulder Password: Scully-th3-b3st! SSH Access: Hostname: target.... Username: user Password: Cool2Pass ===Solution=== The first thing I did was to make a..."
• 11:0711:07, 30 September 2022 diff hist +4 CTF Challenges →CYBER BATTLE OF ESTONIA 2022 - QUALIFICATION Tag: Visual edit
• 11:0411:04, 30 September 2022 diff hist +124 Password dump No edit summary current Tag: Visual edit
• 11:0411:04, 30 September 2022 diff hist 0 N File:Crackstation-password-dump.PNG No edit summary current
• 11:0311:03, 30 September 2022 diff hist 0 N File:Password-dump-task.PNG No edit summary current
• 11:0311:03, 30 September 2022 diff hist +15 Password dump No edit summary Tag: Visual edit
• 11:0311:03, 30 September 2022 diff hist +705 N Password dump Created page with "===Description=== Our username and password database was breached. Luckily all the passwords were hashed. *Different hashes - check image *Different hashes - check image *Different hashes - check image 70pts ===Question=== Would it still be possible to recover a password for some users? For the flag, post the recovered password ===Solution=== I recognised that it is probably an MD5 hash, which is crackable. However, I decided to try a crackstation website with a data..."
• 10:5910:59, 30 September 2022 diff hist +8 CTF Challenges →Varia Tag: Visual edit
• 10:5810:58, 30 September 2022 diff hist +103 Attack Analysis No edit summary current Tag: Visual edit
• 10:5710:57, 30 September 2022 diff hist 0 N File:Attack-wireshark.png No edit summary current
• 10:5710:57, 30 September 2022 diff hist 0 N File:Attack-task-flagh.PNG No edit summary current
• 10:5710:57, 30 September 2022 diff hist +781 N Attack Analysis Created page with "===Description=== There was an attack against the web server. Directory and basic auth brute forcing occurred. 100pts ===Question=== Analyze the packet capture file to find out whitch user had a weak password that allowed the hackers to authenticate. Password is the flag. ===Solution=== I only used a very lazy, but in this case effective, solution to this problem. Since I knew that the answer was likely to be in ctftech format I just manually searched for login attempt..."
• 10:5310:53, 30 September 2022 diff hist +37 CTF Challenges →Network
• 10:5110:51, 30 September 2022 diff hist +169 Hacked No edit summary current Tag: Visual edit
• 10:5010:50, 30 September 2022 diff hist 0 N File:Hacked-database.png No edit summary current
• 10:5010:50, 30 September 2022 diff hist 0 N File:Hacked-gobuster.PNG No edit summary current
• 10:5010:50, 30 September 2022 diff hist 0 N File:Hacked-task.PNG No edit summary current
• 10:4910:49, 30 September 2022 diff hist +999 N Hacked Created page with "===Description=== This web server was defaced by hackers. They made some modification on the system. ===Question=== Admin was able to see from the logs that a SQL database dump was made. Can you find it? Maybe this helps you forward with this incident analysis. ===Solution=== Since we were asked to search for SLQ database dump it makes sense to use gobuster here as well. The command <code>gobuster dir -u [url] -w /usr/share/wordlist/dirbuster/directory-list-2.3-medium...."
• 10:4310:43, 30 September 2022 diff hist +20 CTF Challenges →WEB
• 10:4110:41, 30 September 2022 diff hist +103 The Tree Hills No edit summary current Tag: Visual edit
• 10:4010:40, 30 September 2022 diff hist 0 N File:Three-hils-zap.PNG No edit summary current
• 10:4010:40, 30 September 2022 diff hist 0 N File:Tree-hills-task+flag.PNG No edit summary current
• 10:4010:40, 30 September 2022 diff hist +441 N The Tree Hills Created page with "===Description=== The Tree Hills is worried that some of their data might have been leaked. They need your help to check it out. 100pts ===Question=== Find the flag from /etc/passwd ===Solution=== This was a really straightforward flag, as using the OWASPZAP tool you got a direct response with its auto-attack. ===Tools=== * ZAP ===Flag=== <code>ctftech{d60bac914-4209}</code> ===Links=== * Back to CTF Challenges page"
• 10:3810:38, 30 September 2022 diff hist −1 CTF Challenges →CYBER BATTLE OF ESTONIA 2022 - QUALIFICATION
• 10:3710:37, 30 September 2022 diff hist +30 CTF Challenges →WEB
• 10:3710:37, 30 September 2022 diff hist +264 Health check No edit summary current Tag: Visual edit
• 10:3510:35, 30 September 2022 diff hist 0 N File:Healt-check Flag.PNG No edit summary current
• 10:3510:35, 30 September 2022 diff hist 0 N File:Healt-check Gobuster.PNG No edit summary current
• 10:3510:35, 30 September 2022 diff hist 0 N File:Task-healt check.PNG No edit summary current
• 10:3410:34, 30 September 2022 diff hist 0 N File:Webpage.PNG No edit summary current
• 10:2510:25, 30 September 2022 diff hist +931 N Health check Created page with "===Description=== This is a healt care systems web page where you can upload your certificates for verification. 100pts ===Question=== Investigate the application, find if there are any vulnerabilities and read the flag from /var/backup/secret.txt ===Solution=== I first tested how the website works and found that you can upload .php files. I then tried using the gobuster application to find the file I had sent and found that it was sent directly to the root folder of the..."
• 10:0010:00, 30 September 2022 diff hist +25 CTF Challenges →CYBER BATTLE OF ESTONIA 2022 - QUALIFICATION
• 10:0010:00, 30 September 2022 diff hist +47 Automata No edit summary current Tag: Visual edit
• 09:5909:59, 30 September 2022 diff hist +92 Automata No edit summary Tag: Visual edit: Switched
• 09:5809:58, 30 September 2022 diff hist 0 N File:Cat-automata.PNG No edit summary current
• 09:5809:58, 30 September 2022 diff hist 0 N File:Automata-flag.PNG No edit summary current
• 09:5809:58, 30 September 2022 diff hist 0 N File:Task-automata.PNG No edit summary current
• 09:5809:58, 30 September 2022 diff hist +7 Automata No edit summary
• 09:5709:57, 30 September 2022 diff hist +1,383 N Automata Created page with "===Description=== I found a broken old machine in my basement. Can you help me reassemble it? 100Pts ===Question=== Take a look at these odd parts and see if you can make sense of them. ===Solution=== First, I downloaded the file to a virtual machine. The file was a Zip file. When I extracted the zip file, three files came up. Files what was in zip file # automation_matrix # clunky_gizmo # long_apparatus I took a look at the contents of the files and found that they ap..."
• 09:4309:43, 30 September 2022 diff hist +22 CTF Challenges →Linux
• 07:0607:06, 30 September 2022 diff hist +252 CTF Challenges No edit summary

26 September 2022

• 12:4312:43, 26 September 2022 diff hist +137 N SSH brute Created page with "===Description=== ===Question=== ===Solution=== ===Tools=== ===Flag=== ===Links=== * Back to CTF Challenges page" current
• 12:4312:43, 26 September 2022 diff hist +137 N Zip brute Created page with "===Description=== ===Question=== ===Solution=== ===Tools=== ===Flag=== ===Links=== * Back to CTF Challenges page" current
• 12:4312:43, 26 September 2022 diff hist +137 N Web login brute Created page with "===Description=== ===Question=== ===Solution=== ===Tools=== ===Flag=== ===Links=== * Back to CTF Challenges page" current
• 12:4312:43, 26 September 2022 diff hist +137 N Basic auth brute Created page with "===Description=== ===Question=== ===Solution=== ===Tools=== ===Flag=== ===Links=== * Back to CTF Challenges page" current