User contributions for Exf

13 October 2022

• 13:4013:40, 13 October 2022 diff hist 0 Nexif No edit summary
• 13:4013:40, 13 October 2022 diff hist +1,773 N Nexif Created page with "===Description=== Test the security of this online Exiftool service. ===Question=== Can you find the vulnerability and exploit it? Can you find the flag from the home folder. ===Solution=== Since the mission description talks about vulnerability and exploits. It is thereforce worth looking to see if there are ready exploits in Metasploit. I started the Metasploit and searched for exiftools as a keyword and immediately found an interesting exploit. <code>ExifTool DjVu..." Tag: Visual edit: Switched
• 13:2813:28, 13 October 2022 diff hist 0 N File:Metasploit1.PNG No edit summary current
• 13:1813:18, 13 October 2022 diff hist +38 CTF Challenges →Linux Tag: Visual edit
• 13:1613:16, 13 October 2022 diff hist +47 Top-Secret No edit summary current Tag: Visual edit
• 13:1513:15, 13 October 2022 diff hist 0 N File:000-config.PNG No edit summary current
• 13:1513:15, 13 October 2022 diff hist −78 Top-Secret No edit summary Tag: Visual edit
• 13:1413:14, 13 October 2022 diff hist +116 Top-Secret No edit summary Tag: Visual edit

3 October 2022

• 08:4708:47, 3 October 2022 diff hist 0 CTF Challenges →Varia
• 07:4007:40, 3 October 2022 diff hist +23 CTF Challenges →Varia

30 September 2022

• 11:5211:52, 30 September 2022 diff hist −191 Blog No edit summary current Tag: Visual edit
• 11:5111:51, 30 September 2022 diff hist −28 Blog No edit summary
• 11:5111:51, 30 September 2022 diff hist +251 Blog No edit summary Tag: Visual edit
• 11:5011:50, 30 September 2022 diff hist −17 Blog No edit summary
• 11:5011:50, 30 September 2022 diff hist −3 Blog No edit summary Tag: Visual edit: Switched
• 11:4911:49, 30 September 2022 diff hist −88 Blog No edit summary Tag: Visual edit
• 11:4811:48, 30 September 2022 diff hist +3 Blog No edit summary
• 11:4811:48, 30 September 2022 diff hist +91 Blog No edit summary Tag: Visual edit
• 11:4811:48, 30 September 2022 diff hist 0 N File:Plog-flag.PNG No edit summary current
• 11:4711:47, 30 September 2022 diff hist 0 N File:Blog-task+flag.png No edit summary current
• 11:4711:47, 30 September 2022 diff hist +1,414 Blog No edit summary
• 11:3611:36, 30 September 2022 diff hist +122 User audit No edit summary current Tag: Visual edit
• 11:3511:35, 30 September 2022 diff hist 0 N File:User-audit-flag.PNG No edit summary current
• 11:3511:35, 30 September 2022 diff hist 0 N File:User-audit-task.PNG No edit summary current
• 11:3311:33, 30 September 2022 diff hist +30 User audit No edit summary
• 11:3211:32, 30 September 2022 diff hist +869 User audit No edit summary
• 11:2511:25, 30 September 2022 diff hist +7 CTF Challenges →WEB Tag: Visual edit
• 11:2411:24, 30 September 2022 diff hist +52 Top-Secret No edit summary Tag: Visual edit
• 11:2411:24, 30 September 2022 diff hist 0 N File:Top-secret-task.PNG No edit summary current
• 11:2311:23, 30 September 2022 diff hist +54 Top-Secret No edit summary Tag: Visual edit
• 11:2111:21, 30 September 2022 diff hist −3 Top-Secret No edit summary Tag: Visual edit
• 11:2111:21, 30 September 2022 diff hist +36 Top-Secret No edit summary Tag: Visual edit: Switched
• 11:1911:19, 30 September 2022 diff hist +1,340 N Top-Secret Created page with "===Description=== Management found out that the highly sensitive and top secret documents are accessible to all! They must be hidden ASAP! 150pts ===Task=== You must protect this apache web server with authentication! Configure basic authentication to protect the page Use these credentials for auth: Username: mulder Password: Scully-th3-b3st! SSH Access: Hostname: target.... Username: user Password: Cool2Pass ===Solution=== The first thing I did was to make a..."
• 11:0711:07, 30 September 2022 diff hist +4 CTF Challenges →CYBER BATTLE OF ESTONIA 2022 - QUALIFICATION Tag: Visual edit
• 11:0411:04, 30 September 2022 diff hist +124 Password dump No edit summary current Tag: Visual edit
• 11:0411:04, 30 September 2022 diff hist 0 N File:Crackstation-password-dump.PNG No edit summary current
• 11:0311:03, 30 September 2022 diff hist 0 N File:Password-dump-task.PNG No edit summary current
• 11:0311:03, 30 September 2022 diff hist +15 Password dump No edit summary Tag: Visual edit
• 11:0311:03, 30 September 2022 diff hist +705 N Password dump Created page with "===Description=== Our username and password database was breached. Luckily all the passwords were hashed. *Different hashes - check image *Different hashes - check image *Different hashes - check image 70pts ===Question=== Would it still be possible to recover a password for some users? For the flag, post the recovered password ===Solution=== I recognised that it is probably an MD5 hash, which is crackable. However, I decided to try a crackstation website with a data..."
• 10:5910:59, 30 September 2022 diff hist +8 CTF Challenges →Varia Tag: Visual edit
• 10:5810:58, 30 September 2022 diff hist +103 Attack Analysis No edit summary current Tag: Visual edit
• 10:5710:57, 30 September 2022 diff hist 0 N File:Attack-wireshark.png No edit summary current
• 10:5710:57, 30 September 2022 diff hist 0 N File:Attack-task-flagh.PNG No edit summary current
• 10:5710:57, 30 September 2022 diff hist +781 N Attack Analysis Created page with "===Description=== There was an attack against the web server. Directory and basic auth brute forcing occurred. 100pts ===Question=== Analyze the packet capture file to find out whitch user had a weak password that allowed the hackers to authenticate. Password is the flag. ===Solution=== I only used a very lazy, but in this case effective, solution to this problem. Since I knew that the answer was likely to be in ctftech format I just manually searched for login attempt..."
• 10:5310:53, 30 September 2022 diff hist +37 CTF Challenges →Network
• 10:5110:51, 30 September 2022 diff hist +169 Hacked No edit summary current Tag: Visual edit
• 10:5010:50, 30 September 2022 diff hist 0 N File:Hacked-database.png No edit summary current
• 10:5010:50, 30 September 2022 diff hist 0 N File:Hacked-gobuster.PNG No edit summary current
• 10:5010:50, 30 September 2022 diff hist 0 N File:Hacked-task.PNG No edit summary current
• 10:4910:49, 30 September 2022 diff hist +999 N Hacked Created page with "===Description=== This web server was defaced by hackers. They made some modification on the system. ===Question=== Admin was able to see from the logs that a SQL database dump was made. Can you find it? Maybe this helps you forward with this incident analysis. ===Solution=== Since we were asked to search for SLQ database dump it makes sense to use gobuster here as well. The command <code>gobuster dir -u [url] -w /usr/share/wordlist/dirbuster/directory-list-2.3-medium...."