หน้าเว็บ

วันพฤหัสบดีที่ 12 มีนาคม พ.ศ. 2558

n00bs CTF Labs by Infosec Institute Write-up



Level 1

root@ubuntu:~# curl -s http://ctf.infosecinstitute.com/levelone.php | grep flag
<!-- infosec_flagis_welcome -->
root@ubuntu:~#
Flag: infosec_flagis_welcome

Level 2

root@ubuntu:~# wget http://ctf.infosecinstitute.com/img/leveltwo.jpeg
...[snip]...

2015-03-12 11:26:51 (1.03 MB/s) - ‘leveltwo.jpeg’ saved [45/45]

root@ubuntu:~# file leveltwo.jpeg
leveltwo.jpeg: ASCII text
root@ubuntu:~# cat leveltwo.jpeg
aW5mb3NlY19mbGFnaXNfd2VhcmVqdXN0c3RhcnRpbmc=
root@ubuntu:~# echo aW5mb3NlY19mbGFnaXNfd2VhcmVqdXN0c3RhcnRpbmc= | base64 --decode
infosec_flagis_wearejuststarting
root@ubuntu:~#
Flag: infosec_flagis_wearejuststarting

Level 3

Paste URL of QRCODE Image to http://zxing.org/w/decode.jspx and result as morse code
.. -. ..-. --- ... . -.-. ..-. .-.. .- --. .. ... -- --- .-. ... .. -. --.
Go to morse code decoder online http://morsecode.scphillips.com/translator.html
Flag: INFOSECFLAGISMORSING

Level 4

HTTP Header of http://ctf.infosecinstitute.com/levelfour.php
See in Set-Cookie:fusrodah=vasbfrp_syntvf_jrybirpbbxvrf Rot13 ?
Go to http://www.rot13.com/index.php and decode it.
Flag: infosec_flagis_welovecookies

Level 6

Open sharefin.pcap with wireshark
Statistics > Conversation > UDP
Follow UDP Stream and found 696e666f7365635f666c616769735f736e6966666564
Hex to character
Flag: infosec_flagis_sniffed

Level 7

Status code of http://ctf.infosecinstitute.com/levelseven.php

root@ubuntu:~# echo aW5mb3NlY19mbGFnaXNfeW91Zm91bmRpdA== | base64 --decode
infosec_flagis_youfoundit
root@ubuntu:~#
Flag: infosec_flagis_youfoundit

Level 8

root@ubuntu:~# strings app.exe | grep infosec
infosec_flagis_0x1a
# Welcome to infosec institute net app v1.0#
root@ubuntu:~#
Flag: infosec_flagis_0x1a

Level 9

username: root , password: attack
root@ubuntu:~# echo "ssaptluafed_sigalf_cesofni" | rev
infosec_flagis_defaultpass
root@ubuntu:~#
Flag: infosec_flagis_defaultpass

Level 11

root@ubuntu:~# wget http://ctf.infosecinstitute.com/img/php-logo-virus.jpg
...[snip]...

2015-03-12 15:01:37 (86.3 MB/s) - ‘php-logo-virus.jpg’ saved [13791/13791]

root@ubuntu:~# strings php-logo-virus.jpg | grep flag
infosec_flagis_aHR0cDovL3d3dy5yb2xsZXJza2kuY28udWsvaW1hZ2VzYi9wb3dlcnNsaWRlX2xvZ29fbGFyZ2UuZ2lm
root@ubuntu:~# echo aHR0cDovL3d3dy5yb2xsZXJza2kuY28udWsvaW1hZ2VzYi9wb3dlcnNsaWRlX2xvZ29fbGFyZ2UuZ2lm | base64 --decode
http://www.rollerski.co.uk/imagesb/powerslide_logo_large.gif
root@ubuntu:~#
Flag: infosec_flagis_powerslide

Level 13

1. /levelthirteen.php.old
2. Download  <a href="misc/imadecoy"> open with wireshark
3. File > Export object > HTTP > HoneyPY.png
Flag: infosec_flagis_morepackets

Level 14

Directory listing in /misc/ and found level14.db

root@ubuntu:~# cat level14.db
\u0069\u006e\u0066\u006f\u0073\u0065\u0063\u005f\u0066\u006c\u0061\u0067\u0069\u0073\u005f\u0077\u0068\u0061\u0074\u0073\u006f\u0072\u0063\u0065\u0072\u0079\u0069\u0073\u0074\u0068\u0069\u0073
root@ubuntu:~#

Unicode decode online http://unicode.online-toolz.com/tools/text-unicode-entities-convertor.php
Flag: infosec_flagis_whatsorceryisthis

2 ความคิดเห็น: