Level 1
root@ubuntu:~# curl -s http://ctf.infosecinstitute.com/levelone.php | grep flag <!-- infosec_flagis_welcome --> root@ubuntu:~#Flag: infosec_flagis_welcome
Level 2
root@ubuntu:~# wget http://ctf.infosecinstitute.com/img/leveltwo.jpeg ...[snip]... 2015-03-12 11:26:51 (1.03 MB/s) - ‘leveltwo.jpeg’ saved [45/45] root@ubuntu:~# file leveltwo.jpeg leveltwo.jpeg: ASCII text root@ubuntu:~# cat leveltwo.jpeg aW5mb3NlY19mbGFnaXNfd2VhcmVqdXN0c3RhcnRpbmc= root@ubuntu:~# echo aW5mb3NlY19mbGFnaXNfd2VhcmVqdXN0c3RhcnRpbmc= | base64 --decode infosec_flagis_wearejuststarting root@ubuntu:~#Flag: infosec_flagis_wearejuststarting
Level 3
Paste URL of QRCODE Image to http://zxing.org/w/decode.jspx and result as morse code
.. -. ..-. --- ... . -.-. ..-. .-.. .- --. .. ... -- --- .-. ... .. -. --.
Go to morse code decoder online http://morsecode.scphillips.com/translator.html
Flag: INFOSECFLAGISMORSING
Level 4
HTTP Header of http://ctf.infosecinstitute.com/levelfour.php
See in Set-Cookie:fusrodah=vasbfrp_syntvf_jrybirpbbxvrf Rot13 ?
Go to http://www.rot13.com/index.php and decode it.
Flag: infosec_flagis_welovecookies
Level 6
Open sharefin.pcap with wireshark
Statistics > Conversation > UDP
Follow UDP Stream and found 696e666f7365635f666c616769735f736e6966666564
Hex to character
Flag: infosec_flagis_sniffed
Level 7
Status code of http://ctf.infosecinstitute.com/levelseven.php
root@ubuntu:~# echo aW5mb3NlY19mbGFnaXNfeW91Zm91bmRpdA== | base64 --decode infosec_flagis_youfoundit root@ubuntu:~#Flag: infosec_flagis_youfoundit
Level 8
root@ubuntu:~# strings app.exe | grep infosec infosec_flagis_0x1a # Welcome to infosec institute net app v1.0# root@ubuntu:~#Flag: infosec_flagis_0x1a
Level 9
username: root , password: attack
root@ubuntu:~# echo "ssaptluafed_sigalf_cesofni" | rev infosec_flagis_defaultpass root@ubuntu:~#Flag: infosec_flagis_defaultpass
Level 11
root@ubuntu:~# wget http://ctf.infosecinstitute.com/img/php-logo-virus.jpg ...[snip]... 2015-03-12 15:01:37 (86.3 MB/s) - ‘php-logo-virus.jpg’ saved [13791/13791] root@ubuntu:~# strings php-logo-virus.jpg | grep flag infosec_flagis_aHR0cDovL3d3dy5yb2xsZXJza2kuY28udWsvaW1hZ2VzYi9wb3dlcnNsaWRlX2xvZ29fbGFyZ2UuZ2lm root@ubuntu:~# echo aHR0cDovL3d3dy5yb2xsZXJza2kuY28udWsvaW1hZ2VzYi9wb3dlcnNsaWRlX2xvZ29fbGFyZ2UuZ2lm | base64 --decode http://www.rollerski.co.uk/imagesb/powerslide_logo_large.gif root@ubuntu:~#Flag: infosec_flagis_powerslide
Level 13
1. /levelthirteen.php.old
2. Download <a href="misc/imadecoy"> open with wireshark
3. File > Export object > HTTP > HoneyPY.png
Flag: infosec_flagis_morepackets
Level 14
Directory listing in /misc/ and found level14.db
root@ubuntu:~# cat level14.db \u0069\u006e\u0066\u006f\u0073\u0065\u0063\u005f\u0066\u006c\u0061\u0067\u0069\u0073\u005f\u0077\u0068\u0061\u0074\u0073\u006f\u0072\u0063\u0065\u0072\u0079\u0069\u0073\u0074\u0068\u0069\u0073 root@ubuntu:~#
Unicode decode online http://unicode.online-toolz.com/tools/text-unicode-entities-convertor.php
Flag: infosec_flagis_whatsorceryisthis
how do you know level 9 have user and pass is root/attack ?
ตอบลบIt just a default user/pass of Cisco IDS.
ลบhttp://www.passwordsdatabase.com/vendor/cisco