circusmonkey404's Security Site

RingZero – SQLi – Most Basic SQLi pattern Objective: Login for user /pass Solution: So let’s try inserting and OR ‘1’=’1’ You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1 Ok it looks like I put to many ‘ in the injection I tried let’s leave of the last ‘ ‘or’1’=’1 Got the flag Logged in... GOOD JOB! FLAG-238974289383274893

RingZero – Cryptography – Some Martian Message Objective: SYNTPrfneVfPbbyOhgAbgFrpher Solution: Looks like a casear cipher let’s try ROT13 using tr @kali:~$ echo 'SYNTPrfneVfPbbyOhgAbgFrpher' | tr 'A-Za-z' 'N-ZA-Mn-za-m' FLAGCesarIsCoolButNotSecure

PicoCTF 2018 – Reverse Engineering   - assembly 0 Objective: What does asm0(0xb6,0xc6) return? Submit the flag as a hexadecimal value (starting with '0x'). NOTE: Your submission for this question will NOT be in the normal flag format. Source [1]   located in the directory at /problems/assembly-0_0_5a220faedfaf4fbf26e6771960d4a359. Hints: (1)     basical assembly tutorial [2]   (2) assembly registers [3] Source: .intel_syntax noprefix .bits 32                 .global asm0 asm0:                 push       ebp                                                                         mov        ebp,esp                 mov        eax,DWORD PTR [ebp+0x8]                 mov        ebx,DWORD PTR [ebp+0xc]                 mov        eax,ebx                 mov        esp,ebp                 pop         ebp                         ret Solution: So   I spent about an hour watching youtube videos to try and understand assembly language

PicoCTF 2018 – Reverse Engineering   - Reversing Warmup 2 Objective: Can you decode the following string dGg0dF93NHNfczFtcEwz from base64 format to ASCII? Hints: (1) Submit your answer in our competition's flag format. For example, if you answer was 'hello', you would submit 'picoCTF{hello}' as the flag. Solution: @pico-2018-shell:/problems/reversing-warmup-1_1_b416a2d0694c871d8728d8268d84ac5c$ echo dGg0dF93NHNfczFtcEwz | base64 --decode th4t_w4s_s1mpL3 picoCTF{ th4t_w4s_s1mpL3}

PicoCTF2018 – Reverse Engineering – reversing warmup 1 Objective: Throughout your journey you will have to run many programs. Can you navigate to /problems/reversing-warmup-1_1_b416a2d0694c871d8728d8268d84ac5c on the shell server and run this program [1]   to retreive the flag? Hints: 1) If you are searching online, it might be worth finding how to exeucte a program in command line. Solution: So this is a warmup so it is super simple I just connected up to the shell, cd’d to the problem folder pico-2018-shell:/problems/reversing-warmup-1_1_b416a2d0694c871d8728d8268d84ac5c$ ls run so there is program in there called run . @pico-2018-shell:/problems/reversing-warmup-1_1_b416a2d0694c871d8728d8268d84ac5c$ ./run picoCTF{welc0m3_t0_r3VeRs1nG} there is the flag

PicoCTF2018 – Web – Artisinal Handcrafted HTTP 3 Objective : We found a hidden flag server hiding behind a proxy, but the proxy has some... _interesting_ ideas of what qualifies someone to make HTTP requests.   Looks like you'll have to do this one by hand.   Try connecting via nc 2018shell.picoctf.com 18685, and use the proxy to send HTTP requests to `flag.local`.   We've also recovered a username and a password for you to use on the login page: `realbusinessuser`/`potoooooooo`. Hint : (1)     _Be the browser._   When you navigate to a page, how does your browser send HTTP requests?   How does this change when you submit a form? Solution : This is my first-time sending HTTP GET and POST manually, so I leaned pretty heavily on online resources @pico-2018-shell:~$ nc 2018shell.picoctf.com 18685 Real Business Corp., Internal Proxy Version 2.0.7 To proceed, please solve the following captcha:   _____           __            / __   \         /

PicoCTF2018 – Web – The Vault Objective: There is a website running at http://2018shell.picoctf.com:64349 (link [1] ). Try to see if you can login! Solution: Ok this site is nice enough to give us the code for login.php Looking in the code you can see there is an attempt to sanitize inputs using regular expressions It creates a variable named pattern which is a regex used to match against the variables //validation check   $pattern ="/.*['\"].*OR.*/i";   $user_match = preg_match($pattern, $username);   $password_match = preg_match($pattern, $username);   if($user_match + $password_match > 0)   {     echo "<h1>SQLi detected.</h1>";   }   else {     $result = $con->query($query);     $row = $result->fetchArray();         if ($row) {       echo "<h1>Logged in!</h1>";       echo "<p>Your flag is: $FLAG</p>";     } else {       echo &quo

PicoCTF2018 – Web – Buttons Objective: There is a website running at http://2018shell.picoctf.com:18342 (link [1] ). Try to see if you can push their buttons. Hints:                 What's different about the two buttons? Solution: Okay let’s walk through this site and see what we see. The first page is a button, not anything interesting in the source code The second page is a hyperlink named button2 pointing to button2.php You did it! Try the next button: <a href =" button2.php "> Button2 </a> This button loads up a page named boo.html which loads a rickroll But there is a message saying FORM DISABLED. THIS INCIDENT HAS BEEN LOGGED AND REPORTED TO /dev/null Lets look in the source here This looks interesting <form action =" button2.php " method =" POST "> Button2.php method post Let’s load up burp suite and see what we can see The site map for button2.php is using get

PicoCTF2018 – Web – Secret Agent Objective: Here's a little website that hasn't fully been finished. But I heard google gets all your info anyway. http://2018shell.picoctf.com:3827 (link [1] ) Hints: (             How can your browser pretend to be something else? Solution: Ok so this one looks like its referencing a user agent, which is what your browser tells the website about your computer. Such as OS and browser So if you click on the flag button in the website and you get this error message. “Your’re not google!” That is a clue we are looking for, its checking to see if the user agent is google. I used a chrome extension called “User-Agent Swticher” to change my user agent to replicate that of   the Googlebot – which is google spider agent Tried the flag button again and got the flag Flag :  picoCTF{s3cr3t_ag3nt_m4n_12387c22}