Skip to main content

Posts

Showing posts with the label Ringzero

Ringzero - Java Script - Client side validation is bad!

Ringzero - Java Script - Client side validation is bad! Objective Get the flag Solution: so the first thing I did here was check the source code to see if  I could find the user/pass validation I found this section <script> // Look's like weak JavaScript auth script :) $(".c_submit").click(function(event) { event.preventDefault() var u = $("#cuser").val(); var p = $("#cpass").val(); if(u == "admin" && p == String.fromCharCode(74,97,118,97,83,99,114,105,112,116,73,115,83,101,99,117,114,101)) { if(document.location.href.indexOf("?p=") == -1) { document.location = document.location.href + "?p=" + p; } } else { $("#cresponse").html("<div class='alert alert-danger'>Wrong password sorry.</div>"); } }); </script> So here is a script that checks to see if the user name is admin and the password equals a c

RingZeroCTF - Forensics - I made a dd of Agent Smith usb key

RingZeroCTF - Forensics - I made a dd of Agent Smith usb key Objective Get Flag Solution: I loaded the DD file up in autopsy to look at deleted files Started a generic case added the DD  I chose analyze to let autopsy do the dirty work now I checked the deleted files found the flag in the first orphaned file

RingZero CTF - Forensics - I Love cat

RingZero CTF - Forensics - I Love cat Objective: I love cat! Do you? User: cat Password: cat ssh challenges.ringzer0team.com port 10252 Solution: So let's start up and SSH to challenges.ringzer0team.com on port 10252 Login as            cat pass                  cat Lets start by seeing what is in our directory cat@lxc-forensics-252:~$ ls commands  flag.txt is it as easy as just catting the flag.txt file? cat@lxc-forensics-252:~$ cat flag.txt **************************** WHERE IS THE FLAG ? **************************** Nope lets see what else is in the directory cat@lxc-forensics-252:~$ ls -al total 20 drwxr-xr-x 3 root root 4096 Jul 17 18:36 . drwxr-xr-x 3 root root 4096 Jul 17 18:23 .. -rw-r--r-- 1 root root  221 Jul 17 18:30 .bash_profile drwxr-xr-x 2 cat  cat  4096 Jul 17 18:25 commands -rw-r--r-- 1 root root  116 Jul 17 18:36 flag.txt a directory name commands cat@lxc-forensics-252:~$ cd commands/ -rbas

RingZero CTF - Forensics - Who am I part 2

RingZero CTF - Forensics -  Who am I part 2 Objective: I'm the proud owner of this website. Can you verify that? Solution: Well it took me a bit to figure this one out. I tried looking at the whois records for ringzer0ctf.com I tired looking at the DNS records for the site. I even looked in the Certificate for the site. Then I thought a little be more about the question. It's not asking how I can verify who own the site. It wants me to verify the owner themselves. Luckily at the bottom the page we see who is listed as on the twittter feeds @ringzer0CTF and @ MrUnik0d3r lets check if we can find the PGP for MrUniK0d3r online. I googled PGP and MrUn1k0d3r The very first result is his PGP  keybase.txt with his PGP at the bottom of the file is the flag FLAG-7A7i0V2438xL95z2X2Z321p30D8T433Z

RingZero CTF - Cyrptography - You're Drunk

RingZero CTF - Cyptography - Your're Drunk Problem: Ayowe awxewr nwaalfw die tiy rgw fklf ua xgixiklrw! Tiy lew qwkxinw. Solution: So just looking at this one it looks like its formatted as a sentence. There is spacing between words, punctuation and capitalization. At fist I thought Cesar cipher, but I ran through some shifts and none of them came back with english words. So then I though substitution cipher. We know from frequency analysis of the English language some good starting points. The most common letter would be "E" The most common double letters would be "OO", "EE" and"SS"  so let start with that and see what we can come up with This site is a great resource for some of the assumptions I'm making here ( http://practicalcryptography.com/ciphers/monoalphabetic-substitution-category/simple-substitution/ ) I used this website to count the letter frequency for me ( https://www.dcode.fr/frequency-analysis )

RingZero – SQLi – Most Basic SQLi pattern

RingZero – SQLi – Most Basic SQLi pattern Objective: Login for user /pass Solution: So let’s try inserting and OR ‘1’=’1’ You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1 Ok it looks like I put to many ‘ in the injection I tried let’s leave of the last ‘ ‘or’1’=’1 Got the flag Logged in... GOOD JOB! FLAG-238974289383274893