circusmonkey404's Security Site

Ringzer0CTF – Web – Looking for password file Objective: Get the flag…… I don’t know what else to put here Solution: so we are looking for a password file this is the challenge site http://challenges.ringzer0team.com:10075/?page=lorem.php it looks like its using php to load up a page named lorem.php - the little "?" in the URL is what makes me think its php The first thing I think of when I see a URL like this is directory traversal let’s check and see if this is exploitable using directory traversal Let’s try ../ instead of lorem.php to see if it will try to read it from the next directory above where its currently looking http://challenges.ringzer0team.com:10075/?page=../ Warning : require(/var/www): failed to open stream: No such file or directory in  /var/www/html/index.php  on line  43 Fatal error : require(): Failed opening required '../' (include_path='.:/usr/share/php:/usr/share/pear') in  /var/www/html/i...

Ringzer0CTF – Web – Big Brother is watching Objective: Get the flag…… I don’t know what else to put here Hint: Even Google can’t find this one Solution: So that’s a pretty big hint. What can’t google see with its web crawlers? Robots.txt This is a config file you can place on your website that directs google or any other web crawler to not index certain directories or files Here is some info from google about robots.txt https://support.google.com/webmasters/answer/6062608?hl=en Let’s check the robots.txt file for this site to see what google is not allowed to index https://ringzer0ctf.com/robots.txt User-agent: * Disallow: /16bfff59f7e8343a2643bdc2ee76b2dc/ Just one folder that google should index. Lets see what’s in there https://ringzer0ctf.com//16bfff59f7e8343a2643bdc2ee76b2dc/ FLAG-G5swO95w0c7R5fq0sa85nVs5dK49O04i   There is our Flag

Ringzer0CTF – Web – Area 51 Objective: Get that flag  Solution: On this challenge we get this message Access to this area is restricted using some secure .htaccess So .htaccess  so from there I started just by googling .htaccess ( I’ve heard of this before but never really dealt with apache servers) Ok next I googled .htaccess bypass I found a forum that says to get around this sometime its just as simple as using PUT instead of get. https://security.stackexchange.com/questions/177279/how-to-bypass-htaccess-protection So I fired up YARC(Yet another REST client) and sent a PUT instead of a GET to the site Now I get this < div class = "challenge-wrapper" > < br /> < span class = "red" > AREA 51 </ span > The origin of the Area 51 name is unclear? Alien? < br /> < div class = "alert alert-info" role = "alert" > FLAG-w4KRr557y626izv567758O52 <...

Ringzer0CTF – Web – Headache Objective: Get that flag son Solution: So this challenge is called headache and we get this as a hint Answer is closer than you think! So lets look at the response header to see what we see. I loaded the Yet Another REST Client into my chome and pointed it at the challenge. I had to do some research on REST because I wasn’t too familiar with it. SO I loaded up the challenge in YARC and under response headers we see the flage Top of Form Authentication Send Request Bottom of Form Response 200 Request URL:   https://ringzer0ctf.com/challenges/43 Request Method:  GET Response Time:  0.465 seconds Response Status:  200 - OK {   "date": "Wed, 16 Oct 2019 15:21:20 GMT" ,   "content-encoding": "gzip" ,   "x-content-type-options": "nosniff" ,   "age": "0" ,   "flag": "FLAG-365m4fU5p2DVEQbfrptDE5Ru...

Ringzer0 CTF – Web   - Words mean something? Objective: Find that flag yo Just a bunch of what looks like Latin Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam commodo risus lobortis diam molestie, varius vestibulum lacus condimentum. Phasellus fringilla, leo at ornare tristique, est elit lobortis dolor, a placerat tortor eros nec elit. Suspendisse feugiat, enim ac hendrerit malesuada, libero lectus rutrum tellus, ut faucibus sem odio non nunc. Vestibulum dignissim magna et felis laoreet viverra. Integer sodales tellus molestie suscipit feugiat. Praesent quis elit tristique nisl laoreet elementum eu nec felis. Fusce nunc enim, rhoncus at metus sed, accumsan accumsan augue. Nunc venenatis tempor mi sit amet tempus. Maecenas luctus lacus mi, id pretium magna feugiat eu. Aenean euismod ante at neque rhoncus, eget dapibus nisi lacinia. Aenean vulputate risus id velit interdum vulputate. Mauris id rhoncus dolor. Solution: So my first thought was t...

PicoCTF2018 – Web – Artisinal Handcrafted HTTP 3 Objective : We found a hidden flag server hiding behind a proxy, but the proxy has some... _interesting_ ideas of what qualifies someone to make HTTP requests.   Looks like you'll have to do this one by hand.   Try connecting via nc 2018shell.picoctf.com 18685, and use the proxy to send HTTP requests to `flag.local`.   We've also recovered a username and a password for you to use on the login page: `realbusinessuser`/`potoooooooo`. Hint : (1)     _Be the browser._   When you navigate to a page, how does your browser send HTTP requests?   How does this change when you submit a form? Solution : This is my first-time sending HTTP GET and POST manually, so I leaned pretty heavily on online resources @pico-2018-shell:~$ nc 2018shell.picoctf.com 18685 Real Business Corp., Internal Proxy Version 2.0.7 To proceed, please solve the following captcha:   _____  ...