dont-use-client-side

dont-use-client-side PicoCTF Writeup

Category

Web Exploitation

Hints

Never trust the client

Solution

Here, we are faced with a simple login portal. As the title and hint cheekily warn us, it is a bad idea to store passwords on the client side of websites. By inspecting element or viewing the page source, we can clearly see that there is a script in the site's HTML that breaks down the password into sub strings. When we match the sub strings with the indices given, we get the password which is the flag. 

Flag

picoCTF{no_clients_plz_56a8eb}





See Our Last Blog : Introduction to Capture The Flag

You tube Video Below:

                                          

If you Like This Video , Share and Subscribe my Channel.

Support me by Subscribing and Sharing This Video




Insp3ctr picoCTF Writeup

                                         Insp3ctr picoCTF Writeup

Category : WEB EXPLOITATION

This exercise was a very straightforward warm up : the flag was split in three parts (well, two in my case) and put in comments in three different source files on the site :

Index

view source on the index page showed the following HTML comment :

<!-- I learned HTML! Here's part 1/3 of the flag Here */

We can also see that a script and a stylesheet are loaded :

<link rel="stylesheet" type="text/css" href="mycss.css">
<script type="application/javascript" src="myjs.js"></script>

Style sheet

If we examine the stylesheet, we can see that in ends with a CSS comment :

/* I learned CSS! Here's part 2/3 of the flag here */

Script

Similarly, the myjs.js ends with the following comment :

/* I learned JavaScript! Here's part 3/3 of the flag:  */

So if we concatenate the three parts, we get the flag 

 picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?e85ef63c}

See Our Last Blog : Introduction to Capture The Flag

You tube Video Below:

If you Like This Video , Share and Subscribe my Channel.

Support me by Subscribing and Sharing This Video

Introduction to Capture The Flag

           INTRODUCTION TO CAPTURE THE FLAG

               

What is CTF?             

           Capture The Flags, or CTF, are a kind of computer security competition.

Types of CTF

• Jeopardy Method.

                 Each player or team, by the time he solves a challenge he submits the flag on a scoring board provided by the organizers and acquires the corresponding points for resolve it.

                  Winner is the one who accrues most points.

• Attack-Defense Method. 

                  In an Attack – Defense scenario, players are divided into groups. Each team is given by the organizers one or more servers with weaknesses and hidden flags.

Types of Challenges

CTFs usually showcase different challenges that utilize or exercise specific areas of focus. Some popular areas of focus are:

• Cryptography
  • These challenges feature common “real world” scenarios that often include the ever-popular ransomware type of malware.
• WEB Exploitation
  • These tasks will force you to determine how to exploit (using buffer overflow, string format, SQL injection, etc.…) a given running process on the CTF target machine.
• Reverse Engineering
  • For tasks like this, reverse engineering will usually be required, for example, when the server sends you an executable.

• PWN                                                                                                                             The objective of PWN challenges is for the player to acquire access to a target system                   without the system administrator's permission. The targets can be personal computers,                     servers, websites, networking devices or applications.

• Forensics                                                                                                                                            Anything related to Forensics. Quite often also containing                                          Stenography, which is regarded as non-forensics by regular CTF                                  players. Challenges can include Windows, Linux, Android or Exotic                       platforms forensics.

CTF Video Explanation link Below

                           

                        https://www.youtube.com/watch?v=ZA6HYYHCAhI

Do Share and Subscribe my Channel

Subscribe and Share to your Friends