Posts

MetaCTF 2020 writeup

Image
Hi everybody! I recently took part in MetaCTF CyberGames 2020 which was held on 24 Oct. Here is the link if you want to try the challenges -  https://compete.metactf.com/30/ This is my writeup. Hope you all like it! WEB Exploitation 1. High Security Fan Page Description- Someone has changed the password to the admin panel. We have to find the password. On inspecting the source code we found a suspicious JavaScript being loaded into the page . On visiting the JavaScript we found the username and password to the admin panel. The Flag was the password to the panel. 2.  Everyone Loves a Good Cookie Description-  Cookies are used by websites to keep track of user sessions and help with authentication. Can you spot the issue with this site and convince it that you're authenticated? Upon visiting the page we found an input field and a submit button. We tried common password and hit submit. The page responds with a Set-Cookie parameter as shown below: We tried sending request by changing t

Agent Sudo Challenge

Image
Hi everybody! I am back with yet another CTF Challenge. You all can try this challenge at https://tryhackme.com/room/agentsudoctf . Let's Begin. 1. we have to enumerate the given Vm link to find how many service ports are open. Nmap results will give you the no of open ports. 2. Now we have to redirect ourself to a secret page. if you visit the site it says that you have to use your own agent and the hint tells us to use agent C. we can change our web browser agent through Dev tools or using external plugins from web store. 3. Now load the main page again and you will get a message. 4. Now we know the username and we also now he has a weak password. In nmap scan we found that a ftp port is open. we can use hydra on this port to find Chris's password. Boom! we found his password. 5. login using ftp and list the directory. we find 3 files . 6. Download these files. 7. There is a message in To_agentJ.txt . It says that the login password is in the fake pic's. This clearly in

Mr. Robot Walkthrough

Image
Hello everybody! this is my first CTF walkthrough and i am very excited about it. I hope u all like it. I will be solving Mr robot CTF. You all can visit this link and try the lab for yourself its free https://tryhackme.com/room/mrrobot . 1. we will enumerate the target vm for services using nmap tool. we see that port 80 is open for http service. 2. we use gobuster on https://10.10.65.169:80 with . gobuster dir -u http://10.10.209.121:80 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt we have found a directory named robots (coincidence! i think not). we traverse to robots directory and what do we find. it tells us about 2 files one is a key and other a dictionary. first we get the key. we will then download the fsocity.dic . 3. we will run nikto tool on the target vm to find hidden files. from above result we see that there is a log