2020 08 29_dvwa

Damn Vulnerable Web Application (DVWA)

DVWA is a web application which uses PHP and MySQL and implements a number of common web application vulnerabilities. For more information visit http://www.dvwa.co.uk/ and https://github.com/digininja/DVWA.

Installation - vagrant up

Using the Vagrantfile in the penetration testing lab directory in the git repo at https://github.com/kushfj/pentesting, spin up a DVWA VM in virtual box.

The virtual machines has two virtual network adapters, the first adapter is connected to the default NAT network. The NAT network is required during the initial setup to download and install updates and packages. The second adapter is connected the default intnet internal network. The intnet internal network is used for the penetration testing. Note, you must disable or disconnect the NAT interface as soon as the machine is ready.

[Read More]

QUT Whitehats CTF Misc Challenges

Misc Challenges

This blog page is for the Misc challenges on the CTF page and is likely to be updated as the new challenges are added to the CTF.

WARNING: Like all my CTF notes, this contains spoilers.

Chuck Norris - 30pts

It’s Chuck Norris

flag syntax: flag{insertflaghere}

  • Downloaded the chuck.pcap file from https://ctf.qutwhitehats.club/files/06159f05f2fec53ca602559bf422cd30/chuck.pcap?token=eyJ1c2VyX2lkIjoxMCwidGVhbV9pZCI6bnVsbCwiZmlsZV9pZCI6Mn0.XosP0g.C-a6_prdNYuWZMKwJ_KZHrF7UE4
  • Opened the file in wireshark
  • Manually reviewed the conversations, Statistics -> Conversations
  • Noticed single conversation with internal host 10.0.85.10, all other conversations were to external hosts, i.e. not the reversed ranged
  • Applied as filter ip.addr==10.0.75.102 && ip.addr==10.0.85.10
  • Manually reviewed the HTTP response data
  • Found: Hey this is a flag FLAG-GehFMsqCeNvof5szVpB2Dmjx
  • Submitted: flag{FLAG-GehFMsqCeNvof5szVpB2Dmjx}

Mr_Elliot - 100pts

Bonsoir Elliot

[Read More]

Over the Wire - Wargames - Natas

Introduction

This is a second (recommended) in series of Over the Wire CTF, hosted at https://overthewire.org/wargames/natas/. The series is focused on basic server-side security of web applications. The challenges are accessible as web URLs via http://natasX.natas.labs.overthewire.org, where X is the level number.

WARNING: These are my own notes and contain actual flags.

Natas Level 0

Username: natas0 Password: natas0 URL: http://natas0.natas.labs.overthewire.org

Walkthrough

curl -n -u natas0:natas0 http://natas0.natas.labs.overthewire.org/
<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas0", "pass": "natas0" };</script></head>
<body>
<h1>natas0</h1>
<div id="content">
You can find the password for the next level on this page.

<!--The password for natas1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto -->
</div>
</body>
</html>

Natas Level 0 ? Level 1

Username: natas1 URL: http://natas1.natas.labs.overthewire.org

[Read More]
kush  notes 

Hacker101 CTF

Introduction

Hacker101 CTF seems to be a new CTF setup by HackerOne, the bug bountry program. Flag formats are meant to be similar to ^FLAG^37ae568362f974017fa575f08cd215044cd6bb395c3f5e5e293ee5324ba6769c$FLAG$. Requires a HackerOne account to login. Additional instruction can be found at https://docs.hackerone.com/hackers/hacker101.html.

The challenge difficulty ranking is done using trivial, easy, moderate, hard, and expert. Points are allocated according to difficulty and range from 1 point for trivial to 9 points for expert. Each challeneg may have multiple flag indicated by the completion. The minimum number of flags per challenge was 1, with a maximum of 7 for the Postbook challenge.

[Read More]
kush  notes 

PicoCTF 2019

Intorduction

Picked character name, then walked to the computer, the text ‘Somebody changed my password’ appeared, walked out the door to

General Skills

The Factory’s Secret - Points: 1

There appear to be some mysterious glyphs hidden inside this abandoned factory… I wonder what would happen if you collected them all?

  • Fragment 1 - When exploing the first room, accidently happened upon a glyph
    • Manual review of inventory shows an image, which appears to be a fragment of a QR code
    • Inspect your swords\nElements of fire\nHome of hearth\nPage and squire
  • Fragment 2 - Went into web exploitation door
    • Navigated past the computer into the door through the top
    • Moved the boulder into the lava and accessed hidden door through the bottom
    • Collected the glyph
  • Fragment 4 - Went into the binary exploitation door
    • Didnt find anything, and gave up for days, then returned and continued to go through alternating red and blue door, until music intensified and yellow door appeared
    • Entered yellow door and collect the fragment
  • Fragment 5 - Went into the forensics door
    • Moved around and explored the room, until I spotted waves in the top left hand corner of the room
    • Approached the waves and collected the fragment
  • Fragment 3 - Entered the cryptography door
    • Manually inspected each grave stone until I got to the fifth one across from the left in the right hand plot in the sixth row from the bottom

Lets Warm Up

If I told you a word started with 0x70 in hexadecimal, what would it start with in ASCII

[Read More]

JCSC Incident Response - Brisbane CTF

Introduction

I was fortunate enough to attend a JCSC Incident Response training sessions today in Brisbane. Even more fortunate since Yaleman allowed me to join his team. The incident response scenario was that of responding to an incident for the Wind in case of no daylight (WIND) corporation where an information security incident appears to have occurred and a wind turbine has stopped operating.

We were provided some artefacts to perform analysis on and submit responses to to get points for the CTF. I had never used volatility, so the exercise provides an excellent opportunity to learn to use volatility.

[Read More]

meh!

About Nishchal Kush. Brief background on the website, education, experience, background, research interests, and publications. About page for personal website. [Read More]