To Deobfuscate JavaScript, use Jsnice. To crack well known hashes, use Link. To get Shell on Windows use Unicorn. If some system cron is getting some url present in the file, we can replace url to get flag as below. Security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing. Skip to content. Star CTF Cheatsheet uppusaikiran. Branches Tags. In the remaining time, 10 more people solved the challenge.
Over 50 people participated thanks so much! Barry will send hoodies to the first 10 people who solved the challenge and have a custom HackerOne profile badge for everyone. People will be notified about their prize in the next few days. Profile badges will come in the next week. Thanks everyone for participating — congrats to all of you, you rock! Jobert HackerOne co-founder.
PS Barry just found out that the criminal did more than he initially thought. HackerOne is the 1 hacker-powered security platform , helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing , our bug bounty program solutions encompass vulnerability assessment , crowdsourced testing and responsible disclosure management.
Discover more about our security testing solutions or Contact Us today. The Role of Hackers in Security Assessments for Product Development Support development roadmaps and improve relationships between security and development teams. Log4j Vulnerability Activity on the HackerOne Platform Learn about the Log4J vulnerability, mitigations HackerOne has put in place to protect our platform and the related submission activity.
Don't Fear Hackers, Hire Them. Last active Apr 20, Code Revisions 7 Stars 7. Embed What would you like to do? Embed Embed this gist in your website. Share Copy sharable link for this gist. Learn more about clone URLs. Download ZIP. My solutions to the "reversing the passwords" CTF by Jobert.
Capture the flag: reversing the passwords Solutions Step 1 - Recovering the corrupted data According to the doc, the following stream is corrupted: 7b 0a 20 a0 22 65 76 e5 6e 74 22 ba 20 22 70 e1 73 73 77 ef 72 64 5f e3 68 61 6e e7 65 22 2c 8a 20 20 22 f5 73 65 72 ee 61 6d 65 a2 3a 20 22 e2 63 6f 6c ec 69 6e 22 ac 0a 20 20 a2 6f 6c 64 df 70 61 73 f3 77 6f 72 e4 22 3a 20 a2 3a 5c 78 c3 37 5c 78 c6 34 5c 6e dc 78 41 46 a9 29 37 43 dc 78 31 35 dc 78 44 30 dc 78 46 33 dc 78 44 45 e9 55 3b 22 ac 0a 20 20 a2 6e 65 77 df 70 61 73 f3 77 6f 72 e4 22 3a 20 a2 39 5c 78 c6 41 5c 78 b9 39 5c 78 c3 41 5c 78 c5 44 5c 78 c6 32 58 53 c7 5c 78 44 c4 2d 5c 78 c3 32 5c 78 b8 45 7a 48 eb 22 2c 0a a0 20 22 74 e9 6d 65 73 f4 61 6d 70 a2 3a 20 31 b5 30 31 38 b5 38 38 36 b0 30 30 30 8a 7d 0a Running xxd -r -p we can see that individual characters are readable and some are not.
Copy link. How could I join to the Slack Channel? I conducted an nmap full-port scan for this purpose. The nmap results can be seen in the screenshot given below:.
As we can see above, there are a lot of open ports and services available on the target machine. In the command above, I used the -sV switch for enumerating the version information of the identified services. This will help us identify vulnerable services to exploit. As the FTP port 21 was open, I decided to start there. It can be seen in the following screenshot:. As we know that we now have the FTP access on the target machine, I run the ls command to see the list of files and directories available for default user.
From the results, I learn that there was one empty directory available on the target machine. After that, I checked the vsFTPd version for an exploit on Google but could not find a working exploit for remote code execution to get us any further. As we know from Step 2 above, there is one more FTP port available on the target machine. I started with enumerating the FTP login with some default credentials and one of them worked.
The screenshot for this can be seen below:. Command Used: ftp This time it worked for me, as I was able to view the contents of files on the target machine.
In this directory, there were a lot of log files available. However, none of them seems to be working for our purpose. Next, I tried to look for an available exploit for the FTP service running through this port. I found some useful exploits on Google for this version of the FTP service. The screenshot can be seen below:. I tried to exploit the FTP server by using the exploit-db exploits, but none of them worked for the target machine.
So, I decided to leave it and move on to the next open port. I opened the target machine IP address into the browser and there was a simple webpage. This can be seen in the following screenshot:.
0コメント