capture the flag, hacking, web application security

InfoSec Institute CTF Challenge #11

Another day, another challenge.

Today’s challenge is from the InfoSec Institute CTF.

Going to the following LINK we see:

infosec_11_beginning

Doing our favorite trick of right click, view page source we see the following:

infosec_11_pagesource

We see an image of “php-logo-virus.jpg” hmm… what happens when we click this file?

We see the following:

infosec_11_php_virus_picture

Looks like a simple file… looks can be deceiving.

Just going from the title of the file, there’s something in this file that we’re not seeing.

Let’s use our trick from the last challenge of using strings to see if this is a true file.

Using the strings command inside our cygwin terminal we see the following:

infosec_11_strings

Hmm… we see the beginning part of the flag. The last looks like encoding.

Let’s try to decode it.

One of the encoding we’ve seen in the challenges have been base64 encoding, so let’s use that to see if we can decode the message.

Going to this link, and typing in the encoding we see the following:

infosec_11_powershell

We’re presented with a link. Going to that link we see the following:

infosec_11_powerslide

Combining the this with the beginning of the flag, we get infosec_flagis_powerslide!

Lessons learned:

Most of these challenges build on top of each. We still used our tried and true right click, view page source to see if there are any nuggets that were not shown on the page. We noticed there was a file. Looking at the name, we determined that there was more than what met the eye. Using another command we learned – strings we were able to see that the flag was embedded in picture, but it was encoded. Using previous knowledge, we noticed that previous challenges used base64 encoding so we used that (base64) to see if we can decode the text. After decoding we went to the link and used the image to complete the flag.

capture the flag, hacking, web application security

InfoSec Institute CTF Challenge #8

Another day, another challenge…

Today’s challenge will be on CTF Challenge #8 from InfoSec Institute.

Going to the following link

We see the following page.

infosec_8_intro

We’re introduced with the downloading a file.

Doing our trick of right click, view page source we see the following:

infosec_8_pagesource

We see the file that we need to download called “app.exe”

Downloading and opening the file we noticed that the application is the netstat command listing our network information.

Since our tricks does not work, we need to find a way to view the source of the application.

One option is to use the linux strings command.

The strings command allows you to find English words in file.

If you are working on a Windows machine (like I am) you can download the cygwin emulator which allows you to do simple Linux commands on a Windows machine.

To download cygwin go here.

Note: Make sure when downloading that you add the binutils package to import the strings command.

Copy the app.exe file into the cygwin directory (that you specified in your installation) so you navigate to that file.

After downloading cygwin, and using the strings command we see the following:

infosec_8_flag

We found the flag – infosec_flagis_0x1a!

Lessons learned:

Again, our normal tricks of viewing the page source did not work. We noticed that when we executed the program that it was the netstat command getting information on our network. From there we decided that we would need to see the source of the application to see if the flag was hidden in there. Turns out it was. Overall lesson, be flexible with your tool belt and think outside of the box!