capture the flag, hacking, web application security

New Info Sec Website Alert! – White Hat Academy

Hello All,

It’s been a LONG time since I have blogged. What can I say? Life happens.

Anyway, I have enrolled into a program called White Hat Academy.

This website is great for n00bs as there are lessons to learn about different topics such as bash scripting, stenography, forensics, and mobile.

After completing the lessons there is a Capture the Flag (CTF) challenge that will incorporate what you have learned.

Check it out (https://whitehat.academy/) and enroll today!

capture the flag, hacking

PicoCTF 2017 – Special Agent User #appsec #infosec #forensics

Another day, another challenge.

Today’s blog post we will solving the “Special Agent User” challenge in the PicoCTF.

Let’s get started.

Clicking on the challenge we see:

PicoCTF_Special_Agent_1

We have another pcap (packet capture file) and we need to find the User Agent. OK. Sounds plausible. Let’s look at the hints.

PicoCTF_Special_Agent_2

There’s a link that discuss more about user-agents. Let’s go to that link.

Opening that link we see the following:

PicoCTF_Special_Agent_3

The web page explains the different components of the User-String. This will be useful.

Opening the packet capture file we notice the usual stuff UDP, and ICMP packets. And like with the first “Digital Camouflage” challenge we can ignore this.

User-Agent strings are found in HTTP requests. We need to look at packet captures for just HTTP requests.

Doing this we see a packet that’s piqued our interest…

PicoCTF_Special_Agent_4

On packet 80 (GET / HTTP/1.1) we’ll do a right click, Follow, HTTP stream.

Doing this we have the following:

PicoCTF_Special_Agent_5

Looking at the last entry in the user agent, we can see that the packet is using Firefox 25. Entering that as the flag, we’ve acquired 50 points!

capture the flag, hacking, web application security

PicoCTF 2017 a Brief Introduction

Another day, another challenge…

Today’s blog post will discuss another CTF – PicoCTF.

The target audience for PicoCTF is a computer security game that is aimed at middle school and high school students, but anyone can join and play.

Topics explored are: forensics, cryptography, reverse engineering, web exploitation, binary exploitation, and miscellaneous challenges.

To learn more, go here.

Happy hacking!