capture the flag, hacking, web application security

InfoSec Institute CTF Challenge 3

Another day, another challenge…

Today’s challenge will be #3 from the InfoSec Institute.

Going to the following link we’re presented with the following:

infosec_3_intro

Looking at the screen we’re presented with a qr code.

Doing a right click, view source we see the following:

infosec_3_pagesource

Doing a quick Google search of “QR code decoder” we go to the following site.

Entering the proper information and uploading our file we see the following:

infosec_3_morsecode

Doing a Google search of our output the code is actually Morse code!

Another Google search to decode the code gives us the following site.

Putting our code inside of the decoder we get the following:

infosec_3_finalresult

We found the flag!!!

Lesson learned:

Right click, view page source saves the day again. By doing this we found that there is a qrcode being displayed on the page. Doing a quick Google search we found a QR code decoder that gave us morse code. Another Google search yielded the flag.

When in doubt view page source and Google searches!

capture the flag, hacking, web application security

InfoSec Institute CTF Challenge #4

Another day, another challenge…

Today’s challenge is #4 from the InfoSec Institute CTF challenge.

Going to the following link we see the following:

infosec_4_intro

Doing a right click view page source we see the following:

infosec_4_pagesource

Looking at the page we see the following hint – “Hypertext Transmission Protocol”

Pressing F12 to view the developer tools and going to the “Network” tab we see the following:

infosec_4_cookie

Inside the set-cookie we see “fusrodah=vasbfrp_syntvf_jrybirpbbxvrf”. This is interesting…

Doing a quick Google search and putting in the second half of our value we get the following link for ROT-13.

ROT-13 is a rotation 13 cipher. This cipher rotates each character by 13 characters.

Using the following site, and putting in our value we get:

infosec_4_final

We retrieved the flag.

Lessons learned:

Use the hints provided. We our trust right click, view page source, but that didn’t help us. Going back to the page we noticed that the hint was HTTP. Using the development tools inside Chrome and going to the network tab we saw the files retrieved when accessing the site.

Clicking on the page, and viewing the headers we noticed that the cookie was being set. Using this information inside Google we were able to decode the message.

capture the flag, hacking, web application security

InfoSec Institute Capture The Flag #2

Another day, another challenge.

Today’s challenge will be on the second ctf challenge from the InfoSec Institute.

Below is the screen listed HERE when accessing the link:

infosec_2

Doing a right click view page source and scrolling down we see the following:

infosec_2_pagesource

We see a img src that points to a leveltwo.jpeg. Clicking the file we get the following:

infosec_2_imgsrc

Going to the space bar and add the “view-source:” to the beginning of the address bar we get the following:

infosec_2_flag

We got the flag!

Lesson learned:

Once again do the right click page source. In the beginning it didn’t reveal too much except that there was an image. Clicking on said image we’re brought to a page with a non-rendered image. Viewing the source of that image we see the flag. This is security through obscurity which never works.

capture the flag, hacking, web application security

Infosec Institute – Capture the Flag #1

Another day, another challenge…

Today’s challenge is the first from the Infosec Institute. The website can be found HERE.

Clicking on the levels selecting the first challenge we see the following:

infosec_1

Doing a right click on page source we see the flag at the top of the page.

infosec_1_pagesource

Lesson learned:

When in doubt, do a right click and view page source. By doing this it will reveal a lot of goodies about a website.