SquareZero

This year sunshineCTF was amazing. The CTF was challenging. We had no internet, The wifi they provided was constently disconnecting everyone. Most of the challenges was about pwn and RE, which Im not so good at. So I decided to focus on Web Challenges. Here are some of the challenges I solved. Challenge → TransparencyPoint → 50 Description → This one is simple! Just look where youmight look at the cryptographic history of the sunshinectf.org domain! There’s a Yeti in one and a Nimbus in anothe ...

Challenge DescriptionOne of the clients of our company, lost the access to his system due to an unknown error. He is supposedly a very popular “environmental” activist. As a part of the investigation, he told usthat his go to applications are browsers, his password managers etc. We hope that you can dig into this memory dump and find his important stuff and give it back to us. Note: This challenge is composed of 3 flags. Write UpI have to find the profile first. vol.py -f MemoryDump_Lab2.raw i ...

Challenge DescriptionMy sister’s computer crashed. We were very fortunate to recover this memory dump. Your job is get all her important files from the system. From what we remember, we suddenly saw a black window pop up with something being executed. When the crash happened, she was trying to draw something. Thats all we remember from the time of crash. Note: This challenge is composed of 3 flags. Write UpFrom the challenge description, we know there are a total of 3 flags. I have to find the ...

Pelican ​ 11th October 2020 ​ Machine Author(s): [Offsec] ​ Description:Let’s hope to see one at the zoo. Difficulty:Intermediate EnumerationFirst I check for available open ports. nmap -p- --min-rate=10000 192.168.196.98 nmap -sC -sV -p21,23,80 192.168.196.98 -oA ./nmap/pelican |Ports|Service|22| ssh OpenSSH 7.9p1 Debian|139| netbios-ssn Samba smbd 3.X - 4.X|445| 563cafdc3028 Samba smbd 4.9.5-Debian|631| ipp CUPS 2.2|2181| zookeeper Zookeeper 3.4.6-1569965|2222| ssh OpenSSH 7.9p1 Debi ...

What is Phishing?Phishing is a type of social engineering attack where the attacker pretends to be someone or a legitimate institution to trick them into revealing sensitive information which would ultimately enable the attacker’s delivery of a payload. It’s often used as the first step of a bigger attack. APTs use this to gather employee login information or trick them into downloading and executing malicious scripts. DeliveryThere are a lot of ways people are attempting phishing attacks. As ...

You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth. ReconI start port scanning with Nmap to find existing ports and services. sudo nmap -sC -sV -oA nmap/agentsudo 10.10.133.149 |Ports|Service|21|FTP (vsftpd 3.0.3)|22|SSH (OpenSSH 7.6p1|80|HTTP (Apache httpd 2.4.29 I checked the website and wants me to change my user-agent Brute-Force“25 employees” suggesting letters in the alphabet. So I have decided to brute force using all the ...

A vulnerable Terminator themed Linux machine. ReconI start with port scanning and service detection with AutoRecon. Following ports were found |Ports|Service|22| TCP (OpenSSH 7.2p2)|80| HTTP (Apache httpd 2.4.18)|110| POP3 (Dovecot pop3d)|139|Samba (smbd 3.x - 4.x)|143|imap (Dovecot imapd)|445|Samba (smbd 4.3.11-Ubuntu) Next, I start enumerating websites using Feroxbuster feroxbuster -u http://10.10.244.66/ -r I found a login page [Squirrelmail] http://10.10.244.66/squirrelmail/src/login.php ...

Something seems a little off with the server. ReconAt first, I did a Nmap scan for open ports and services. nmap -sC -sV -oA nmap/agent 10.10.36.157 There is only one port open with PHP server 5.5. I checked the website for further enumeration. Wappalyzer identifies the website is using PHP version 8.1.0. ExploitI looked for PHP 8.1.0 exploit. I found this exploit on exploit-DB After executing the exploit I got a shell. Success!! FlagI couldn’t move around that much. I checked the director ...

Cracking hashes challenges Description →Level 1Q1. 48bb6e862e54f2a795ffc4e541caed4d A. easy hashcat -m 100 Q1.txt /usr/share/wordlists/rockyou.txt Q2. CBFDAC6008F9CAB4083784CBD1874F76618D2A97 A. password123 hashcat -m 100 Q2.txt /usr/share/wordlists/rockyou.txt Q3. 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032 A. letmein hashcat -m 1400 Q3.txt /usr/share/wordlists/rockyou.txt Q4. $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom A. bleh hashcat -m 3200 Q4 ...

One of the SOC analysts took a memory dump from a machine infected with a meterpreter malware. As a Digital Forensicators, your job is to analyze the dump, extract the available indicators of compromise (IOCs) and answer the provided questions. PrerequisitesDownload the zip file. Unzip the file with password → “cyberdefenders.org” NOTE: For this room I’m going to use Volatility 2.6. I have another writeup for Volatility if you want to check that out. Challenge QuestionsQ1. What is the SHA1 ha ...