PicoCTF 2017 – Special Agent User

We are given a data.pcap file, and we are asked to retrieve the User-Agent String in the form of BrowserName BrowserVersion. A note beforehand: User-Agent Strings are part of the HTTP Header, and it describes the browser that is used to access the URL. This is all part of the GET method, so we can […]

PicoCTF 2017 – Digital Camouflage

We are given a data.pcap file, and we are asked to find the password in the file. Since it’s a pcap (packet capture) file, we could probably use wireshark to figure out where it is, so let’s boot up wireshark and load this file: Information overload, much? Don’t worry, a simple understanding of HTTP Headers […]

PicoCTF 2017 – Lazy Dev

This was the master challenge for PicoCTF 2017’s level 1 category, so let’s take a crack at it: We approach a website that simply asks for a password: It doesn’t look too bad, right? Let’s try putting some random values in and seeing if we get anything: So it’s not accepting random input values. Can […]

PicoCTF 2017 – Just No

Our last endeavor was pretty simple, so let’s see if we can progress any further. We are presented with a program that apparently denies us the flag for some reason. However, there seems to be source code stored in the directory: This is a classic relative directory mismatch vulnerability! If we create a temporary directory […]

PicoCTF 2017 – Bash Loop

Hello again! I’m going to also start writing up some of my solutions for PicoCTF, as this was also a CTF that I spent quite a few hours on. For today, we are going to work on the Level 1 Challenge Bash Loop. Now let’s begin, shall we? The problem was found on the picoCTF […]

Welcome!

This is the excerpt for your very first post.

Protostar VM Stack 1

Well, that previous level was pretty easy (it was only level 0, after all), so let’s work on the next challenge. We are given this source code, stack1.c: #include #include #include #include int main(int argc, char **argv) { volatile int modified; char buffer[64]; if(argc == 1) { errx(1, “please specify an argument\n”); } modified = […]

Protostar VM Stack 0

So I’ve already done a few CTFs with a friend of mine for the past few months, and I’ll try to update my findings on all of the CTFs I have done, but for the time being, I’ll work on the Protostar VM made by the folks over at Exploit Exercises. Protostar is a VM […]

0x539

From Script Kiddie to Pen Tester: Becoming A Hacker