RSS

Category Archives: Capture The Flag

“From SQL injection to shell” exercise – My sqli2shell tool.

PentesterLab is an easy and great way to learn penetration testing. PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities.

Read the rest of this entry »

Advertisements
 
Leave a comment

Posted by on September 10, 2012 in Capture The Flag

 

Tags: , , ,

Appsec Research 2012 – University Challenge BOE

The following vulnerable application (server.exe) was part of the Appsec Research 2012 University Challenge.

Goal: To open a command shell on the server with privileges of the vulnerable echo server.

Warning: Here is the POC of buffer overflow exploit tested on Windows XP SP3 English box. In the case of  Appsec Research 2012 the  vulnerable application (server.exe) was running on Windows Server 2003 SP1.
Read the rest of this entry »

 
Leave a comment

Posted by on July 17, 2012 in Capture The Flag, Exploits

 

Tags: , , , , , ,

Remote exploit for “Drunk Admin” Web Hacking Challenge.

  O Ανέστης Μπεχτσούδης (@anestisb) πριν από μερικούς μήνες, όντας καλεσμένος στο 3ο κατά σειρά UNAUTHORIZED – security meeting (401×003), που έλαβε χώρα στο Hackserpace Αθήνας, παρουσίασε την εφαρμογή WeBaCoo. Επί τη ευκαιρία, μας ενημέρωσε σχετικά με ένα Web hacking challenge που είχε ετοιμάσει, με την κωδική ονομασία “Drunk Admin Web Hacking Challenge”. Δυστυχώς τότε, δεν είχα τον χρόνο που θα ήθελα ώστε να ασχοληθώ με την επίλυση του challenge έτσι, το άφησα για όταν θα έβρισκα λίγο χρόνο.

Read the rest of this entry »

 

Tags: , ,

Kioptrix Level 4 Run2Shell script.

Kioptrix Level 4 VM really rocks!

Try to solve it alone!

But….
if you need a limited or a root shell easy and fast just run this scirpt … 🙂

Read the rest of this entry »

 
Leave a comment

Posted by on February 27, 2012 in Capture The Flag, Exploits, Scripts

 

Tags: , , ,

Mozilla CTF 2012 – 17 : IP Panel

To σενάριο του 17ου Challenge του Mozilla CTF ανέφερε :

“Exploit Mozillas IP Panel! This IP Panel is used for whitelisting IP addresses. We know that the webinterface will call a bash script that will execute an iptables command without validation. Find the flag somewhere in /home/ippanel/ and submit it!

Update:
The files are not actually in the home directory. Look somewhere else. Sorry!”

Read the rest of this entry »

 
1 Comment

Posted by on January 29, 2012 in Capture The Flag, It's Greek to Me

 

Tags: , , ,

Mozilla CTF 2012 – 12 : Joe’s Fish Shop


Mozilla CTF 2012 Challenge 12 : Joe’s Fish Shop Scenario

Go, get some tasty dinner over at Joe’s Fish Shop! If you know how to play the admin, you’ll get free desert! 🙂

Warning: This post contains a quick video guide for Mozilla CTF 2012 Challenge 12 : Joe’s Fish Shop .

Read the rest of this entry »

 
Leave a comment

Posted by on January 26, 2012 in Capture The Flag

 

Tags: , ,

Hackademic.RTB2 – (root this box)

This is the second realistic hackademic challenge (root this box) by mr.pr0n

Download the target and get root.

After all, try to read the contents of the file “key.txt” in the root directory.

Enjoy!

(md5Sum : 4c35e875e0ae2f872af6751f259b82b7)

 
Leave a comment

Posted by on September 6, 2011 in Capture The Flag

 

Tags: