CySCA 2015 - Web Application Pentest 2 - The Eagle Has Landed

Note: If you're interested in actually doing these challenges, check out this post on how to get the environment set up.

We need to obtain a working account on the system.

We Register with the following details:

Name: Nick
Email: [email protected]
Password: nick
Confirm: nick
Secret Q: q
Secret A: a

We notice a message at the top:

Account Registered - Awaiting IT approval.

Continue reading →

CySCA 2015 - Web Application Pentest 1 - Bots Dream of Electric Flags

Note: If you're interested in actually doing these challenges, check out this post on how to get the environment set up.

Our WebSec foo tells us we should have a look in robots.txt. Not only that, but the title does give this one away - Bots.

GET /robots.txt HTTP/1.1

User-agent: *
Disallow: /admin
Disallow: /backup
Disallow: /protected

Lets take a look in these.

  • /admin - Nothing here, just a picture
  • /backup - Nothing here, just another picture
  • /protected - Reveals the flag FLAG{1b000000000000000000000000000000}

CySCA 2015 - Web Application Pentest 0 - In Plain Sight

Note: If you're interested in actually doing these challenges, check out this post on how to get the environment set up.

This was any easy one - Snoop around the html source code on the login page. You’ll find a HTML Comment around line 99:

<!-- X marks the spot -->
<!-- RkxBR3sxYTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMH0N -->

We notice that it’s Base64 looking. We decode this as base64:

>>> str = 'RkxBR3sxYTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMH0N'
>>> print(str.decode('base64'))
FLAG{1a000000000000000000000000000000}

Songs that Get Drunk Girls Excited Mini Mix

Download Here (Right click, save link/target as)

Sprinkle

Here’s a quick demo of something I quickly jammed together over the weekend for my Dad. More info to come, along with additional pictures, circuitry, and some proper screenshots

Basically it’s an iOS app to control solenoid valves via a Raspberry Pi over a JSONRPC interface.