Capture the Flag

This will be solution for Level 9 Practical Web Hacking CTF #2. This level we are told that we have a broken Session management, as i explained in level 5 this usualy means we have a broken session id, and the usual flaws are: Depercated hashing algorithm like md5,md4 sha1 etc. Unsafe session ids based on time or user imput. After looking at the session id i noticed what might be familiar encoding style, to...… (Read More)

This will be solution for Level 8 Practical Web Hacking CTF #2. This level we have file upload Unrestricted file uploads form, the objective is to bypass the protection in place and find a way to upload and execute our javascript payload. The vulnerabilities are usualy about the detection of the file type, the usual implementations are: File type based on extention (the worst kind there is!) This is usualy a bad idea becuase from...… (Read More)

This will be solution for Level 7 Practical Web Hacking CTF #2. This level we have a simple login screen, the objective is to exploit a A3 Cross-Site_Scripting, this types of vulnerabilities exploit the interpreter in the browser to achieve client site code execution (Javascript). session hijacking Cross-Site Request Forgery The objective is to inset a html tag with our name in it, for that we need to see some details about the implementation. After...… (Read More)

In this level we have a simple comment application Cross-Site Request Forgery. In this level the objective is to create a payload to be added as a comment in a way that when other users visit the page a request is executed when the page loads, in this scenario we have to exploit the vulnerabilities: Cross site scripting. Cross-Site Request Forgery. The second vulnerability is not actually on the level it self, the objective is...… (Read More)

This will be solution for Level 5 Practical Web Hacking CTF #2. In this Level is about access controls, this vulnerability happeds when an application either has bad access control implementation, the most common is related to session management, issues like the use of md5 or any other depercated week hashing algorithm, unsafe random. Im both cases the application follows the execution without proper validation, Access control. In this case the objective is to make...… (Read More)

This will be solution for Level 13 Practical Web Hacking CTF #2. This level we are told that we have to find a way to redirect our selfs to other domain, this means that we need to exploit a Unvalidated Redirect or Forward. The the information we need is given to us after the last level as seen in the picture. We can try to excute a direct redirect with the same parameter and the...… (Read More)

This will be solution for Level 12 Practical Web Hacking CTF #2. In this level unfortunately we have a very realistic example of how easy it is to bruteforce web applications, our objective is to try to bruteforce a login and password. The procedure is very simple we need to collect the information that would allow us to execute the requested as if it were made by the browser. Tasks Collect input names. find the...… (Read More)

This will be solution for Level 11 Practical Web Hacking CTF #2. This level we have to bypass a Blacklist, and is very similar to level 9 and level 5 in the way that is also Session management, as i explained in level 5. So this one is just like the other two levels we need to find how the session stores that information and change it to something more convinent. in this case we...… (Read More)

This will be solution for Level 10 Practical Web Hacking CTF #2. This level we have a browser game, the objective is to find a way to win the game wihout losing to much time. This level is very similar to level 1, in the way that nothing in the users side should be trusded, so here’s what we need to do. Tasks Find out how the game stores its scorres, and how it’s sync’d...… (Read More)

This will be solution for Level 3 Practical Web Hacking CTF #2. In this level we are told to attept a privilege escalation, the objective is to register a user with an ADMIN role, and exploit a Data Validation. We are told that the information is saved in text file, from this information we can assume that the several fields are some home separated by different chars souch as $ # etc. We start by...… (Read More)

This will be solution for Level 2 Practical Web Hacking CTF #2. In this level we have a simple web php calulator, the vulnerability type is A1 Injection and our objective is successfully execute code in order to get information about the server and PHP version. This is consistent with PHP eval statement, after first inspection we come to the conclusion that on the server site might be something like the flowing: <?php $operand1 =...… (Read More)

This will be one of 13 posts about the aftermath of the Practical Web Hacking CTF #2. The first level is a simulation of link storage web application, with A3 Cross-Site_Scripting, this types of vulnerabilities exploit the interpreter in the browser to achieve client site code execution (Javascript). To target the Users that visit the vulnerable page, exploiting this vulnerability could allow an Attacker to accomplish the flowing: session hijacking Cross-Site Request Forgery But in...… (Read More)

This will be solution for Level 4 Practical Web Hacking CTF #2. In this Level is about file inclusion vulnerabilities File include. The objective is to inject a php file, that we are told that it should be included form the root of a given domain (infosecinstitute.com), it also says that it should include the file even if it doen’t exist, as you will se from the description this types of bugs are very easy...… (Read More)