Browse Month

May 2016

n00bz Level 2

Hacking for n00bz – Level 2

In level 2, we see a broken image with an accompany text,

It seems like the image is broken..Can you check the file?

n00bz Level 2

By opening the image in a new tab, it displays the image in this link.

n00bz Level 2

Since it don’t seem like a valid image, let’s look around to see if there is other information hidden in the page source (again) or in the scripts. Apparently, there is a hidden script, “aW5mb3NlY19mbGFnaXNfd2VhcmVqdXN0c3RhcnRpbmc=”, you can easily identify it using Firebug, a very popular developer plugin in the Firefox web browser.

n00bz Level 2

Well, since there is a “=” symbol appended to the end of the string, based on experience, it is most likely a base64 encoded string. You can use any decoder tool to perform base64 decoding to identify the content, personally, I like to use Hackbar, also a plugin in the Firefox web browser.

After performing base64 decoding, you will get the flag, “infosec_flagis_wearejuststarting”.

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz

n00bz Level 1

Hacking for n00bz – Level 1

I mentioned about the Infosec Institute CTF challenges in one of my previous post, let’s get started with a bit of write up.

When first entered level 1, it shows a picture of Yoda with the following text,

May the source be with you!

n00bz Level 1

Fair enough, the hint was pretty obvious, asking us to view the page source.

n00bz Level 1

There, we have it in the very first line, the flag is “infosec_flagis_welcome”.

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz

InfoSec Institute: Capture the Flag (CTF)

Following up from my previous post regarding the InfoSec Institute: Capture the Flag (CTF), I hope the resources are helpful to you. There are many more resources out there, thanks to the very supportive community of information security professionals and enthusiasts who enjoy sharing their knowledge to help one another.

Today, I would like to introduce the CTF challenges created by Infosec Institute – they provides entry-level CTF challenges for beginners to learn and play. To make things even better, they also giveaway some small token of monetary appreciation to participants who are able to complete all the challenges AND do a write up on the solutions or helpful instructions to help other participants whom are stuck.

InfoSec Institute: Capture the Flag Challenges
InfoSec Institute: Capture the Flag Challenges

I find that this is a very smart way of getting people to contribute to the information security community, to get them started. A write up can be simple, just provide some steps to help people get through and learn something along the process. In fact, you learn more when you start writing (it keeps you thinking!).

In case you missed the link above, you can try out the challenges here:


Resources for Capture The Flag (CTF) Challenges

This post consists of a list of resources for computer security enthusiasts to learn and prepare for CTF (Capture The Flag) challenges and ethical hacking.

Being someone whom is interested in Capture The Flag (CTF) games and challenges, I always find myself looking at how I can pick up new skills and techniques to add to my arsenal, to utilize them in solving the challenges designed by the creators of the game (or competition such as DEFCON, ROOTCON, and many more).

Capture The Flag (CTF)

For those who are new to this term, CTF are computer security related, hacking kind of game or competitions which generally consist of participants breaking, investigating, reverse engineering and doing anything they can to reach the end goal and capture the “flag”. 

The games are usually categorized in various forms, a non-exhaustive list would consist of Exploit Development, Web Hacking, Reverse Engineering, Packet Capture Analysis, Cryptography, Steganography, Binary Analysis, Mobile Security, and many more others.

Capture The Flag @ DEFCON 17
Image Courtesy: Wikipedia/Capture_the_flag

Just to clear a misconception of CTF: they need not be a competition. They can be Virtual Machines (VM) that you can download from VulnHub. Check out some of the VulnHub write-ups such as the Write-ups for Kioptrix series, Stapler or FristiLeaks.

They can also be free challenges hosted online for users to play them for free, such as OverTheWire. Do also check out the OverTheWire: Bandit Write-up and InfoSec Institute CTF #1: Hacking for n00bz.

CTF Guides 

The following are two pretty good CTF guides and resources websites which I read when I was just starting out. If you are new to CTF or is interested in understanding more about CTF, you can check them out.

  • CTF Guide – Trail of Bits – introduces CTF and covers a few topics, such as vulnerability discovery, exploit creation and forensics
  • CTFs Resources – introduces CTF as well, and covers a few other topics, such as different methods of cryptography, steganography and web hacking
  • 1
  • 2