Hidden Flag

Url: http://ctf.infosecinstitute.com/misc/readme.wav Description: readme.wav Solution: This hidden challenge can be seen using command execution on levelfifteen, there is a misc folder. Using Audacity audio tools open the readme.wav, it contain the morse code sound, to more clear you can, choose the dropdown readme on the left…

Level 15

Url: http://ctf.infosecinstitute.com/levelfifteen/index.php Description: DNS Lookup Bounty: $150 Solution: This challenge is command line injection (you must know linux command line), when you input address 127.0.0.1 for example in the fill form, you will get output Look the ;127.0.0.1 lines, ‘;‘ indicates you can input 2 command…

Level 14

Url: http://ctf.infosecinstitute.com/levelfourteen.php Description: Do you want download level14 file? Bounty: $140 Solution: Download the file and after identify the file with “find” command line in linux, the file is ascii file type, the file contain phpmyadmin SQL dump. After scroll looking for interesting part, I found one…

Level 13

Url: http://ctf.infosecinstitute.com/levelthirteen.php Description: What the heck happened here? It seems that the challenge here is gone? Can you find it? Can you check if you can find the backup file for this one? I’m sorry for messing up Bounty: $130 Solution: First I’m very confused with this…

Level 12

Url: http://ctf.infosecinstitute.com/leveltwelve.php Description: Dig deeper! Bounty: $120 Solution: The contain url is the same as levelone.php, first I look in the leveltwelve.php source code, it seem normal then I compare the levelone.php source code and levelfour.php source code. I noticed that is a different in the…

Level 11

Url: http://ctf.infosecinstitute.com/leveleleven.php Description: What another sound again? No it must not be a sound? But wait whaT? Bounty: $110 Solution: The image just the same as image in levelten, lets check the other images (found in the source code), the php images, lets open with Hex Workshop…

Level 10

Url: http://ctf.infosecinstitute.com/levelten.php Description: What kind of sound is this? Sorcery Perhaps? – Flag.wav Bounty: $100 Solution: The file is wav audio files, after research for awhile I open the file with audacity program than set the Playback speed to 0.11x, I got the flag The flag…

Level 9

Url: http://ctf.infosecinstitute.com/levelnine.php Description: CISCO IDS WEB LOGIN SYSTEM Bounty: $90 Solution: You will be prompt to input username and password, lets find the default password of that Cisco, hope it didn’t change. After googling around I found the username and the password Username: root Password: attack…

Level 8

Url: http://ctf.infosecinstitute.com/leveleight.php Description: Do you want to download app.exe files? Bounty: $80 Solution: After download the files, let’s use “strings” command in linux terminal to see what strings that contain in the app.exe program, or you can use hex editor. or The flag is: infosec_flagis_0x1a Reference…

Level 7

Url: http://ctf.infosecinstitute.com/404.php Description: f00 not found, Something is not right here? Bounty: $70 Solution: There is nothing in the source code, using burpsuite I intercept the web, it also contain nothing, so I send it to Repeter in burpsuite, then I change the contain header GET…