CTF#2 Level 3

URL: http://ctf.infosecinstitute.com/ctf2/exercises/ex3.php Description: You are on Level 3. You know that the users are stored on an ordinary text file. You also know that for this to work there are some parameter delimiters used. Your task is to create an account that would be an…

CTF#2 Level 2

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex2.php Description: Some folks have decided to make a web calculator. You, on the other side, think to play a prank on them. Your task is to inject the PHP statement that shows information about Apache and things like the PHP version, as well…

CTF#2 Level 1

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex1.php Description: People want you to store your favorite links here. However, you are not into that, you just want to do some XSS magic to the page. Add an alert with the message ‘Ex1’ to the page (My Sites:) Vulnerability: A3 Cross-Site Scripting…

n00bz CTF Challenge #2: Practical Web Hacking

Hi, back again with me, this time I will write a write-up about n00bz CTF Challenge #2 organized by www.infosecinstitute.com (a great place for learning infosec, very recommended site), Thanks to infosecinstitute.com for carrying out this challenge. I’m learning a lot. You’ll rocks Guys! :d…

Hidden Flag

Url: http://ctf.infosecinstitute.com/misc/readme.wav Description: readme.wav Solution: This hidden challenge can be seen using command execution on levelfifteen, there is a misc folder. Using Audacity audio tools open the readme.wav, it contain the morse code sound, to more clear you can, choose the dropdown readme on the left…

Level 15

Url: http://ctf.infosecinstitute.com/levelfifteen/index.php Description: DNS Lookup Bounty: $150 Solution: This challenge is command line injection (you must know linux command line), when you input address 127.0.0.1 for example in the fill form, you will get output Look the ;127.0.0.1 lines, ‘;‘ indicates you can input 2 command…

Level 14

Url: http://ctf.infosecinstitute.com/levelfourteen.php Description: Do you want download level14 file? Bounty: $140 Solution: Download the file and after identify the file with “find” command line in linux, the file is ascii file type, the file contain phpmyadmin SQL dump. After scroll looking for interesting part, I found one…

Level 13

Url: http://ctf.infosecinstitute.com/levelthirteen.php Description: What the heck happened here? It seems that the challenge here is gone? Can you find it? Can you check if you can find the backup file for this one? I’m sorry for messing up Bounty: $130 Solution: First I’m very confused with this…

Level 12

Url: http://ctf.infosecinstitute.com/leveltwelve.php Description: Dig deeper! Bounty: $120 Solution: The contain url is the same as levelone.php, first I look in the leveltwelve.php source code, it seem normal then I compare the levelone.php source code and levelfour.php source code. I noticed that is a different in the…

Level 11

Url: http://ctf.infosecinstitute.com/leveleleven.php Description: What another sound again? No it must not be a sound? But wait whaT? Bounty: $110 Solution: The image just the same as image in levelten, lets check the other images (found in the source code), the php images, lets open with Hex Workshop…