CTF#2 Level 13

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex13-task.php Description: Hmm, it seems that level thirteen is redirecting to this page. Why do not you analyze the redirect and search if the redirect is validated thoroughly. If not, you want to redirect to a page on a remote server and send links…

CTF#2 Level 12

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex12.php Description: Your task is to crack the password of the user called admin. Use whatever tool you like but we would recommend entering Google and searching for filetype:lst password in order to perform a dictionary attack. Vulnerability: Dictionary attack Solution: What is Dictionary…

CTF#2 Level 10

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex10.php Description: This time you just want to cheat, not to really damage anything. You have two tasks: change your wins to be more or equal to 9999 and complete the game on the extreme difficulty (there must be a way around remembering all…

CTF#2 Level 9

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex9.php Description: It seems you were automatically logged in as John Doe. Try to find a way to be logged in as the user Mary Jane in order to see her profile. Vulnerability: OWASP A2 Broken Authentication and Session Management Solution: This should be…

CTF#2 Level 8

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex8.php Description: Your task is to penetrate this site. You need to take advantage of the image upload and execute a JS script with an alert somehow through a file. Godspeed! Vulnerability: File Inclusion Solution: A file inclusion vulnerability allows an attacker to access…

CTF#2 Level 7

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex7.php Description: You have some kind of a login form. You want to make a prank on Twitter. You want to add a h1 to the page and share it with your Twitter followers so they can see that you can modify the page…

CTF#2 Level 6

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex6.php Description: It seems you have landed on a site that takes HTML tags for article’s comments. You want to exploit this by making the users perform an action on the bank.php file in the root of site.com, if they are logged in there….

CTF#2 Level 4

URL: http://ctf.infosecinstitute.com/ctf2/exercises/ex4.php Description: You are confronted with a website that loads some .txt files to display content for its pages. You are thinking that it may be vulnerable. You aim to load a nice file from a remote server and share the link with unsuspecting…

CTF#2 Level 3

URL: http://ctf.infosecinstitute.com/ctf2/exercises/ex3.php Description: You are on Level 3. You know that the users are stored on an ordinary text file. You also know that for this to work there are some parameter delimiters used. Your task is to create an account that would be an…

CTF#2 Level 2

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex2.php Description: Some folks have decided to make a web calculator. You, on the other side, think to play a prank on them. Your task is to inject the PHP statement that shows information about Apache and things like the PHP version, as well…