CTF#2 Level 13

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex13-task.php Description: Hmm, it seems that level thirteen is redirecting to this page. Why do not you analyze the redirect and search if the redirect is validated thoroughly. If not, you want to redirect to a page on a remote server and send links…

CTF#2 Level 12

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex12.php Description: Your task is to crack the password of the user called admin. Use whatever tool you like but we would recommend entering Google and searching for filetype:lst password in order to perform a dictionary attack. Vulnerability: Dictionary attack Solution: What is Dictionary…

CTF#2 Level 6

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex6.php Description: It seems you have landed on a site that takes HTML tags for article’s comments. You want to exploit this by making the users perform an action on the bank.php file in the root of site.com, if they are logged in there….

CTF#2 Level 5

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex5.php Description: It seems you have encountered a page which requires users to login before viewing. Do some magic without having to log in. Vulnerability: OWASP A7 Missing Function Level Access Control Solution: Based on OWASP description A7 Missing Function Level Access Control is…

CTF#2 Level 4

URL: http://ctf.infosecinstitute.com/ctf2/exercises/ex4.php Description: You are confronted with a website that loads some .txt files to display content for its pages. You are thinking that it may be vulnerable. You aim to load a nice file from a remote server and share the link with unsuspecting…

CTF#2 Level 3

URL: http://ctf.infosecinstitute.com/ctf2/exercises/ex3.php Description: You are on Level 3. You know that the users are stored on an ordinary text file. You also know that for this to work there are some parameter delimiters used. Your task is to create an account that would be an…

CTF#2 Level 2

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex2.php Description: Some folks have decided to make a web calculator. You, on the other side, think to play a prank on them. Your task is to inject the PHP statement that shows information about Apache and things like the PHP version, as well…

CTF#2 Level 1

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex1.php Description: People want you to store your favorite links here. However, you are not into that, you just want to do some XSS magic to the page. Add an alert with the message ‘Ex1’ to the page (My Sites:) Vulnerability: A3 Cross-Site Scripting…

n00bz CTF Challenge #2: Practical Web Hacking

Hi, back again with me, this time I will write a write-up about n00bz CTF Challenge #2 organized by www.infosecinstitute.com (a great place for learning infosec, very recommended site), Thanks to infosecinstitute.com for carrying out this challenge. I’m learning a lot. You’ll rocks Guys! :d…