CTF#2 Level 13

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex13-task.php Description: Hmm, it seems that level thirteen is redirecting to this page. Why do not you analyze the redirect and search if the redirect is validated thoroughly. If not, you want to redirect to a page on a remote server and send links…

CTF#2 Level 12

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex12.php Description: Your task is to crack the password of the user called admin. Use whatever tool you like but we would recommend entering Google and searching for filetype:lst password in order to perform a dictionary attack. Vulnerability: Dictionary attack Solution: What is Dictionary…

CTF#2 Level 11

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex11.php Description: We do not want you around… You have been blacklisted. It seems you have been blacklisted. Knowing what websites typically use to identify their users – try to get rid of that ban. Vulnerability: Bypassing Blacklists Solution: I don’t know what this…

CTF#2 Level 10

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex10.php Description: This time you just want to cheat, not to really damage anything. You have two tasks: change your wins to be more or equal to 9999 and complete the game on the extreme difficulty (there must be a way around remembering all…

CTF#2 Level 9

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex9.php Description: It seems you were automatically logged in as John Doe. Try to find a way to be logged in as the user Mary Jane in order to see her profile. Vulnerability: OWASP A2 Broken Authentication and Session Management Solution: This should be…

CTF#2 Level 8

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex8.php Description: Your task is to penetrate this site. You need to take advantage of the image upload and execute a JS script with an alert somehow through a file. Godspeed! Vulnerability: File Inclusion Solution: A file inclusion vulnerability allows an attacker to access…

CTF#2 Level 6

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex6.php Description: It seems you have landed on a site that takes HTML tags for article’s comments. You want to exploit this by making the users perform an action on the bank.php file in the root of site.com, if they are logged in there….

CTF#2 Level 5

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex5.php Description: It seems you have encountered a page which requires users to login before viewing. Do some magic without having to log in. Vulnerability: OWASP A7 Missing Function Level Access Control Solution: Based on OWASP description A7 Missing Function Level Access Control is…

CTF#2 Level 4

URL: http://ctf.infosecinstitute.com/ctf2/exercises/ex4.php Description: You are confronted with a website that loads some .txt files to display content for its pages. You are thinking that it may be vulnerable. You aim to load a nice file from a remote server and share the link with unsuspecting…

CTF#2 Level 3

URL: http://ctf.infosecinstitute.com/ctf2/exercises/ex3.php Description: You are on Level 3. You know that the users are stored on an ordinary text file. You also know that for this to work there are some parameter delimiters used. Your task is to create an account that would be an…