CrikeyCon 2019 Free Ticket Challenge

Another year, another CrikeyCon. And with it, a new free ticket challenge. new challenge tks crikey luv u (n u 2 humanised) Again, like last year, I already had a ticket. But I thought I’d give it a go anyway. Looks like base64, so let’s do a quick decode....

CrikeyCon 2018 – Hacker 101: Web 5

The Challenge The Solution Let’s take a look at this nicer site. Let’s take a look at the page source. We’ve got two links we can follow. We can check out the site.css file in css/, as well as the contents of the folder, and also img/. Let’s...

CrikeyCon 2018 – Hacker 101: Web 4

The Challenge The Solution This challenge was a complete dick on the day. All the clues following Cough RockYou Cough weren’t listed, and hashed was set to encoded, as the webpage says. Needless to say, I wasted a shitload of time and effort on this challenge....

CrikeyCon 2018 – Hacker 101: Web 3

The Challenge The Solution So the mention of Google not finding something is a pretty obvious hint towards robots.txt. So let’s check it out. Well that looks pretty useless. Unless it’s encoded or hashed. Because of the fact there’s multiple letters...

CrikeyCon 2018 – Hacker 101: Web 2

The Challenge The Solution Yeah haha it’s in the mail. The post. The goddamn POST. Since there’s no form on the page that we could edit, let’s just do it with curl. 12 $ curl -d "flag" http://crikeyconctf.dook.biz:8080/web2/Hi, welcome to the...

CrikeyCon 2018 Intro

On the 24th of February, I went to CrikeyCon V. If I was a smart man, I would’ve taken photos. Unfortunately, I only watched the intro speech before doing the CTF all day. I feel like I did pretty well on the CTF for a beginner. Yeah, I’m not on the score...

Natas Level 11

Login Username: natas11 Password: U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK URL: http://natas11.natas.labs.overthewire.org Solution A webpage that lets you change its background. Let’s give it a test. And apparently cookies are protected with XOR encryption. Let’s...

Natas Level 10

Login Username: natas10 Password: nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu URL: http://natas10.natas.labs.overthewire.org Solution Okay, they’re filtering our input. Let’s check the sourcecode to see what’s being filtered. Well, we have some regex that...