NahamCon CTF 2023: Web Challenge Walkthroughs

Рет қаралды 11,893

Күн бұрын

Video walkthrough for some Web challenges from the NahamCon Capture the Flag (CTF) competition 2023 (organised by ‪@NahamSec‬ ); Star Wars, Stickers, Hidden Figures and Obligatory. Topics covered include XSS, domPDF RCE, hidden data (misc/stego) and SSTI with WAF filter bypass. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #NahamCon #NahamCon2023 #NahamConCTF #CTF #Pentesting #OffSec #WebSec
If you're looking for the "Marmalade 5" Web challenge, check the ‪@intigriti‬ channel: • Cracking a JWT with MD... 🥰
Full write-ups for the challenges: github.com/Crypto-Cat/CTF/tre...
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat/CTF
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
KZfaq: / cryptocat23
Twitch: / cryptocat23
↢NahamConCTF↣
ctf.nahamcon.com/challenges
/ discord
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
0:00 Start
0:18 Star Wars (XSS)
4:07 Stickers (domPDF RCE via ttf/php polyglot)
11:45 Hidden Figures (Hidden data/embedded files)
17:55 Obligatory (SSTI + WAF)
25:26 End

Пікірлер: 46

@damnqais4478 Жыл бұрын

great writeups, for Obligatory i did |{{config}}| and got the flask session secret and changed the id from 2 to 1 (admin) and got the flag in the to do list :)

@_CryptoCat Жыл бұрын

That's a great solution, love it! 🔥

@juliogallo7694 Жыл бұрын

Great videos as always. One of the top content creators in this domain. I hope this is sustainable for you because I know how much work goes into all this while still having a job + keeping up to date with new techniques + personal. Take care of yourself! Best wishes

@_CryptoCat Жыл бұрын

Thanks mate, appreciate that! It's definitely harder to keep up with content creation on my personal channel now, since it's my day job 😁 That's my main reason for participating in less these days. Also, if I do make videos I try to stick to a single CTF category to prevent burnout 🤞

@shubham_srt Жыл бұрын

loved it

@_CryptoCat Жыл бұрын

🙏🥰

@vivekkhandagre9274 11 ай бұрын

i love it

@_CryptoCat 11 ай бұрын

🥰

@andrew99166 Жыл бұрын

awesome content, as always!! 👏🏻

@_CryptoCat Жыл бұрын

Thank you! 💜

@f0rty7even9 Жыл бұрын

thanks for these videos. really helpful and well explained. keep doing what u're doing! much love

@_CryptoCat Жыл бұрын

Thanks mate! 🙏🥰

@LearnTermux Жыл бұрын

Damn I was looking for it. Thanks sir.

@_CryptoCat Жыл бұрын

Very welcome! 💜

@ufuksahin7401 Жыл бұрын

amazing 🙌

@_CryptoCat Жыл бұрын

🙏🥰

@RustysAdventures Жыл бұрын

Thanks a lot for the video

@_CryptoCat Жыл бұрын

🙏🥰

@kartibok001 Жыл бұрын

Great work - and thanks for the ngrok - never seen that one before!!

@_CryptoCat Жыл бұрын

Thanks mate 😊 ngrok is amazing! The main downside is you can only use 1 connection at a time on the free version. Kind of annoying because you can't have a HTTP server and TCP server exposed at once, e.g. if you want to upload a reverse shell.. you won't have the ngrok address for the netcat listener, until after you close the HTTP server.. by which time you can't upload a reverse shell 😑

@kartibok001 Жыл бұрын

@@_CryptoCat Just to have that transfer ability between two VMs in different places will be helpful - especially on CTFs as you highlighted :)

@0xhech768 Жыл бұрын

Awesome content, keept going 🎉

@_CryptoCat Жыл бұрын

🙏🥰

@kerbalette156 11 ай бұрын

Epic vid. Cheers brah

@_CryptoCat 11 ай бұрын

thanks mate! 👊

@0x157 Жыл бұрын

good video and ggs bro !

@_CryptoCat Жыл бұрын

cheers! 👊

@astralwanderer3319 Жыл бұрын

Hey Jonah, great vid! Will there be another one for the forensic/reverse challs as well:) ...?

@_CryptoCat Жыл бұрын

Thanks mate! There won't anymore unfortunately, I stuck to the web category for this event. I used to try every category and make videos for each but I just don't have the time/energy these days so it's either a) do multiple categories and skip videos, or b) focus on one category and make a video 🙂

@astralwanderer3319 Жыл бұрын

@@_CryptoCat Oh i see:/ Well, it would be fair to say that the next year's nahamcon vid should be on the rev/forensics category. What you say:) ?

@BabeRyHellCat 7 ай бұрын

Could you please provide walkthroughs for the Video Intigriti CTF 2023? I'm really stuck with those challenges.

@_CryptoCat 7 ай бұрын

Hey, I'll definitely release some walkthrough videos for intigriti 1337up live 2023, both here and on intigriti's channel 😊 First one will be "Web: bounty repo" released tomorrow.. Any challenges you'd like to see specifically?

@cey239 Жыл бұрын

Great video :) I like the Color-Settings of your terminal. Is this a plugin for terminator or how did you costumize it?

@_CryptoCat Жыл бұрын

Thanks mate! It's just a customised colour profile for the terminal, you can check it here: imgur.com/a/gCnvq8A - beware that some tools really benefit from a standard colour profile though, e.g. linpeas, so it's good to create a separate profile that you can easily swap between 🙂

@Daniel-pu8xh Жыл бұрын

Great video! I think the intended way of obligatory was to leak the secret key from the flask app and forge a new cookie passing the id to 1. Once you became the admin the flag was there :-). But your way was faster 😅

@_CryptoCat Жыл бұрын

Cheers! The cookie forge technique is cooler imo 🙂

@tangiispotted Жыл бұрын

Great Video! Just wondering, what VM are you using?

@_CryptoCat Жыл бұрын

Thanks! I'm using ParrotOS in this video 😊

@tazaccking7467 Жыл бұрын

can you explain how to solve blobber and tiny-little-fibers [nahamcon CTF], as i spent so much time on them but unsuccessful in solving them

@_CryptoCat Жыл бұрын

I only looked at the web category for this CTF but keep an eye out on CTFtime for writeups. There isn't any there for tiny-little-fibers yet but here's blobber: ctftime.org/writeup/37281, you could also check the NahamSec discord as many people will post writeups there, but not add to CTFtime 😁

@tazaccking7467 Жыл бұрын

@@_CryptoCat thank you very much

@hurdadurP Жыл бұрын

@@tazaccking7467 I think Tiny Little Fibers was just a JPG image with a lot of fluff at the end. Knowing the magic bytes of the image and the ending bytes were the way to solve it, as the flag is located at the end of the actual image. Magic bytes for start of stream are FFD8, end of stream are FFD9.

@hurdadurP Жыл бұрын

And following that, John Hammond gave an explanation in the discord what the intended solution was: strings -e l -n 2 tiny-little-fibers tiny = less than the default 4 characters in length little = little endian fibers = strings

@tazaccking7467 Жыл бұрын

@@hurdadurP thanks bro got the flag, i used strings tiny-little-fiber in CTF for any information, at that time i dont know to use "-e l -n 2"