HacktivityCon 2021 Capture The Flag (CTF)

HacktivityCon 2021 Capture The Flag (CTF) - Challenge Walkthroughs

Рет қаралды 11,134

Күн бұрын

Video walkthrough for a few challenges from the H@cktivityCon 2021 CTF (capture the flag). "HacktivityCon is a HackerOne hosted hacker conference built by the community for the community". Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat/CTF/tre...
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
KZfaq: / cryptocat23
Twitch: / cryptocat23
↢H@cktivityCon '21 CTF↣
ctf.hacktivitycon.com/
www.hackerone.com/hacktivitycon
ctf.hacker101.com
/ hacker0x01
/ hackeronetv
/ discord
↢Resources↣
Ghidra: ghidra.re/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef/
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forens...
Decompile Code: www.decompiler.com/
Run Code: tio.run/
↢Chapters↣
Start: 0:00
warm-up: Pimple - 0:24
warm-up: Tsunami - 1:01
warm-up: Bass64 - 2:51
warm-up: Six Four Over Two - 4:52
warm-up: 2EZ - 5:55
warm-up: Target Practice - 8:15
warm-up: Butter Overflow - 10:24
pwn: retcheck - 15:10
pwn: The Library - 28:26
pwn: YABO - 53:15
malware: Phonetic - 1:13:05
web: Confidentiality - 1:20:35
web: Integrity - 1:22:01
web: Availability - 1:24:34
web: Swaggy - 1:30:25
web: Titanic - 1:33:08
web: OPA Secrets - 1:38:22
mobile: To Do - 1:44:56
misc: Shelle - 1:49:59
osint: Jed Sheeran - 1:53:58
osint: Mike Shallot - 1:55:11
End: 1:58:43

Пікірлер: 44

@_CryptoCat 2 жыл бұрын

somebody asked a great question (but deleted comment 🙁) about the command injection @ 1:24:31, "why %0a works but doesn't since \ and % are both blocked?" in this case actually the URL encoding wasn't really important, it was the newline ( ) which is used as a command separator on Unix-based systems (see portswigger.net/web-security/os-command-injection ). so we could also just send the request in Burp Suite with an actual newline like this: imgur.com/a/zRmVNkp and it works fine 😀 Or we can send a URL encoded newline but, as the original question explained; we can't send " " as a string due to the filter on chars like: \;|$ etc

@gli4chmask282 2 жыл бұрын

yoo your vids are always motivating me for making videos in youtube

@_CryptoCat 2 жыл бұрын

thank you 🥰 go for it!! 😉 the only thing i dont like is it takes a lot of my time i could be using to solve more challenges.. but on the other hand it helps me solidify my understanding when i actually try to explain things out loud and hopefully can help people learn at the same time 😊 also, ill forget all this in a few month and have to rewatch my video to solve challenges 👀😅

@gli4chmask282 2 жыл бұрын

@@_CryptoCat thx very much i learned everything from ur videos ..... everything i know is from your channel and some more youtube channels....

@_CryptoCat 2 жыл бұрын

@@gli4chmask282 thanks mate 🥰 ive learnt so much from youtube as well, theres so much amazing content.. time is the only constraint! it feels good to give something back to the same community that has helped me over the years 😊

@Kartikeyj96 2 жыл бұрын

Love the way you solve the pwn challenge, I was only able to solve the "library" & "butter_overflow" during the competition, KEEP IT UP BRO 👌😊

@_CryptoCat 2 жыл бұрын

thank you mate 🥰🥰🥰

@picanzo 2 жыл бұрын

Great video men! I would definitely start to follow you and watch your videos! I want to go more deeper in CTFs and this is a really valuable resource! thanks! Keep up with this great videos!

@_CryptoCat 2 жыл бұрын

thanks so much 🥰

@jonathanhoyos8191 2 жыл бұрын

I discover ur channel, you are the best man!!! I hope I can see you more of your ideas to solve ;D

@_CryptoCat 2 жыл бұрын

thanks mate 🥰

@xct_de 2 жыл бұрын

Great video, thanks!

@_CryptoCat 2 жыл бұрын

thanks mate 😻

@amritaryal5897 2 жыл бұрын

awesome man!!!!!!

@_CryptoCat 2 жыл бұрын

🥰🥰🥰

@0xgodson119 2 жыл бұрын

i enjoyed this video. nandri!!!

@_CryptoCat 2 жыл бұрын

nandri 😻

@luck4o_ 2 жыл бұрын

Vou comentar em PT-BR mesmo: você captura flag com muita elegância! MUITO BOM ISSO AÍ, NAMORAL

@_CryptoCat 2 жыл бұрын

Obrigado 🥰

@MMD-ob2tv 2 жыл бұрын

First of all I would like to thank you for these awesome videos not only this one although I have started watching your channel 2 weeks ago xD Regarding your solution for the availability challenge, I have made another solution instead of extracting the flag string by grabbing it char by char. I have made the same solution as @Johannes Sonn mentioned but I couldn't post the exact solution because youtube removes my comments xD I have made a tcp tunnel to my local machine that was mapping to a netcat listener. Hope you got my point and I am sorry for my poor English xD Keep Going!!

@_CryptoCat 2 жыл бұрын

thanks mate 🥰 great solution and your english is very good! 😮

@0xsudip892 2 жыл бұрын

Can you recommend me any resources to learn "How to solve pwn challenges/Binary exploitation" for newbies like me?

@_CryptoCat 2 жыл бұрын

hmmmm i hope the pwn challenges i walk through in this video will help beginners learn binary exploitation 😁 i recommend just start jumping into challenges but for additional resources this site has helped me with a lot of concepts: guyinatuxedo.github.io i also found the ROP emporium series really helpful for learning, i did a video series on it a while ago which are probably some of my favourite videos in terms of technical content (although at the time my video making skills were lacking): kzfaq.info/get/bejne/paiKrJOTrLTJqqM.html apart from that, check out pwn.college and some of the video series from LiveOverflow (🐐). there is soooo much great content out there to learn from 😊

@0xsudip892 2 жыл бұрын

@@_CryptoCat Thanks for the reply. Keep up the good work ♥️♥️

@_CryptoCat 2 жыл бұрын

@@0xsudip892 thank youuuu 🥰

@ganeshdatha8240 2 жыл бұрын

Try Liveoverflow KZfaq channel for binary exploitation basics. He does a great job at explaining basics of reversing and pwning!

@jm1981 2 жыл бұрын

Hey man, I am checking your videos ever since I crossed you in one CTF and added you to discord, great stuff, what resource/s would you recommend for binary exploitation learning? Thanks a lot.

@_CryptoCat 2 жыл бұрын

thank you mate 🥰 this site has helped me with a lot of concepts when working on challenges (HackTheBox pwn challs are awesome): guyinatuxedo.github.io i also found the ROP emporium challenges really helpful for learning, i did a video series on it a while ago which are probably some of my favourite videos in terms of technical content (although at the time my video making skills were lacking): kzfaq.info/get/bejne/paiKrJOTrLTJqqM.html apart from that, check out pwn.college and some of the video series from LiveOverflow (🐐) edit: deusx64.ai - i haven't check this out yet but it looks cool!

@jm1981 2 жыл бұрын

@@_CryptoCat Awesome, thanks a lot!

@omaraboalmagd5492 2 жыл бұрын

DO YOU RECOMMEND ANY SOURCES TO LEARN BUG BOUNTY? (BEGINNERS)

@_CryptoCat 2 жыл бұрын

i see that hackthebox and hackerone teamed up to create a new path for bug bounty on the HTB academy, i haven't seen it but i expect it to be good! edit: i should add that in terms of free resources, i think www.hacker101.com/ and the accompanying challenges ctf.hacker101.com/ are a good starting point. portswiggers web security academy is also free and imo the number one resource for learning about web vulnerabilities: portswigger.net/web-security

@pligonstein615 2 жыл бұрын

Hey!I tried downloading Sonic Visualiser but it doesn't show me the transform to spectogram ( more specifically the all channels possible command).Any help please.

@_CryptoCat 2 жыл бұрын

hmmmm that's strange, what's the filetype? have you tried some other files to see if it is the program or the file that's causing the problem?

@pligonstein615 2 жыл бұрын

@@_CryptoCat I first tried downloading it from the command line using sudo apt install sonic-visualiser but it didn’t show me that command so after i deleted it I tried from the search engine as well but it happened the same thing.

@pligonstein615 2 жыл бұрын

Thanks in advance for the help.:)

@_CryptoCat 2 жыл бұрын

@@pligonstein615 hmmm it could be the file or the program thats the problem. first step of troubleshooting is to identify the problem, have you tried multiple files??

@pligonstein615 2 жыл бұрын

Yes

@MMD-ob2tv 2 жыл бұрын

why was my comment deleted? xD

@_CryptoCat 2 жыл бұрын

it wasnt deleted by me 😮 what did you say??

@MMD-ob2tv 2 жыл бұрын

@@_CryptoCat okay may be it is somesort of network issue xD I will post it again xD