LA CTF 2024: Web Challenge Walkthroughs (1-4)

Рет қаралды 2,796

Күн бұрын

Video walkthrough for first 4 web challenges from LA CTF 2024; terms-and-conditions, flaglang, la-housing-portal and new-housing-portal. The challenges involved JS manipulation, cookie tampering, SQL injection and cross-site scripting. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #LACTF #CTF #Pentesting #OffSec #WebSec
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat/CTF
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
KZfaq: / cryptocat23
Twitch: / cryptocat23
↢LA CTF↣
platform.lac.tf/challs
lac.tf/discord
ctftime.org/event/2102
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
0:00 Start
0:17 terms-and-conditions (JS manipulation)
2:16 flag-lang (cookie tampering)
6:39 la-housing-portal (SQLi)
12:28 new-housing-portal (XSS)
19:23 End

Пікірлер: 8

@jorgevilla6523 4 ай бұрын

Thanks for the video! Great explanation.

@_CryptoCat 4 ай бұрын

No problem, glad you liked! 💜

@ttcmichou452 4 ай бұрын

Great ctf, I really enjoyed it. Thanks for the good content ^^

@_CryptoCat 4 ай бұрын

np, it was a cool one! Glad I could make some time for it ☺

@TheExcetto 4 ай бұрын

Yay new content

@_CryptoCat 4 ай бұрын

👊

@OatsOats 4 ай бұрын

will you go over any other challenges? this was a fun ctf, thanks for making this. I think that the flagistan one was broken, because obviously the intended solution was to access it via view as Norway - so my idea was to just brute force it with a list of all the countries into intruder/sniper, but before I even hit Norway (wasn't even using cookies for this) I got an immediate response when I hit Flagistan since it was first, and the flag was just in the response packet. Not sure why.

@_CryptoCat 4 ай бұрын

np! I only did a few web challs but check out SloppyJoePirates channel for some more web/pwn: www.youtube.com/@SloppyJoePirates The intended solution was to view as Norway?! I never clocked that at all lol. Honestly I wasted a lot of time before even trying to modify the cookie because I saw the encrypt/signing code and just assumed it was tamper proof 🙃