NahamCon CTF 2023: Web Challenge Walkthroughs

Рет қаралды 11,322

Күн бұрын

Video walkthrough for some Web challenges from the NahamCon Capture the Flag (CTF) competition 2023 (organised by @NahamSec ); Star Wars, Stickers, Hidden Figures and Obligatory. Topics covered include XSS, domPDF RCE, hidden data (misc/stego) and SSTI with WAF filter bypass. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #NahamCon #NahamCon2023 #NahamConCTF #CTF #Pentesting #OffSec #WebSec
If you're looking for the "Marmalade 5" Web challenge, check the @intigriti channel: • Cracking a JWT with MD... 🥰
Full write-ups for the challenges: github.com/Crypto-Cat/CTF/tre...
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat/CTF
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
KZfaq: / cryptocat23
Twitch: / cryptocat23
↢NahamConCTF↣
ctf.nahamcon.com/challenges
/ discord
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
0:00 Start
0:18 Star Wars (XSS)
4:07 Stickers (domPDF RCE via ttf/php polyglot)
11:45 Hidden Figures (Hidden data/embedded files)
17:55 Obligatory (SSTI + WAF)
25:26 End

Пікірлер: 46

@f0rty7even9 11 ай бұрын

thanks for these videos. really helpful and well explained. keep doing what u're doing! much love

@_CryptoCat 11 ай бұрын

Thanks mate! 🙏🥰

@LearnTermux 11 ай бұрын

Damn I was looking for it. Thanks sir.

@_CryptoCat 11 ай бұрын

Very welcome! 💜

@kartibok001 11 ай бұрын

Great work - and thanks for the ngrok - never seen that one before!!

@_CryptoCat 11 ай бұрын

Thanks mate 😊 ngrok is amazing! The main downside is you can only use 1 connection at a time on the free version. Kind of annoying because you can't have a HTTP server and TCP server exposed at once, e.g. if you want to upload a reverse shell.. you won't have the ngrok address for the netcat listener, until after you close the HTTP server.. by which time you can't upload a reverse shell 😑

@kartibok001 11 ай бұрын

@@_CryptoCat Just to have that transfer ability between two VMs in different places will be helpful - especially on CTFs as you highlighted :)

@damnqais4478 11 ай бұрын

great writeups, for Obligatory i did |{{config}}| and got the flask session secret and changed the id from 2 to 1 (admin) and got the flag in the to do list :)

@_CryptoCat 11 ай бұрын

That's a great solution, love it! 🔥

@kerbalette156 10 ай бұрын

Epic vid. Cheers brah

@_CryptoCat 10 ай бұрын

thanks mate! 👊

@andrew99166 11 ай бұрын

awesome content, as always!! 👏🏻

@_CryptoCat 11 ай бұрын

Thank you! 💜

@shubham_srt 11 ай бұрын

loved it

@_CryptoCat 11 ай бұрын

🙏🥰

@ufuksahin7401 11 ай бұрын

amazing 🙌

@_CryptoCat 11 ай бұрын

🙏🥰

@juliogallo7694 11 ай бұрын

Great videos as always. One of the top content creators in this domain. I hope this is sustainable for you because I know how much work goes into all this while still having a job + keeping up to date with new techniques + personal. Take care of yourself! Best wishes

@_CryptoCat 11 ай бұрын

Thanks mate, appreciate that! It's definitely harder to keep up with content creation on my personal channel now, since it's my day job 😁 That's my main reason for participating in less these days. Also, if I do make videos I try to stick to a single CTF category to prevent burnout 🤞

@RustysAdventures 11 ай бұрын

Thanks a lot for the video

@_CryptoCat 11 ай бұрын

🙏🥰

@0xhech768 11 ай бұрын

Awesome content, keept going 🎉

@_CryptoCat 11 ай бұрын

🙏🥰

@vivekkhandagre9274 10 ай бұрын

i love it

@_CryptoCat 10 ай бұрын

🥰

@0x157 11 ай бұрын

good video and ggs bro !

@_CryptoCat 11 ай бұрын

cheers! 👊

@astralwanderer3319 11 ай бұрын

Hey Jonah, great vid! Will there be another one for the forensic/reverse challs as well:) ...?

@_CryptoCat 11 ай бұрын

Thanks mate! There won't anymore unfortunately, I stuck to the web category for this event. I used to try every category and make videos for each but I just don't have the time/energy these days so it's either a) do multiple categories and skip videos, or b) focus on one category and make a video 🙂

@astralwanderer3319 11 ай бұрын

@@_CryptoCat Oh i see:/ Well, it would be fair to say that the next year's nahamcon vid should be on the rev/forensics category. What you say:) ?

@cey239 10 ай бұрын

Great video :) I like the Color-Settings of your terminal. Is this a plugin for terminator or how did you costumize it?

@_CryptoCat 10 ай бұрын

Thanks mate! It's just a customised colour profile for the terminal, you can check it here: imgur.com/a/gCnvq8A - beware that some tools really benefit from a standard colour profile though, e.g. linpeas, so it's good to create a separate profile that you can easily swap between 🙂

@BabeRyHellCat 6 ай бұрын

Could you please provide walkthroughs for the Video Intigriti CTF 2023? I'm really stuck with those challenges.

@_CryptoCat 6 ай бұрын

Hey, I'll definitely release some walkthrough videos for intigriti 1337up live 2023, both here and on intigriti's channel 😊 First one will be "Web: bounty repo" released tomorrow.. Any challenges you'd like to see specifically?

@tangiispotted 11 ай бұрын

Great Video! Just wondering, what VM are you using?

@_CryptoCat 11 ай бұрын

Thanks! I'm using ParrotOS in this video 😊

@Daniel-pu8xh 11 ай бұрын

Great video! I think the intended way of obligatory was to leak the secret key from the flask app and forge a new cookie passing the id to 1. Once you became the admin the flag was there :-). But your way was faster 😅

@_CryptoCat 11 ай бұрын

Cheers! The cookie forge technique is cooler imo 🙂

@tazaccking7467 11 ай бұрын

can you explain how to solve blobber and tiny-little-fibers [nahamcon CTF], as i spent so much time on them but unsuccessful in solving them

@_CryptoCat 11 ай бұрын

I only looked at the web category for this CTF but keep an eye out on CTFtime for writeups. There isn't any there for tiny-little-fibers yet but here's blobber: ctftime.org/writeup/37281, you could also check the NahamSec discord as many people will post writeups there, but not add to CTFtime 😁

@tazaccking7467 11 ай бұрын

@@_CryptoCat thank you very much

@hurdadurP 11 ай бұрын

@@tazaccking7467 I think Tiny Little Fibers was just a JPG image with a lot of fluff at the end. Knowing the magic bytes of the image and the ending bytes were the way to solve it, as the flag is located at the end of the actual image. Magic bytes for start of stream are FFD8, end of stream are FFD9.

@hurdadurP 11 ай бұрын

And following that, John Hammond gave an explanation in the discord what the intended solution was: strings -e l -n 2 tiny-little-fibers tiny = less than the default 4 characters in length little = little endian fibers = strings

@tazaccking7467 11 ай бұрын

@@hurdadurP thanks bro got the flag, i used strings tiny-little-fiber in CTF for any information, at that time i dont know to use "-e l -n 2"