cron-swansonInternal CTF — Encryption #5For this encryption challenge, I am provided a socket into an application that will take my input, append the flag and any necessary…Oct 18, 2022Oct 18, 2022
cron-swansonInternal CTF — Forensics: ZippyReading through the card, it seems that I’ll be given a bad zip file with the goal to recover the data from it so I jump right in to the…Oct 18, 2022Oct 18, 2022
cron-swansonInternal CTF — Linux: Linux Shell Restricted EditionFor this challenge, I logged in to target server to see what obstacles were put in my way. As the card mentioned, I found myself in a…Oct 18, 20221Oct 18, 20221
cron-swansonInternal CTF — Phishing: No Need For MacrosFor this challenge, I once again trusted that the hosts would not put something truly malicious and promptly opened the downloaded Word…Oct 18, 2022Oct 18, 2022
cron-swansonInternal CTF — Stego: Deceptive DocumentationIn this challenge I am given a word document with the data hidden in it somewhere. Blindly trusting that my gracious hosts would not embed…Oct 18, 2022Oct 18, 2022
cron-swansonInternal CTF — Stego: SynethesiaFor this challenge I used the tool steghide to extract the data. Then I use the file command to have the file analyzed to determine what…Oct 18, 2022Oct 18, 2022
cron-swansonInternal CTF— Web: ReevaluateFor this next web challenge, I’m presented with an input field and the prompt to enter my name. On submitting data however, I get an error…Oct 17, 2022Oct 17, 2022
cron-swansonInternal CTF — Web-Header-Modification: Header #3Header #3 takes me back to my X-Forwarded-For attacks in previous challenges simply asking to find more. This time I wrote the following…Oct 17, 2022Oct 17, 2022
cron-swansonInternal CTF — Web: Screenshot 9000This time around it seems like the screenshot tool has a specific allow list that it can target and it’s a safe bet that the many…Oct 17, 2022Oct 17, 2022
cron-swansonInternal CTF 2023 — Web-Header-Modification: Header #1For this challenge, I used Burp Suite CE instead of the built in browser dev tools. I started off by examining the request and response…Oct 17, 2022Oct 17, 2022