NahamCon CTF 2023: Web Challenge Walkthroughs

  Рет қаралды 13,578

CryptoCat

CryptoCat

Күн бұрын

Пікірлер: 47
@damnqais4478
@damnqais4478 Жыл бұрын
great writeups, for Obligatory i did |{{config}}| and got the flask session secret and changed the id from 2 to 1 (admin) and got the flag in the to do list :)
@_CryptoCat
@_CryptoCat Жыл бұрын
That's a great solution, love it! 🔥
@ufuksahin7401
@ufuksahin7401 Жыл бұрын
amazing 🙌
@_CryptoCat
@_CryptoCat Жыл бұрын
🙏🥰
@LearnTermux
@LearnTermux Жыл бұрын
Damn I was looking for it. Thanks sir.
@_CryptoCat
@_CryptoCat Жыл бұрын
Very welcome! 💜
@shubham_srt
@shubham_srt Жыл бұрын
loved it
@_CryptoCat
@_CryptoCat Жыл бұрын
🙏🥰
@juliogallo7694
@juliogallo7694 Жыл бұрын
Great videos as always. One of the top content creators in this domain. I hope this is sustainable for you because I know how much work goes into all this while still having a job + keeping up to date with new techniques + personal. Take care of yourself! Best wishes
@_CryptoCat
@_CryptoCat Жыл бұрын
Thanks mate, appreciate that! It's definitely harder to keep up with content creation on my personal channel now, since it's my day job 😁 That's my main reason for participating in less these days. Also, if I do make videos I try to stick to a single CTF category to prevent burnout 🤞
@f0rty7even9
@f0rty7even9 Жыл бұрын
thanks for these videos. really helpful and well explained. keep doing what u're doing! much love
@_CryptoCat
@_CryptoCat Жыл бұрын
Thanks mate! 🙏🥰
@kartibok001
@kartibok001 Жыл бұрын
Great work - and thanks for the ngrok - never seen that one before!!
@_CryptoCat
@_CryptoCat Жыл бұрын
Thanks mate 😊 ngrok is amazing! The main downside is you can only use 1 connection at a time on the free version. Kind of annoying because you can't have a HTTP server and TCP server exposed at once, e.g. if you want to upload a reverse shell.. you won't have the ngrok address for the netcat listener, until after you close the HTTP server.. by which time you can't upload a reverse shell 😑
@kartibok001
@kartibok001 Жыл бұрын
@@_CryptoCat Just to have that transfer ability between two VMs in different places will be helpful - especially on CTFs as you highlighted :)
@kerbalette156
@kerbalette156 Жыл бұрын
Epic vid. Cheers brah
@_CryptoCat
@_CryptoCat Жыл бұрын
thanks mate! 👊
@andrew99166
@andrew99166 Жыл бұрын
awesome content, as always!! 👏🏻
@_CryptoCat
@_CryptoCat Жыл бұрын
Thank you! 💜
@0x157
@0x157 Жыл бұрын
good video and ggs bro !
@_CryptoCat
@_CryptoCat Жыл бұрын
cheers! 👊
@RustysAdventures
@RustysAdventures Жыл бұрын
Thanks a lot for the video
@_CryptoCat
@_CryptoCat Жыл бұрын
🙏🥰
@0xhech768
@0xhech768 Жыл бұрын
Awesome content, keept going 🎉
@_CryptoCat
@_CryptoCat Жыл бұрын
🙏🥰
@vivekkhandagre9274
@vivekkhandagre9274 Жыл бұрын
i love it
@_CryptoCat
@_CryptoCat Жыл бұрын
🥰
@astralwanderer3319
@astralwanderer3319 Жыл бұрын
Hey Jonah, great vid! Will there be another one for the forensic/reverse challs as well:) ...?
@_CryptoCat
@_CryptoCat Жыл бұрын
Thanks mate! There won't anymore unfortunately, I stuck to the web category for this event. I used to try every category and make videos for each but I just don't have the time/energy these days so it's either a) do multiple categories and skip videos, or b) focus on one category and make a video 🙂
@astralwanderer3319
@astralwanderer3319 Жыл бұрын
@@_CryptoCat Oh i see:/ Well, it would be fair to say that the next year's nahamcon vid should be on the rev/forensics category. What you say:) ?
@c-t3ch
@c-t3ch Жыл бұрын
Great video :) I like the Color-Settings of your terminal. Is this a plugin for terminator or how did you costumize it?
@_CryptoCat
@_CryptoCat Жыл бұрын
Thanks mate! It's just a customised colour profile for the terminal, you can check it here: imgur.com/a/gCnvq8A - beware that some tools really benefit from a standard colour profile though, e.g. linpeas, so it's good to create a separate profile that you can easily swap between 🙂
@tangiispotted
@tangiispotted Жыл бұрын
Great Video! Just wondering, what VM are you using?
@_CryptoCat
@_CryptoCat Жыл бұрын
Thanks! I'm using ParrotOS in this video 😊
@BabeRyHellCat
@BabeRyHellCat Жыл бұрын
Could you please provide walkthroughs for the Video Intigriti CTF 2023? I'm really stuck with those challenges.
@_CryptoCat
@_CryptoCat Жыл бұрын
Hey, I'll definitely release some walkthrough videos for intigriti 1337up live 2023, both here and on intigriti's channel 😊 First one will be "Web: bounty repo" released tomorrow.. Any challenges you'd like to see specifically?
@tazaccking7467
@tazaccking7467 Жыл бұрын
can you explain how to solve blobber and tiny-little-fibers [nahamcon CTF], as i spent so much time on them but unsuccessful in solving them
@_CryptoCat
@_CryptoCat Жыл бұрын
I only looked at the web category for this CTF but keep an eye out on CTFtime for writeups. There isn't any there for tiny-little-fibers yet but here's blobber: ctftime.org/writeup/37281, you could also check the NahamSec discord as many people will post writeups there, but not add to CTFtime 😁
@tazaccking7467
@tazaccking7467 Жыл бұрын
@@_CryptoCat thank you very much
@hurdadurP
@hurdadurP Жыл бұрын
@@tazaccking7467 I think Tiny Little Fibers was just a JPG image with a lot of fluff at the end. Knowing the magic bytes of the image and the ending bytes were the way to solve it, as the flag is located at the end of the actual image. Magic bytes for start of stream are FFD8, end of stream are FFD9.
@hurdadurP
@hurdadurP Жыл бұрын
And following that, John Hammond gave an explanation in the discord what the intended solution was: strings -e l -n 2 tiny-little-fibers tiny = less than the default 4 characters in length little = little endian fibers = strings
@tazaccking7467
@tazaccking7467 Жыл бұрын
@@hurdadurP thanks bro got the flag, i used strings tiny-little-fiber in CTF for any information, at that time i dont know to use "-e l -n 2"
@Daniel-pu8xh
@Daniel-pu8xh Жыл бұрын
Great video! I think the intended way of obligatory was to leak the secret key from the flask app and forge a new cookie passing the id to 1. Once you became the admin the flag was there :-). But your way was faster 😅
@_CryptoCat
@_CryptoCat Жыл бұрын
Cheers! The cookie forge technique is cooler imo 🙂
@points7824
@points7824 Жыл бұрын
Doy you use tmux?
@_CryptoCat
@_CryptoCat Жыл бұрын
I use terminator: gnome-terminator.org
Web Challenges [Space Heroes CTF 2023]
30:17
CryptoCat
Рет қаралды 9 М.
Каха и дочка
00:28
К-Media
Рет қаралды 2,3 МЛН
Beat Ronaldo, Win $1,000,000
22:45
MrBeast
Рет қаралды 149 МЛН
路飞做的坏事被拆穿了 #路飞#海贼王
00:41
路飞与唐舞桐
Рет қаралды 26 МЛН
Quilt Challenge, No Skills, Just Luck#Funnyfamily #Partygames #Funny
00:32
Family Games Media
Рет қаралды 54 МЛН
XSS in PDF.js (CVE-2024-4367) - "Upload" [Akasec CTF 2024]
16:33
Capture The Flag! NahamCon 2024 CTF Warmups
19:09
John Hammond
Рет қаралды 53 М.
#NahamCon2024: OAuth Secret | @BugBountyReportsExplained
20:44
Trolling Hackers with a Honeypot and how you can too
20:08
Gnar Coding
Рет қаралды 8 М.
I used AI to hack this website...
23:23
Tech Raj
Рет қаралды 138 М.
LA CTF 2024: Web Challenge Walkthroughs (1-4)
19:56
CryptoCat
Рет қаралды 3,5 М.
NahamCon CTF 2022: Web Challenge Walkthroughs
42:46
CryptoCat
Рет қаралды 8 М.
The Blueprint to Your First $1,000+ Bounty
12:14
NahamSec
Рет қаралды 26 М.
How Hackers Bypass Kernel Anti Cheat
19:38
Ryscu
Рет қаралды 820 М.
Каха и дочка
00:28
К-Media
Рет қаралды 2,3 МЛН