Things I learned from DarkCTF

Last updated 4 years ago

Was this helpful?

Things I learned from DarkCTF

Forensics

Wolfie's Contact

How to mount an EWF image file (E01) on Linux[]:

ewfmount IMAGE.E01 ./rawimage/
mkdir mountpoint # mount ./rawimage/ewf1 ./mountpoint -o ro,loop,show_sys_files,streams_interace=windows

AW

If the file is named "spectre", they may be implying that I should inspect the spectrogram 🤦‍♂️

Free Games

The writeup I read used to search the file system for. I tried to figure out why grep didn't work for me and I realized the link I was looking for is split into two lines. To prevent this I could use a tool or look for "PencakSilat" instead of "http".

Crcket

This challenge was about fixing a png. It required knowledge of the , and could use the help of .

Cryptography

Pipe Rhyme

First RSA challenge.

Linux

Linux Starter

Escape rbash restricted shell through SSH:

ssh <User>@<IP-Adress> -t "bash --noprofile"

Find Me

cp /proc/<PID>/fd/<FD> <Restored File>

Secret Vault

Base85 is a thing, and it looks something like this:

\0Ec5e;DffZ(EZee.Bl.9pF"AGXBPCsi+DGm>@

Also, I liked this syntax of while loop to crack the vault:

nr=0; while true; do nr=$((nr+1)); if [[ $(./vault $nr) != *"wrong"* ]]; then ./vault $nr; echo $nr; fi; done;

Time Eater

Sometimes you just have to keep enumerating... 😒

Misc

QuickFix

????

P_g_G_i_P_t

What can I do with PGP Fingerprint?

Grap the PGP key with:

gpg --recv-key <PGP Fingerprint>

OSINT

Eye & Time Travel

PWN

roprop

Web

Source

You can present very large numbers in PHP in this short manner:

echo 9e9; //9000000000

Dusty Notes

Fuzzing input fields might yield nice errors.

Chain Race

Apache2 Interesting Default Files

/etc/apache2/apache2.conf
/etc/apache2/ports.conf

Race Condition Vulns

The idea is to force a program to handle tasks in an unintended order. Usually happens when several threads are operating on the same resources with a time gap between initialization and usage.

PreviousMidnight Sun Next01 - fd