sectalks

BNE0x03 - Simple

published on

Simple CTF

Simple CTF is a boot2root that focuses on the basics of web based hacking. /root/flag.txt is your ultimate goal.

Hints

  • Get a user shell by uploading a reverse shell and executing it.
  • A proxy may help you to upload the file you want, rather than the file that the server expects.
  • There are 3 known privesc exploits that work. Some people have had trouble executing one of them unless it was over a reverse shell using a netcat listener.

Read More...

BNE0x02 - Fuku

published on

Fuku CTF

Fuku (pronounced “far queue”) CTF is designed to fuck with people.

There are a few flag.txt files to grab. The final one is in the /root/ directory. However, the ultimate goal is to get a root shell.

Scenario

“Bull was pissed when you broke into his Minotaur box. He has taken precautions with another website that he is hosting, implementing IDS, whitelisting, and obfuscation techniques. He is now taunting hackers to try and hack him, believing himself to be safe. It is up to you to put him in his place.”

Hints

Some scripting will probably be needed to find a useful port. If the machine seems to go down after a while, it probably hasn’t. This CTF isn’t called Fuku for nothing!

Read More...

BNE0x00 - Minotaur

published on

Minotaur CTF

Minotaur is a boot2root CTF. There are a few flag.txt files around to grab. /root/flag.txt is your ultimate goal.

Hints

  • This CTF has a couple of fairly heavy password cracking challenges, and some red herrings.
  • One password you will need is not on rockyou.txt or any other wordlist you may have out there. So you need to think of a way to generate it yourself.

Read More...