CHALLENGE DESCRIPTION SOLUTION Analyze the packets and we can notice something similar here. Try it to unzip the flag.zip as password.

CHALLENGE DESCRIPTION There is a locked door in front of us that can only be opened with the secret passphrase. There are no keys anywhere in the room, only this .txt. There is also a writing on th...

CHALLENGE DESCRIPTION SOLUTION - Bitlock-1 First, we need to crack bitlock password using bitlocker2john to get hash, and crack hash by john bitlocker2john -i bitlocker-1.dd > hash.txt john ha...

CHALLENGE DESCRIPTION SOLUTION First, we need to convert evtx to xml to analyze pip install python-evtx source myenv/bin/activate python3 evtx_dump.py some.evtx > some.xml We read the hint a...

CHALLENGE DESCRIPTION SOLUTION We can view the source code of the web, we notice that the file’s name of the flags in xx.png format, but only 1 with xxx.png Download it and try to analyze with ...

CHALLENGE DESCRIPTION SOLUTION First, we can see half of the flag in the PDF file We can try something like strings or binwalk but nothing is interesting Let try exiftool and we can notice th...

CHALLENGE DESCRIPTION SOLUTION Install and Usage sudo apt install ruby sudo gem install zsteg zsteg -a img.png Solve We can try some thing like steghide or exiftool or strings but nothing seem...

CHALLENGE DESCRIPTION SOLUTION Manual We open pcap file with Wireshark, we can notice that there are some things look like Base64 strings, and some of them have same length. We search tcp.len =...

CHALLENGE HINT Flag2 We should try some sqlmap by saving our POST to a file named req and run the command sqlmap -r req --dump --batch Flag0 After reading the hints, we know that we need to us...

CHALLENGE HINT Flag0 Using FUZZ tool to brute force user password. Flag1 Change id=2 Flag2 We read the hint, inspect when create new post, we can see <input type='hiden'>, delete hiden a...