Challenge I: Cursed Stale Policy (CSP) Since I forgot to take screenshots during the CTF, let us go through this easy web challenge using the docker file provided. The name of the web challenge is related to Content State Policy (CSP) which basically is a protection mechanism implemented in modern browsers to prevent XSS and other web attacks that involve execution of scripts.
CSP can be used to prevent the execution of inline scripts <script>alert(1);</script> and loaded external scripts which are not verified.
Enumeration IP: 10.10.11.11
Nmap > nmap -sC -sV -v 10.10.11.11 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-server-header: Apache/2.4.41 (Ubuntu) |http-title: Site doesn't have a title (text/html; charset=UTF-8). 8080/tcp open http PHP cli server 5.5 or later (PHP 7.4.3-4ubuntu2.22) | http-methods: | Supported Methods: GET HEAD POST OPTIONS | http-robots.
Enumeration IP: 10.10.11.16
Let’s find open ports using rustscan and enumerate those open ports using nmap.
> rustscan -a 10.10.11.16 –ulimit 5000 …. Open 10.10.11.16:80 Open 10.10.11.16:135 Open 10.10.11.16:139 Open 10.10.11.16:445 Open 10.10.11.16:6791 …. > nmap -A -v -p 80,135,139,445,6791 10.10.11.16 …. PORT STATE SERVICE VERSION PORT STATE SERVICE VERSION 80/tcp open http nginx 1.24.0 | http-methods: |_ Supported Methods: GET HEAD |_http-server-header: nginx/1.24.0 |_http-title: SolarLab Instant Messenger 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds?
Enumeration IP: 10.10.10.98
> nmap -sCV -v 10.10.10.98 -oA nmap/ PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd | ftp-anon: Anonymous FTP login allowed (FTP code 230) |Cant get directory listing: PASV failed: 425 Cannot open data connection. | ftp-syst: | SYST: Windows_NT 23/tcp open telnet? 80/tcp open http Microsoft IIS httpd 7.5 | http-methods: | Supported Methods: OPTIONS TRACE GET HEAD POST |_ Potentially risky methods: TRACE |_http-title: MegaCorp |_http-server-header: Microsoft-IIS/7.
IP: 10.10.10.175
Enumeration > nmap -sCV -v 10.10.10.175 PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http Microsoft IIS httpd 10.0 | http-methods: | Supported Methods: OPTIONS TRACE GET HEAD POST |_ Potentially risky methods: TRACE |_http-title: Egotistical Bank :: Home |_http-server-header: Microsoft-IIS/10.0 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2024-04-11 20:19:57Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: EGOTISTICAL-BANK.
Enumeration IP: 10.10.10.100
> nmap -sCV -v 10.10.10.100 PORT STATE SERVICE VERSION 53/tcp open domain Microsoft DNS 6.1.7601 (1DB15D39) (Windows Server 2008 R2 SP1) | dns-nsid: |_ bind.version: Microsoft DNS 6.1.7601 (1DB15D39) 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2024-04-0 9 07:25:08Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: active.htb, Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5?
Enumeration Nmap Scan
> nmap -sCV -v 10.10.10.161 PORT STATE SERVICE VERSION 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2024-04-05 18:32:50Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: htb.local, Site: Default-First-Site-Name) 445/tcp open Eicrosof Windows Server 2016 Standard 14393 microsoft-ds (workgroup: HTB) 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: htb.
What is TCP ? Transmission Control Protocol (TCP) is one of the core communication protocols which is used to establish and maintain network connections on the internet and other computer networks. It enables the transfer of data and communication between devices. TCP is connection oriented ensuring the orderly and error free delivery of data packets.
TCP works at the transport layer of both the OSI and TCP/IP model. Two protocols exists at the transport layer.
This year I participated in Cyber Apocalypse, a CTF organised by hackthebox and managed to solve a few web challenges. Here is my writeup for didactic octo paddles, a medium difficulty web challenge. In this challenge, we are given the luxury of going through the source code of the web application, so it becomes easier to find vulnerabilities in logic errors. Looking at the source code, the web app is written in javascript and utilise nodejs in the backend.
This is my write up for the Tryhackme mrRobot CTF challenge. The CTF is of easy/medium difficulty but due to the involvement of some enumeration, it was time consuming. The task didn’t involve much outside the box thinking and involved copy pasting some scripts and following instructions on GTFObins.
As always we are given an IP address and we just have to scan the ip using nmap. In CTFs, usually there is a http endpoint at port 80 and we can focus on the http port while our nmap scan is running in the backgroud.