Tag: hacker

GreenOptic CTF

GreenOptic is my fourth Capture the Flag box. It is rated as ‘Very Hard’ (as per the difficulty matrix). As with all of my CTFs, please run this in ‘Host Only’ mode – it does not need an internet connection.

Don’t let the difficulty put you off though – the CTF is designed to be realistic, so you won’t come across anything you wouldn’t experience in a real environment.

You will need to enumerate this box very well, and likely chain together different bits of information and vulnerabilities in order to gain access.

Synopsis:

British Internet Service Provider GreenOptic has been subject to a large scale Cyber Attack. Over 5 million of their customer records have been stolen, along with credit card information and bank details.

GreenOptic have created an incident response team to analyse the attack and close any security holes. Can you break into their server before they fix their security holes?

You can download GreenOptic here.

SHA-256: 00af6eb4a29fa6447fb68ea4dae112de822c78d2021e210d8233e0b0ba8cc5e9

-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbBiicuM2ITDGGcOJPvHWS2kZ5UMFAl8MkR0ACgkQPvHWS2kZ
5UOMHA//UsZaeOr5P/CW9ND8ouww9EaczP03SvfFqLClFadGeY5HhpCDA4+nYOjS
6mbJH3LHrNgTIPLUoEtZJvM5zShWxvaMNYgICkUBv6W0dgmfumuMhRaaLjyFtCXA
vwqApoaKm8Gooe0r5F3OfW7cIkGAShD5N/Qh0cEUmJnkH9GOW6DT3qQdZaTkvBP+
VoVisf2BP49fjyZQ2gF856LnNKZAgUOQp612fCIcFPoKEylNAbb7PCe1GNsq2yu4
8PteNSCCXiSQfU+X6YrHDyz5v8UAmZX8TuvccmfJpcfd9sWkwHGnuc4TEWPzwZOf
T7DosUGWeQb8wJxctYdsWz9Iw35lKf385GNzYoZ4p9tffhcDtMwatlhRTJG1eXmm
SHDBhOWhmLwBiD5VXKP6riv5wSNH8mYYgajsqzU3Vn56RofGqwtS+BYc6B3m1KXN
HC19Y7SZevOTVjmNXOjaj4rv6q08zj6p/CNDKf30WOHVokjPOIEQM+xcIJ8RRPMN
6tfUruMKqnXFtRFpulwGqBooWf9fMALR4Ha1vQUbnZ9oe6YY1aIaQDTnyW6BqZay
zLu0fVPdvDd7BUugVb52/qwpwGYpFwQe9CrGvWgA2yeFWm+0VKcxtDR7CyRzDVvM
hWKnf/K+4tLQ7HwB15gcMYwgVS2XZpNB/AP4fYYWcqZGrWqe1nw=
=aF4J
-----END PGP SIGNATURE-----

Once you’ve completed my CTF, let me know how you found it.

Loading ...

Tags blackhat, capture the flag, ctf, greenoptic, hacker, hacking, hackthebox, linux, vulnhub

Credit Card Scammers CTF

This is my first Capture the Flag exercise and covers a number of different techniques.

The back story: Scammers are taking advantage of people and various fake shopping websites have been setup, but people are finding their orders never arrive. We have identified one scam website which we believe is harvesting credit card details from victims. Your objective is to take down the scam website by gaining root access, and identify the 3 flags on their server. Our intelligence suggests the scammers are actively reviewing all orders to quickly make use of the credit card information.

The types of vulnerability used in this CTF can be seen below (they are intentionally hidden by default):

- XSS
- SQL
- Privilege escalation
- Hash cracking or brute forcing

You can download the Capture the Flag here. This has been tested using VirtualBox but may work with other virtualisation platforms. DHCP is enabled, and it is recommended you run this in host-only network mode.

Please feel free to leave me feedback in the comments. I am keen to see what people thought about it and how easy/difficult they thought it was.

SHA-256: e840abca18c81bb269a02247a99416b0f63261f3a62d4b17b9436fb3387f70e7

-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbBiicuM2ITDGGcOJPvHWS2kZ5UMFAl7NYsAACgkQPvHWS2kZ
5UNxQhAAk134aocO6KkEoe+f+DIQrTdFbG8CxQ/b4PWRrIWvFStPzyLwlFe2Vi/W
oYfJ+i+pgrkh2NXVf5UbwnfvChUPIjnyxa6NhuVM9vfWsxkwvWLJ4DcKYMVhKuK1
bOEyXqL4MXp1TrEUZWUm7R3xxlgcaRAA2cpts0joDImmggcljC7n1oeBYHumasbn
A9YPuBnjBJnST3ii2brhNV0c58YTJLpssN3XFIGSQmFsl9xwXeU/zClrX4WivP0U
9odK/gUvVXGBRzr/BrsxVK65s5/0IYuFkwGBKoDvqCQOr2sZQC6le/PioH8VeQ19
23jYte6fbMDggXzvbXNUx19tMg6tGKXipcXKD5+9Vdp6SL8nbxHo07DhkeuOPFmv
GjAYj1jEYcgVUVNrb9lRmMkow9tkUq67DhPBN8ekwM/PR/1jxAQTG/P9JL+69/lS
aag3U/IpNl334I4oO5TniutUJf06YsHeWqeKO7cq9elVVfC4YPI+VOESS6eiS0DB
Zc7YO6oYomEcL7wA4Io5m+qaEy4SFHUEutw4aurcoXNf8a/95BL5jIAK71JA30Ut
euB/KWB2IxxuafxD38coqjxmlDQPx7fztMHPGUhvvqZiqyjaQtFoPFzKu4BYDeIY
y5INDm1oVetVt1VB5ZHYXT8dS2owGET8WC6DTZCf4g9isTbhlws=
=NDWq
-----END PGP SIGNATURE-----

Tags capture the flag, ctf, hacker, hacking, linux, privilege escalation, scammer, security, sql, sql injection, virtual box, virtualbox, virtulisation, virtulization, vulnhub, xss