CloudSEK CTF Walkthrough (EWYL)

CloudSEK CTF Walkthrough (EWYL)

I am excited to share with you all (readers), how challenging and yet how amusing the CTF was. At certain point I was thinking that what am I doing wrong but as they say ‘No detail is too small.’ So here is my detailed CTF walkthrough of CloudSEK’s CTF EWYL Program.

I am excited to share with you all (readers), how challenging and yet how amusing the CTF was. At certain point I was thinking that what am I doing wrong but as they say ‘No detail is too small.’ So here is my detailed CTF walkthrough of CloudSEK’s CTF EWYL Program.

CTF Difficulty Level:

· Medium

Penetration Testing Methodology:

· Web and Steganography based Penetration Testing

Reconnaissance:

· View-Source (Ctrl+U)

Exploitation:

· LFI Bug

Tools:

· Decoder (https://malwaredecoder.com)

· MD5 Hash Decoder (https://www.md5online.org/md5-decrypt.html)

· Base64 Encoder/Decoder (https://www.base64decode.org/)

· JWT.io/ POSTMAN (https://jwt.io/)

· Image Metadata Viewer (http://exif.regex.info/exif.cgi)

· Steghide

Results:

· Capturing the Flag

· Access the submission URL

Walkthrough

  1. view-source:http://54.244.19.42/ viewing the source code of the website for username and password to bypass the authentication.

    Image for post

Source Code

2. Here we can easily deduce that the username is encoded as a hidden script and to uncover its real functionality we have to decode it.

steganography ctf cybersecurity bug-bounty web-penetration-testing

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Top Security Penetration Testing Companies

Cybercrime is one of the world’s fastest-growing threats, with malicious actors constantly elaborating their methods of undetectable intrusion. According to Verizon’s Business 2020 Data Breach Investigations report, there has been a 100% increase in web app breaches, and stolen credentials were used in more than 80% of these cases. These statistics are worrying for many businesses that actively move their processes to the cloud and deal heavily with customers’ personal data.

Wormable Apple iCloud Bug Allows Automatic Photo Theft

Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack. The wormable iCloud bug is a cross-site scripting (XSS) issue, according to the writeup.

Cybersecurity Live | Penetration Testing Tutorial for Beginners | Cyber Security Training

🔥 Edureka Online Training: https://www.edureka.co/cybersecurity-certification-training This Edureka video on "Penetration Testing Tutorial for Beginners" wil

Testing Microservices Applications

The shift towards microservices and modular applications makes testing more important and more challenging at the same time. Learn more here.

whatsapp web-w app web-webs whatsapp »

whatsapp web-w app web-webs whatsapp-web.whatsapp.com-wsp web-web.whatsapp.com qr-whats up online-whatsappwebsite