- I’m Math, a Web and Software Developer with a strong interest in cybersecurity.
- I am documenting my journey into infosec to help me reflect on my progress later on.
- I hope to perhaps help others wanting to join this field by demonstrating my thought process during an assessment, including the rabbit holes that lead to nowhere, through diary-like entries.
- Hopefully this insight will help newcomers aquire certain reflexes and reinforce the fact that it is okay to not know everything and to fail and just keep learning.
Hacker101 CTF - Micro CMS v2
It looks like our target’s developers got wind of our previous exploits and fixed them, as stated in their changelog. The app looks the same but we are required to log in as an admin to use the Edit and Create features. One caveat : there is no way for us to create an account. I guess we’ll have to borrow someone else’s then. The Log In page looks simple enough....
Hacker101 CTF - Micro CMS v1
The first thing to do with any new app we’re testing is to play with every feature. Looks like we can view pages and create new ones. Let’s look at one of the pages. Right off the bat, the simple integer ID catches my eyes. My reflex is of course to enumerate IDs. Changing the 2 for a 1 returns the other page as expected. Let’s try going higher. 3 Not Found....
Hacker101 CTF - A little something to get you started
Okay so this is the first challenge in the Hacker101 CTF. Not much of a challenge at all, but it does give us points and we do like points. There’s not much in here, looks like a simple welcome message. First step, always check the source code. Still not much in there. Only 15 LoC, including the empty lines… To hack an application, one must interact with it. The only thing we seem to be able to interact with is the background....