Tuesday, February 23, 2016

INTERNETWACHE CTF 2016 (misc90) Write Up

INTERNETWACHE CTF

Hello Every One . Today I would like to talk about a Write Up in (INTERNETWACHE CTF 2016), that me and my friends was Playing as a Team (Hacku) in The last few Days , It was full of fun and cool Tasks, We Enjoyed a lot at IRC freenode.

The CTf was full of Tasks and were in a lot of Categories In :

- Misc
- Web
- Reversing
- Crypto
- Code
- Exploit

In This Article , I would like to share some of my solution of one of the Tasks with My resources that I used, and i spent a couple of Hours to solve it .

Al-thought it's have 90 Point(with high score), But It's very simple solution (I know That). At least it could help you or Give You a little Tips in another CTF .

So let's Go and have a Fun ...

The Title of The Task Says : BarParty (misc90)

The Description Says : Can you read the barcodes?

And Have the following Image Attached .

barcode CTF

First , I Thought it's have Hidden Message , So I made some quickly steps to analyze the Image but found Nothing .

Then i thought to My self (Common it's Clearly Message says in a challenge way : Can you read the barcodes?) 

CTF ONLINE

So I made a decision To retrieve The BarCode and Opened The Photoshop and Started to cut The Barcode into Pieces .

ctf writeup

I Separated First All Pieces with Pen Tool .
Then in a new Window , i Transformed the pieces and tried to make it into pairs  linked to each other like this . 

internetwache ctf write up


Then I went to www.onlinebarcodereader.com to read The Barcode Online and it's read to me with (IW{Bar), this is the beginning of the Flag So i knew that am in the right Direction .

I returned back to Photoshop and Linked All the pieces Together and this is the final Image i Made .

ctf online solution


Finally , I read all the pieces separately from onlinebarcodereader.com and got the flag : IW{Bar_B4r_C0d3s}


Monday, June 1, 2015

Stegosploit : Malicious Code In Pictures

stegosploit

Stegosploit: Hacking With Images

The Security Researcher Saumil Shah from Net Square security has presented at Hack In The Box conference in Amsterdam his Stegosploit project which allows an attacker to embed executable JavaScript code within an image to trigger a drive-by download.

The Stegosploit digital steganography project could open new scary scenarios for Internet users that could be infected by viewing a picture on any website, even without clicking on it or downloading it. The image could be the container for the priming of the malware. Shah has no doubts, Stegosploit could be the future of online attacks.

Technical Details and explain in the video 



Wednesday, March 11, 2015

WordPress SEO by Yoast Plugin Vulnerability Affects Millions



WordPress SEO by Yoast Plugin

WordPress SEO by Yoast Plugin Vulnerability Affects Millions

A critical vulnerability has been discovered in the most popular plugin of the WordPress content management platform (CMS) that puts tens of Millions of websites at risks of being hacked by the attackers.

The vulnerability actually resides in most versions of a WordPress plugin known as ‘WordPress SEO by Yoast,’ which has more than 14 Million downloads according to Yoast website, making it one of the most popular plugins of WordPress for easily optimizing websites for search engines i.e Search engine optimization (SEO).

The vulnerability in WordPress SEO by Yoast has been discovered by Ryan Dewhurst, developer of the WordPress vulnerability scanner ‘WPScan’.

All the versions prior to 1.7.3.3 of ‘WordPress SEO by Yoast’ are vulnerable to Blind SQL Injection web application flaw, according to an advisory published today.