Categories
CTF's My CTF's

Presidential CTF

Presidential is my third Capture the Flag exercise. It is rated as Medium to Hard – I wouldn’t say the exploitation techniques are necessarily difficult on this server, but this box will definitely test your enumeration skills. If you need a hint, feel free to contact me – but enumerate harder first.

Enumerate Enumerate Enumerate

This is the best advice I can give you.

Download Now

Synopsis:

The Presidential Elections within the USA are just around the corner (November 2020). One of the political parties is concerned that the other political party is going to perform electoral fraud by hacking into the registration system, and falsifying the votes.

The state of Ontario has therefore asked you (an independent penetration tester) to test the security of their server in order to alleviate any electoral fraud concerns (I’m aware Ontario isn’t a real US state – this is meant to be fictional). Your goal is to see if you can gain root access to the server – the state is still developing their registration website but has asked you to test their server security before the website and registration system are launched.

This CTF was created and has been tested with VirtualBox. It should also be compatible with VMWare and is DHCP enabled.

You can download the CTF here. I look forward to your feedback.

SHA-256: 1d402ad612251e4b07bf990d7f55f1d3c5158bf9c0aad4e3663526f4d06a3e97

Write Up’s

A big thanks to 0xatom for doing a write up on this box. If you need help, feel free to read their write up. Though, try harder first. You will find it so much more rewarding if you manage to crack it yourself.

Categories
CTF's My CTF's

Credit Card Scammers CTF

This is my first Capture the Flag exercise and covers a number of different techniques.

Download Now

The back story: Scammers are taking advantage of people and various fake shopping websites have been setup, but people are finding their orders never arrive. We have identified one scam website which we believe is harvesting credit card details from victims. Your objective is to take down the scam website by gaining root access, and identify the 3 flags on their server. Our intelligence suggests the scammers are actively reviewing all orders to quickly make use of the credit card information.

The types of vulnerability used in this CTF can be seen below (they are intentionally hidden by default):

You can download the Capture the Flag here. This has been tested using VirtualBox but may work with other virtualisation platforms. DHCP is enabled, and it is recommended you run this in host-only network mode.

Please feel free to leave me feedback in the comments. I am keen to see what people thought about it and how easy/difficult they thought it was.

SHA-256: e840abca18c81bb269a02247a99416b0f63261f3a62d4b17b9436fb3387f70e7