[CTF NDH 2016 Quals] Write-Up – Inforensic : Invest

Posted by: Yann C.  /   Category: Cryptanalyze / Cryptography / Cryptology / / / / / Vulnerabilities, exploits and PoC   /   No Comments
03
Apr
2016

Write-up of the challenge “Inforensic – Invest” of Nuit du Hack 2016 CTF qualifications.

The weekend of 04/01/2016 is pre-qualification for the Nuit du Hack 2016 as a Jeopardy CTF. Having had the opportunity and the time to participate with some colleagues and friends, here’s a write-up resolution of the challenges which we.

Read more
04
Mar
2016

SSO authentication page of one of Fortigate IdP presents a Cross-Site Scripting vulnerability which can be used to steal user credentials in plaintext.

Companies and current majors turn increasingly to identity federation. A central and single repository containing users credentials (login / password) like LDAP, AD, etc., a single web application centralized authentication (commonly referred to IdP for.

Read more
02
Mar
2016

How to upload / transfer a file through a shell / terminal DOS on Windows? There is no "wget" easy to use on these OS; many pentesters are being ripped hair to transmit a payload.exe when they gain a shell or reverse-shell on a compromised a machine.

Many methods exist, starting from solutions.

Read more