Skip to content

Instantly share code, notes, and snippets.

@professormahi
Last active December 4, 2016 14:44
Show Gist options
  • Save professormahi/8969c29200d50f6fe208 to your computer and use it in GitHub Desktop.
Save professormahi/8969c29200d50f6fe208 to your computer and use it in GitHub Desktop.
ctf.infosecinstitute.com CTF Challenge reviews

level 1 ($10)

url: http://ctf.infosecinstitute.com/levelone.php
flag: infosec_flagis_welcome
solution: Just see the first line of the source

level 2 ($20)

url: http://ctf.infosecinstitute.com/leveltwo.php
flag: infosec_flagis_wearejuststarting
solution:

  1. Download the image file from link
  2. base64 -d leveltwo.jpeg > 1
  3. cat 1

level 3 ($30)

url: http://ctf.infosecinstitute.com/levelthree.php
flag: INFOSECFLAGISMORSING
solution:

  1. Scan QRCode
  2. Decode morse

level 4 ($40)

url: http://ctf.infosecinstitute.com/levelfour.php
flag: infosec_flagis_welovecookies
solution:

  1. See the coockies, vasbfrp_syntvf_jrybirpbbxvrf
  2. ROT13

level 5 ($50)

url: http://ctf.infosecinstitute.com/levelfive.php
flag: infosec_flagis_stegaliens
solution:

  1. Prevent the page from creating additional dialogs using your browser.
  2. Disable javascript. Use Web Developer for Google Chrome. You can use the browser itself to disable it. Find the option in Developer Tools/Inspect Elements/... .
  3. Download the Image.
  4. Install Steghide tool. For Debian/Ubuntu/Mint use sudo apt-get install steghide.
  5. $ steghide extract -sf aliens.jpg. Enter empty passphrase.
  6. Convert the binary in all.txt to ASCII.

level 6 ($60)

url:
flag: ``
solution:

level 7 ($70)

url: http://ctf.infosecinstitute.com/404.php
flag: infosec_flagis_youfoundit
solution:

  1. Just use browser to see http://ctf.infosecinstitute.com/levelseven
  2. In status there is a base64 decoded string aW5mb3NlY19mbGFnaXNfeW91Zm91bmRpdA==
  3. Decode it

level 8 ($80)

url: http://ctf.infosecinstitute.com/leveleight.php
flag: ``
solution:

level 9 ($90)

url: http://ctf.infosecinstitute.com/levelnine.php
flag: infosec_flagis_defaultpass
solution:

  1. Try CISCO default passwords ;) A Compelete list is here
  2. Try root and attack and the result is ssaptluafed_sigalf_cesofni
  3. The message is reverse cipher so the flag is infosec_flagis_defaultpass

level 10 ($100)

url:
flag: ``
solution:

level 11 ($110)

url: http://ctf.infosecinstitute.com/leveleleven.php
flag: infosec_flagis_aHR0cDovL3d3dy5yb2xsZXJza2kuY28udWsvaW1hZ2VzYi9wb3dlcnNsaWRlX2xvZ29fbGFyZ2UuZ2lm
solution:

  1. Download the image file
  2. use strings command and find the flag

level 12 ($120)

url: http://ctf.infosecinstitute.com/leveltwelve.php
flag: infosec_flagis_heyimnotacolor
solution:

  1. There is a new css file named design.css
  2. In the file flag is in hex (696e666f7365635f666c616769735f686579696d6e6f7461636f6c6f72), so just conver it to ASCII and the flag will appear

level x

url:
flag: ``
solution:

@alirezaomidi
Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment