Monthly Archives August 2016

For this one we're given a link to a Megaupload hosted file. It's a 93mb file so it's gotta be good! The clue was: I got locked out of my iTrash :( 1 2 3 4 5 6 7 8 9 Flag format: ctf(n-n-...-n) Interesting. What is it? We inspect the contents: [shell] root@kali:~/ctfx/itrash# unzip -t iTrash Archive: iTrash.zip testing:…

In this challenge we were given an string and told that it was an authorization token that had expired. We want to forge an authorization token for whatever service this token is used for. The token we're given is this: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkFtYXppbmcgSGF4eDByIiwiZXhwIjoiMTQ2NjI3MDcyMiIsImFkbWluIjp0cnVlfQ.UL9Pz5HbaMdZCV9cS9OcpccjrlkcmLovL2A2aiKiAOY We quickly recognize this as a JWT, Json Web Token. I headed over to the jwt.io site to check…

Close