ONE$ && ZER0$

Developing a capture the flag In this blog post, I thought to write about the development process of a couple of levels in a capture the flag box AKA CTF box. This CTF is developed to demonstrate vulnerabilities that are beyond from typical vulnerabilities such as XSS (Cross-Site Scripting), SQLi (SQL Injection) and WordPress thus these CTF challenges are contained with stuff like hash cracking, reverse engineering, request manipulation and so on. If you try to play this (web-based) levels, you need to have the previous level’s flag in order to obtain any information about the next level’s credentials such as the password to the next level and sometimes the username. In this demonstration, there are four levels that use a web platform as the main interface for the player and these levels contain different tasks that the player needs to complete in order to reach the final level and complete the Box. The four main tasks are as follows, The first challenge is to crack ...

What is HTTPS? HTTPS stands for "Hypertext Transfer Protocol Secure" . This is an extension of Hypertext Transfer Protocol (HTTP) for secure communication over a computer network. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or Secure Socket Layer (SSL) . Here servers and clients are still using HTTP to communicate with each other, but over a secure SSL connection that encrypts and decrypts the client-server requests and responses.  SSL ensures that all the requests and responses are directed to the legitimate destination and from a legitimate source, and also it ensures that only a legitimate server or a client can view the content of a request/response. Eavesdroppers will monitor the traffic, but they will not be able to read the content in the traffic since its encrypted. How SSL Works?  A Secure Socket Layer connection between client and server initiate with a "handshake". The goal is to satisfy the cli...