Cracking an RDP password using Crunch and Hydra
Lately, I had to crack an RDP password for a known user in an on-site CTF. In this post, I will explain how I solved this challenge.
Category: CTF
SECCON 2016 Online CTF – Vigenere (100 points)
As the title of the challenge suggests, we are dealing with a simple Vigenere Cipher here. In Vigenere, each character of the plaintext is shifted using a key. ...
RC3 CTF 2016: goodtime (150 points)
After connecting, a prompt asking for the flag was displayed. After entering an incorrect flag, it would simply return "Nope\n" and quit. What I noticed after s...
RC3 CTF 2016: My Lil Droid (100 points)
First step, of course, is downloading the files. Turned out it was only an apk file called youtube.apk. APKs are just an archive, and can thus be extracted easi...
RC3 CTF 2016: Who’s a Good Boy? (100 points)
Let's start by having a look at the website at the URL given in the description. Then, I saw that another image was requested through an additional GET request ...
IceCTF 2016: ChainedIn (75 points)
After opening the website that was given with the challenge, I was presented a simple-looking website. Of course, I tried to log in with the credentials provide...
H4CK1T CTF 2016: China – RTFspy (150 points)
There is an .rtf file. Considering that the title of this challenge is RTFspy, there must be something in this file. First, of course, I tried to open it in the...
H4CK1T CTF 2016: Argentina – r34n1m4710n (100 points)
Just like I did with Canada – 1n51d3r’5 j0b and Germany – ch17ch47, I started grep'ing. As there was only one file, which was a pcap, I chose to first look for ...
H4CK1T CTF: Brazil – p13c3 0f c4k3 (100 points)
The ZIP archive attached to the challenge contains a ./Docs directory that held several files and directories. First, I looked at all the files to get some idea...
H4CK1T CTF 2016: Mozambique – 1magePr1son (150 points)
The attached ZIP archive contained an image called planet.png. It was a regular-looking image, so let's look for any hidden stuff inside. First, I looked for...