CTF INFOSEC INSTITUTE CTF SOLUTIONS





INFOSEC INSTITUTE CTF LEVEL ONE SOLUTION

This is pretty simple one !!
When you click level one !! you see below screen




Text – “May the source be with you “ is the clue for checking source page. Once you open source page, you will find the flag on top of page


Flag - <!-- infosec_flagis_welcome -->




INFOSEC INSTITUTE CTF LEVEL TWO SOLUTION
This is simple but tricky.
Once you open Level two page. You find “ image icon which cannot be loaded”


Check the image link , go to http://ctf.infosecinstitute.com/img/leveltwo.jpeg ,still image cannot be loaded. Go to http://ctf.infosecinstitute.com/img/ and download the image with “save as”



Open this image with Notepad plus .



You get a string value.
aW5mb3NlY19mbGFnaXNfd2VhcmVqdXN0c3RhcnRpbmc=

on quick look , I found this to be Base64 encoded.





You get the flag - infosec_flagis_wearejuststarting


INFOSEC INSTITUTE CTF LEVEL THREE SOLUTION
Level 3 is QR code displayed on page.




I quickly check if there is addon for firefox to read  QR code and convert code to text. Luckly I found on Add on – QR Secret decoder









It resulted into dot and dashes



This is morse code.
I entered this code into my favourite http://rumkin.com/tools/cipher/  used Morse decoder to see the text.





Flag is – INFOSECFLAGISMORSING

INFOSEC INSTITUTE CTF LEVEL FOUR SOLUTION
This is not a straight one at all. When you open level four you find below screen.


Clue is -HTTP means Hypertext Transfer Protocol
I tried looking to the entire corners of http, but could not found anything. It was like annoying .. Hold on.. I found something  http capture with “live http Header “ addon.
Other way you find this with cookie manager add on. 




You see some value - vasbfrp_syntvf_jrybirpbbxvrf
Hmmm.. I was not sure if this would be the flag or encrypted flag text . however I tried with few decoder from runkim.com .. at last I found that it is ROT13 encoder . using the same I decode it.



Flag is  - infosec_flagis_welovecookies


INFOSEC INSTITUTE CTF LEVEL FIVE SOLUTION
Level 5 page load with alert “hacker” repeatedly.
I tried to stop the pop up by checking “ prevent it” but this page does not move to any place. i did not try any hard way for this. I was sure “redirect” is key here. So I enabled “ No Redirect” addon  and I found this image.




Lol !!  Aliens here too J
But where is the Flag ? I tried opening the image with few editors , but no luck. Next move was stenography . I used online tool to check if this image contain any hidden code.



Found the hidden code



01101001011011100110011001101111011100110110010101100011010111110110011001101100011000010110011101101001011100110101111101110011011101000110010101100111011000010110110001101001011001010110111001110011

I converted this binary to text and found the flag.
Flag is - infosec_flagis_stegaliens


INFOSEC INSTITUTE CTF LEVEL SIX SOLUTION
In this level you did to download pcap file.
Opent the file in wireshark. Check UDP and follow UDP steam





You get a string , this could be possible flag ? on bit googling found that it could be hex and I used online hex to string convert , found the flag.

Flag - infosec_flagis_sniffed

INFOSEC INSTITUTE CTF LEVEL SEVEN SOLUTION
This is quite tricky one !! need more commom sense than a technology .
This level url end with 404.php , where as other user are like levelone , leveltwo.
I used the same, I changed 404.php to levelseven.php  … Uhh!!  I don’t see anything on page , looks like we are not done yet !! I checked source code and other area to find flag, no luck.
I used Live http header add on to see if I can capture tcp request to find for cule. Opps !!! got some thing


When I saw == I knew this base64 encoded J  I used decoder from Hack bar addon , found the flag
Flag is - infosec_flagis_youfoundit

INFOSEC INSTITUTE CTF LEVEL 8 SOLUTION
In this level you need to download exe file . I am sure this exe file has flag, I never decompiled exe till now and thought this right time to learn quickly,
Flag – Not found
INFOSEC INSTITUTE CTF LEVEL 9 SOLUTION



Cisco IDS web login ?  I check with default password for here
Found it :- username root and password attack.


I see the pop up with some character. I believe this is Flag.
In source code I found this.

I used hackbar and further reverse option, when you can reverse the string.
ssaptluafed_sigalf_cesofn
 

Flag is - infosec_flagis_defaultpass

INFOSEC INSTITUTE CTF LEVEL 10 SOLUTION
In this level you get to download wav file,  initially I thought it would Steganography but I was wrong.
Tried with music editor other tools. But no luck.
Here is what I think
Based on all the flag I found   , flag should be
Flag - infosec_flagis_sound

INFOSEC INSTITUTE CTF LEVEL 13 SOLUTION
This level you get a clue “What the heck happened here? It seems that the challenge here is gone? Can you find it? Can you check if you can find the backup file for this one? I'm sorry for messing up :(“

Back up files ? how we generally rename them? Old or with date or bak . I tried with them,
I could download the file

Not solved yet...

WIRELESS PEN-TEST FRAMEWORK

List Of Hacking And Security Certifications!



1. Certified Ethical Hacker by EC-Council

CEH provides a comprehensive ethical hacking and network security-training program to meet the standards of highly skilled security professionals. Hundreds of SMEs and authors have contributed towards the content presented in the CEH courseware. Latest tools and exploits uncovered from the underground community are featured in the new package. Their researchers have invested thousands of man hours researching the latest trends and uncovering the covert techniques used by the underground community. 

Below are the other certifications offered by EC-Council:

Licensed Penetration Tester - LPT
EC-Council Certified Security Analyst - ECSA
EC-Council Network Security Administrator - ENSA
EC-Council Certified Incident Handler - ECIH
Computer Hacking Forensic Investigator - CHFI
Chief Information Security Officer - CCISO

2. Certified Information Security Manager (CISM) by ISACA

The management-focused CISM is the globally accepted standard for individuals who design, build and manage enterprise information security programs. CISM is the leading credential for information security managers. The recent quarterly IT Skills and Certifications Pay Index (ITSCPI) from Foote Partners ranked CISM among the most sought-after and highest-paying IT certifications. 

Below are other certifications offered by EC-Council:

Certified Information Systems Auditor (CISA)
Certified in the Governance of Enterprise IT (CGEIT)
Certified in Risk and Information Systems Control (CRISC)

3. Certified Information Systems Security Professional by ISC2 

“CISSP certification is a globally recognized standard of achievement that confirms an individual's knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. It was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.” 

Other certifications by ISC2:

Systems Security Certified Practitioner
Certified Authorization Professional
Certified Secure Software Lifecycle Professional
Certified Cyber Forensics Professional
HealthCare Information Security and Privacy Practitioner

4. Certified Wireless Security Professional (CWSP) by Certified Wireless Network Professional (CWNP)

The CWSP certification is a professional level wireless LAN certification for the CWNP Program. The CWSP certification will advance your career by ensuring you have the skills to successfully secure enterprise Wi-Fi networks from hackers, no matter which brand of Wi-Fi gear your organization deploys.

Here are other courses by CWNP:

Entry level - CWTS: Certified Wireless Technology Specialist
Administrator level - CWNA: Certified Wireless Network Administrator
Professional level - CWDP: Certified Wireless Design Professional
Professional level - CWAP: Certified Wireless Analysis Professional
Expert level - CWNE: Certified Wireless Network Expert

5. CompTIA Security+

CompTIA Security+ is an international, vendor-neutral certification that demonstrates competency in Network security, Compliance and operational security, Threats and vulnerabilities, Application, data and host security, Access control and identity management and Cryptography. 

Here are other courses by CompTIA:

CompTIA Advanced Security Practitioner (CASP)
CompTIA A+
CompTIA CDIA+
CompTIA Cloud+
CompTIA CTT+
CompTIA Linux+ Powered by LPI
CompTIA Mobile App Security+
CompTIA Mobility+
CompTIA Network+
CompTIA PDI+
CompTIA Project+
CompTIA Security+
CompTIA Server+
CompTIA Storage+ Powered by SNIA
CompTIA Cloud Essentials
CompTIA Green IT
CompTIA Healthcare IT Technician
CompTIA IT for Sales
Social Media Security Professional
Strata IT Fundamentals

6. All Courses at Global Information Assurance Certification (GIAC)

GIAC (Global Information Assurance Certification) was founded in 1999 to validate the skills of information security professionals. The purpose of GIAC is to provide assurance that a certified individual has the knowledge and skills necessary for a practitioner in key areas of computer, information and software security. GIAC certifications are trusted by thousands of companies and government agencies, including the United States National Security Agency (NSA).

GIAC certifications address a range of skill sets including entry-level information security and broad-based security essentials, as well as advanced subject areas like Audit, Intrusion detection, Incident handling, Firewalls and perimeter protection, Forensics, Hacker techniques, Windows and Unix operating system security and Secure software and application coding. 

GIAC offers certifications in the below categories:

Security Administration
Forensics
Management
Audit
Software Security
Legal
 found this article @http://efytimes.com/e1/fullnews.asp?edid=121035 , complete credit is to owner of this post /web site.

I am sharing this articles for not any personal benefit.

Saba