Showing 2 results for: February 2013 ×Tools ×

Owning Windows Networks With Responder Part 2

One of the great things about working within SpiderLabs is that we prefer to use our own tools whenever possible. The biggest advantage to using your own toolset is lot more control over what's happening during the testing process; helping...

CryptOMG Walkthough - Challenge 2

For those of you that missed it last time, CryptOMG is a configurable CTF-style test bed that highlights flaws in cryptographic implementations. The application and installation instructions can be downloaded for free at the SpiderLabs Github. The challenge 1 walkthrough can be found here. The goal for the second challenge is to get the admin password. Unlike the first challenge, which told us there was probably a directory traversal flaw, this does not give us a very clear picture of the type of flaw we will be exploiting. After opening the application, we are presented with a login form and instructions telling us that we can login with guest/guest. Taking a closer look at the URL parameters, we have a "ReturnUrl" parameter with 32 hex characters, in this case 82803ac0ee614d894128649a2eb31f03.