INSIDEOUT HACK

Otter ctf is an online capture the flag hacking and reverse engineering competition of format jeopardy.  For more otter ctf information visit  here  or visit the  official website . One of the challenges was of network type "Birdman's Data" which says " We recorded some BirdMan's networking, but a part of it (the important part) got scrambled ", along with a downloadable .pcap file. .pcap files are packet capture packets that can be seen with help of network monitoring software or packet listening programs like wireshark etc. So I am not very good at capture the flag things so my friend helped with this a lot, ok let's dive right into it. # After downloading the file first logical thing to do, which isn't efficient but is necessary in my opinion, so just open terminal and " cd " directories to the downloaded file location. then just " file " out the .pcap file name i.e: $file Birdmans_data.pcap , this gives some informati

Looking around internet it is quite clear that the most general type of web attack is CSRF attacks, CSRF stands for Cross Site Request Forgery (CSRF).  CSRF attacks are mainly actions which when an attacker tricks a victim/user into going to a page controlled by the attacker, then depending on the type of forge site victims enters their data to the target sites as the victim. CSRF attacks specifically target state-changing requests. A successful CSRF attack can force the user/victim to perform state changing requests like transferring funds, changing their email addresses and many more. lucky for attacker if victim has a administrative account then CSRF can compromise the entire web application. Consider  OWASP  for detailed information. EXAMPLE:  Bank transfer site is a perfect example. <form action="/levels/0/" method="POST">     <h2>Transfer Funds</h2>     Destination account: <input type="input" name="to" value=

Functions, functions in any programming language whether it is for web Dev or android Dev or for anything out there, are the small named codes that are encapsulated in the source codes which are supposed to perform some specific tasks, and they also provides  modularity  to the code of course. functions are mainly of two types generally(considering most of the programming languages). functions which return a value, includes return. functions which would not return a value. Moving on, considering particularly NODE.JS contains some special functions few of them i am covering now: simple function which returns something. immediately executing function/self executing functions. anonymous functions. higher-order function(setTimeout()). SIMPLE FUNCTIONS WHICH RETURN SOMETHING. functions with simple function definition, and with a return statement. BTW return statement is not necessary but function still returns something which in this case would be “undefined”.

REQUESTS:  actions which browser makes to server in order to fetch some information. Basic format for request: verb HTTP/1.1      Header1: value1      Header2:value2      ....      <request body> HEADERS(requests): Host: indicates host handling request. Accept: indicates what MIME(multipurpose internet mail extensions) types are accepted. Cookie: passes cookies to server. Authorisation: mainly used for 'basic auth' pages of form "Basic <base64'd username:password >" COOKIES: key-value pairs of data that are sent from the server and reside on the client for a fixed period of time. each cookie is unique as they have their unique domain pattern, and are passed with each request the client makes to matching tools. #cookie security :) Cookies added for any site say foobar.com can be read by any subdomains of that site i.e: foobar.com . Cookies added for a subdomains can only be read in that subdomains or by the subdomains of that sub