The Rekall CTFs are the Project 2 deliverable(s) from the Cybersecurity class taken in 2023. The deliverable for the project was a penetration test report for Rekall’s Web app, linux server, and windows server. Split into 3 days, the CTF on day 1 was a pen test on Rekall’s web app, day 2 was targetting the linux servers, and day 3 targetting Windows. Although this “CTF” was only conducted within Rekall’s domain, it was split into 3 actual separate CTFS for the class, by day. As such, it has been split into 3 here on the site as well.
Day 1 of the CTF consisted of pentesting their webapp. Although I will not go into extreme detail or a step by step walkthrough of the CTF (as I am sure this is a likely recycled project for other Cybersecurity classes, and would not want to spoil or give all information out on it), I will touch on some of the key elements from Day 1, and the delivered pen test report may be available upon request.
Some of the key vulnerabilities that were discovered:
There were a total of 15 flags for this CTF, of which my group was able to find 11 of them during the time alloted for Day 1. Some of the input fields on the site did have some what of protection against injection and XSS attacks, but with a little persistence, other methods were able to get around the method of input validation being used. I must say that I was not very confident in these methods of attacks, which led to a rough start for the group. Overall, this was a great project to learn my weaknesses with this forms of attacks.
See CTF 2 Here