Type: #WEB #whitebox Difficulty: #easy SOLVED by: #myself TOOL USED: #burp TOPIC: #command_injection Writeup Date:2024-07-27 URL = https://00b46582d765094ac90bb4db.deadsec.quest/bing.php the challenge description source code was provide through linkon discord first let’s see the website i clicked on CTRL-U to see sourcecode of the page no functionality was found so i looked at the sourcecode provided found dockers file and fake lag to run the challenge locally but the interesting thing we found bing....
Type: #WEB #whitebox Difficulty: #easy SOLVED by: #myself TOOL USED: docker redis burpsuite TOPIC: prototype pollution Writeup Date:2023-10-01 URL = https://ctf.maplebacon.org/instances the challenge description we have source code so we can see what happening in the backend + we can run our docker container instead of trying to solve with 10 min time window before the instance shutdown uznip blade-runner.zip to extract the src index.js import some js stuff and import ....
Type: #WEB #whitebox Difficulty: #easy SOLVED by: # TOOL USED: # TOPIC: # Writeup Date:2023-09-22 URL = 45.147.231.180:8000 the challenge description we need read next.txt but file is blocked and we cannot escape it by some sort of fILe or anything like that but the x parameter is append to curl curl has unique feature if u look at the man page so u can use some sort of regex without adding flag to curl http://45....
Wanictf-Writeup https://ctftime.org/event/1988 https://wanictf.org/ https://score.wanictf.org/#/challenge gutyxqfmisxzpjedke@bbitj.com jobarainosd
WALKTHROUGH
[[hackinghub.io]] Hubs - Virtual Host Basics Type: #WEB #blackbox Difficulty: #easy SOLVED by: #myself TOOL USED: #gobuster #host #feroxbuster TOPIC: #api #vhost Writeup Date:2023-09-20 URL = *.nzkh4v4n.ctfio.com the challenge description $ rustscan -a www.nzkh4v4n.ctfio.com --ulimit 5000 .----. .-. .-. .----..---. .----. .---. .--. .-. .-. | {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| | | .-. \| {_} |.-._} } | | ....
Type: #WEB #blackbox Difficulty: #medium SOLVED by: #writeup TOOL USED: #burp #devtools Writeup Date:2023-09-18 URL = http://web.csaw.io:14180/web/home i couldn’t solve this challenge myself so here is my attempt tries solving it and the solution. and i will reference the writeup at the end of this the challenge description upon visiting the challenge url WE SEE login and register functionality. hit ctrl+u we view source page we see js file that react....
https://github.com/ubcctf/maple-ctf-2023-public
type: #WEB #blackbox difficulty: #easy SOLVED by: #myself and biogenisis writeup on how we– aced first blood on one-for-all challenge patriotCTF 2023 was rated easy in first but later PatriotCTF Rated it hard as u can see in the screenshot the challenge the first thing we see is a field require from us a username as any fellow hacker i typed the normal thing and hit the big button No such user exists (keep that in mine)...
type: #WEB #whitebox difficulty: #easy SOLVED by: #writeup The challenge statement contains a Unix command, which means the following. Create 2gb.txt and write 2 GiB (2147483648 bytes) of random data dd if=/dev/random of=2gb.txt bs=1M count=2048 Append the contents of flag.txt to the end of 2gb.txt cat flag.txt >> 2gb.txt Delete flag.txt rm flag.txt So we can see that the first 2 GiB of 2gb.txt is random data and the flag is at the end....