Type: #WEB #whitebox Difficulty: #easy SOLVED by: #myself TOOL USED: #burp #devtools TOPIC: #cache #docker Writeup Date: 2025-01-30 URL = https://app.hackthebox.com/challenges/CDNio the challenge description Race against time! Tweak CDN and caching magic to make web pages load at lightning speed. Minimize cache misses and watch your load times drop! LAB SETUP the necessary files too play can be downloaded from official source here zip password: hackthebox so using docker we can run it locally after the first run of sudo ....
Type: #WEB #whitebox Difficulty: #easy SOLVED by: #myself TOOL USED: #burp TOPIC: #command_injection Writeup Date:2024-07-27 URL = https://00b46582d765094ac90bb4db.deadsec.quest/bing.php the challenge description source code was provide through linkon discord first let’s see the website i clicked on CTRL-U to see sourcecode of the page no functionality was found so i looked at the sourcecode provided found dockers file and fake lag to run the challenge locally but the interesting thing we found bing....
Type: #WEB #whitebox Difficulty: #easy SOLVED by: #myself TOOL USED: docker redis burpsuite TOPIC: prototype pollution Writeup Date:2023-10-01 URL = https://ctf.maplebacon.org/instances the challenge description we have source code so we can see what happening in the backend + we can run our docker container instead of trying to solve with 10 min time window before the instance shutdown uznip blade-runner.zip to extract the src index.js import some js stuff and import ....
Type: #WEB #whitebox Difficulty: #easy SOLVED by: # TOOL USED: # TOPIC: # Writeup Date:2023-09-22 URL = 45.147.231.180:8000 the challenge description we need read next.txt but file is blocked and we cannot escape it by some sort of fILe or anything like that but the x parameter is append to curl curl has unique feature if u look at the man page so u can use some sort of regex without adding flag to curl http://45....
Wanictf-Writeup https://ctftime.org/event/1988 https://wanictf.org/ https://score.wanictf.org/#/challenge gutyxqfmisxzpjedke@bbitj.com jobarainosd
WALKTHROUGH
[[hackinghub.io]] Hubs - Virtual Host Basics Type: #WEB #blackbox Difficulty: #easy SOLVED by: #myself TOOL USED: #gobuster #host #feroxbuster TOPIC: #api #vhost Writeup Date:2023-09-20 URL = *.nzkh4v4n.ctfio.com the challenge description $ rustscan -a www.nzkh4v4n.ctfio.com --ulimit 5000 .----. .-. .-. .----..---. .----. .---. .--. .-. .-. | {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| | | .-. \| {_} |.-._} } | | ....
Type: #WEB #blackbox Difficulty: #medium SOLVED by: #writeup TOOL USED: #burp #devtools Writeup Date:2023-09-18 URL = http://web.csaw.io:14180/web/home i couldn’t solve this challenge myself so here is my attempt tries solving it and the solution. and i will reference the writeup at the end of this the challenge description upon visiting the challenge url WE SEE login and register functionality. hit ctrl+u we view source page we see js file that react....
https://github.com/ubcctf/maple-ctf-2023-public
type: #WEB #blackbox difficulty: #easy SOLVED by: #myself and biogenisis writeup on how we– aced first blood on one-for-all challenge patriotCTF 2023 was rated easy in first but later PatriotCTF Rated it hard as u can see in the screenshot the challenge the first thing we see is a field require from us a username as any fellow hacker i typed the normal thing and hit the big button No such user exists (keep that in mine)...