HackTheBox - Machines Soccer image

HackTheBox - Machines Soccer

Date: 15/08/2023

login using default credentials: admin: admin@123 from https://github.com/prasathmani/tinyfilemanager upload simple php reverse shell and get shell as www-data...

Reading Time: 1 minutes

protected

HackTheBox - Challenges EasterBunny image

HackTheBox - Challenges EasterBunny

Date: 07/08/2023

This post is password protected, description is not available

Reading Time: 2 minutes

protected

HackTheBox - Challenges No-Threshold image

HackTheBox - Challenges No-Threshold

Date: 09/12/2023

This post is password protected, description is not available

Reading Time: 1 minutes

HackTheBox - Challenges Breaking Grad image

HackTheBox - Challenges Breaking Grad

Date: 01/11/2023

A file that particularly stands out is...

Reading Time: 2 minutes

HackTheBox - Challenges WS-Todo image

HackTheBox - Challenges WS-Todo

Date: 30/11/2023

The functionality is very simple, you can either get or add todos...

Reading Time: 3 minutes

protected

HackTheBox - Challenges ApacheBlaze image

HackTheBox - Challenges ApacheBlaze

Date: 01/11/2023

This post is password protected, description is not available

Reading Time: 2 minutes

protected

HackTheBox - Challenges Prying Eyes image

HackTheBox - Challenges Prying Eyes

Date: 10/12/2023

This post is password protected, description is not available

Reading Time: 2 minutes

HackTheBox - Challenges Saturn image

HackTheBox - Challenges Saturn

Date: 03/11/2023

I very simple flask app is all this challenge is. We can immidieitly spot a kind of SSRF as a service vulnerability. And the flag is retrieved by /secret if the request is coming from localhost. Ok then what prevents us from using the ssrf to request /secret, get the flag and get done with it?...

Reading Time: 4 minutes

My Android Pentesting Setup image

My Android Pentesting Setup

Date: 31/05/2024

Initialize waydroid and allow it to download the latest Lineage OS SDK + GAPPS (Google services)...

Reading Time: 3 minutes

CCSC 2022 image

CCSC 2022

Date: 17/05/2022

year I could't make it in to the top 10. This year though I wanted to change that! Read until the end to see what happened....

Reading Time: 9 minutes

Wizer CTF 2024 All Challenges image

Wizer CTF 2024 All Challenges

Date: 08/02/2024

Last week I was able to participate at a wonderful CTF organized over at Wizer. This CTF consisted of 6 web challenges in varying difficulty where participants were challenged to a Blitz speed-hacking competition of who can solve the most in 6 hours very generous prizes for the top 3....

Reading Time: 22 minutes

N00bz CTF 2024 writeups image

N00bz CTF 2024 writeups

Date: 05/08/2024

Above we can see a small program that asks the user to calculate answers of adding two random numbers. The user is asked to choose the number of questions he wants to answer and is awarded with the respective number of characters of the flag. However since there is an exponential delay due to pow(2,i), the classical approach of an automated solver would take too long. The smart thing to do here is to use the negative indexing feature of...

Reading Time: 9 minutes

CCSC 2023 Forgotten Classes image

CCSC 2023 Forgotten Classes

Date: 16/07/2023

This is an old API for a classroom application that is no longer used due to the AI takeover. Inside information states the API is still available and is connected to the AIs internal infrastructure. Can you can hack it and read any hidden secrets on the root / path of the server?...

Reading Time: 5 minutes

CCSC 2023 Secret Prompt image

CCSC 2023 Secret Prompt

Date: 21/07/2023

We believe the machines came up with their own mechanism to keep humans out. Deceive the machines. Make them believe you are one of them and retrieve...

Reading Time: 4 minutes

CCSC 2023 Shellhunting image

CCSC 2023 Shellhunting

Date: 21/07/2023

One of the generals of the AI-sponsored government left his house unlocked while he was going to the beach. Ava spotted the powered on computer, and managed to intercept the traffic from an unknown application....

Reading Time: 5 minutes