A research on generating CodeQL database for close-sourced applications

Motivation I adore CodeQL a lot despite the fact that I have only been working with it for less than 3 months. It's so powerful at analyzing applications and it can save a tremendous amount time doing code review. However, nothing is perfect. There are a few downsides of CodeQL. First, it only works when … Continue reading A research on generating CodeQL database for close-sourced applications

BambooFox CTF 2021 Writeup

Man, I suck. For the first time, I've decided to actually include the challenge files. Hope the organizers don't DMCA me. Calc.exe Online (Web) http://chall.ctf.bamboofox.tw:13377 author: splitline Solution They gave us the source code, yay. http://chall.ctf.bamboofox.tw:13377/?source <?php error_reporting(0); isset($_GET['source']) && die(highlight_file(__FILE__)); function is_safe($query) { $query = strtolower($query); preg_match_all("/([a-z_]+)/", $query, $words); $words = $words[0]; $good = … Continue reading BambooFox CTF 2021 Writeup

Two easy problems from GrimmCon CTF

Competition Info https://grimmcon.ctf.games The website seems permanent down. Fruitify (Web) Description Come grab a tasty freshly made juice, they are delicious Solution Based on the title, I originally thought it's gonna be MongoDB as mango sounds similar to mongo and is a fruit. I clicked around and did not find much, so I clicked the … Continue reading Two easy problems from GrimmCon CTF

Pico Mini CTF 2020 Writeup

This will be the write up for 3 out of 5 problems in the recently concluded Picomini CTF 2020. 'Web Gauntlet' from Web category, 'OPT' from Reverse category, and 'Guessing Game 1' from Binary Exploitation category. Web Gauntlet (Web) Challenge Description Can you beat the filters? Log in as admin http://jupiter.challenges.picoctf.org:29164/ http://jupiter.challenges.picoctf.org:29164/filter.php Hints: You are … Continue reading Pico Mini CTF 2020 Writeup

OverTheWire Natas Write-Up (Part 3)

Introduction Natas is a web challenge series from OverTheWire. https://overthewire.org/wargames/natas/ User needs to get password to advance to next level. The password file is located in /etc/natas_webpass directory, only the correspond user can read the current and next level's password. This write up will show the necessary steps to get password. Natas 18 Source: <html> … Continue reading OverTheWire Natas Write-Up (Part 3)