This will be my solution on the recent concluded N1CTF's easiest web challenge 'websign' which I couldn't even solve during the competition. I normally wouldn't bother post a blog but this time I felt I really had it in my hand and want to try again with the assistance of some writeups. Enjoy and hope … Continue reading N1CTF: Web Sign-in and Beyond
widthless (Web) Challenge Description Welcome to web! Let's start off with something kinda funky 🙂 http://web.chal.csaw.io:5018 Solution First, go to the actual website. Nothing looks special, next I checked source-code and found there is a comment saying something about "zwsp". After some researching, "zwsp" stands for "Zero-Width-Space", essentially some unicode characters which do not appear … Continue reading CSAWCTF 2020 Qualification Round Writeup
A pretty good CTF event. I only did the easiest problems in web, reverse, bash, and forensic category. Writeups Jailoo Warmup (Web) Challenge Description Get the flag in FLAG.PHP . link Author: HERA Solution Source code is given, included in the appendix section. Before navigating to the website, I took a look at the source … Continue reading Fword CTF Writeup
So Google CTF has concluded, and I was reading writeups for web challenges and hoping I can learn something new since I did not put too much time into it. Then I came across the challenge 'log-me-in'. It was an easy challenge, but I had some questions while read writeups for this one. Essentially the … Continue reading Post Google CTF Reflection
Introduction File inclusion and directory traversal is always chained together. Depends on the application those vulnerabilities can do different damages. From file disclosure to code execution. Methodology I always check for file inclusion when I see those URLs: http://localhost/?page=home, or the parameter is file or filename, you get the idea. I first check if home.php … Continue reading File Inclusion and Directory Traversal, what files to look at? Linux Edition
So I only did some problems, most of then being web challenges. I had to take my OSCP exam so didn't spend too much time on this CTF. I mean I don't spend much time on all CTFs anyway. Misc Pseudo Challenge Description Someone here has special powers… but who? And how!?Connect here:ssh -p 50014 … Continue reading HacktivityCon CTF 2020 Writeup.
The same write should also be up on the Pwnie Island's team blog. Challenge address, https://2020.redpwn.net/challs So we were given two links, the first link lead us to a page where we can send urls to admin so the admin can check our message, the second link is like a static pastebin page which allows … Continue reading Redpwn CTF 2020 – Web Pastebin challenge writeup