Introduction File inclusion and directory traversal is always chained together. Depends on the application those vulnerabilities can do different damages. From file disclosure to code execution. Methodology I always check for file inclusion when I see those URLs: http://localhost/?page=home, or the parameter is file or filename, you get the idea. I first check if home.php … Continue reading File Inclusion and Directory Traversal, what files to look at? Linux Edition

So I only did some problems, most of then being web challenges. I had to take my OSCP exam so didn't spend too much time on this CTF. I mean I don't spend much time on all CTFs anyway. Misc Pseudo Challenge Description Someone here has special powers… but who? And how!?Connect here:ssh -p 50014 … Continue reading HacktivityCon CTF 2020 Writeup.

The same write should also be up on the Pwnie Island's team blog. Challenge address, https://2020.redpwn.net/challs So we were given two links, the first link lead us to a page where we can send urls to admin so the admin can check our message, the second link is like a static pastebin page which allows … Continue reading Redpwn CTF 2020 – Web Pastebin challenge writeup