Competition Info https://grimmcon.ctf.games The website seems permanent down. Fruitify (Web) Description Come grab a tasty freshly made juice, they are delicious Solution Based on the title, I originally thought it's gonna be MongoDB as mango sounds similar to mongo and is a fruit. I clicked around and did not find much, so I clicked the … Continue reading Two easy problems from GrimmCon CTF

My team (just me, my teammate is having his final) solved 3 problems in the recent concluded b00t2r00t CTF, the event didn't have many participants but the challenges are fairly good. On a scale of 10 in difficulty, it's probably around 3. The three problems I solved are two web challenges and one pwn challenge. … Continue reading b00t2r00t 2020 CTF Writeup

This will be the write up for 3 out of 5 problems in the recently concluded Picomini CTF 2020. 'Web Gauntlet' from Web category, 'OPT' from Reverse category, and 'Guessing Game 1' from Binary Exploitation category. Web Gauntlet (Web) Challenge Description Can you beat the filters? Log in as admin http://jupiter.challenges.picoctf.org:29164/ http://jupiter.challenges.picoctf.org:29164/filter.php Hints: You are … Continue reading Pico Mini CTF 2020 Writeup

Introduction Natas is a web challenge series from OverTheWire. https://overthewire.org/wargames/natas/ User needs to get password to advance to next level. The password file is located in /etc/natas_webpass directory, only the correspond user can read the current and next level's password. This write up will show the necessary steps to get password. Natas 18 Source: <html> … Continue reading OverTheWire Natas Write-Up (Part 3)

Introduction Natas is a web challenge series from OverTheWire. https://overthewire.org/wargames/natas/ User needs to get password to advance to next level. The password file is located in /etc/natas_webpass directory, only the correspond user can read the current and next level's password. This write up will show the necessary steps to get password. Natas 10 They say … Continue reading OverTheWire Natas Write-Up (Part 2)

Introduction Natas is a web challenge series from OverTheWire. https://overthewire.org/wargames/natas/ User needs to get password to advance to next level. The password file is located in /etc/natas_webpass directory, only the correspond user can read the current and next level's password. This write up will show the necessary steps to get password. Natas 0 Check source … Continue reading OverTheWire Natas Write-up (Part 1)

This will be my solution on the recent concluded N1CTF's easiest web challenge 'websign' which I couldn't even solve during the competition. I normally wouldn't bother post a blog but this time I felt I really had it in my hand and want to try again with the assistance of some writeups. Enjoy and hope … Continue reading N1CTF: Web Sign-in and Beyond

widthless (Web) Challenge Description Welcome to web! Let's start off with something kinda funky 🙂 http://web.chal.csaw.io:5018 Solution First, go to the actual website. Nothing looks special, next I checked source-code and found there is a comment saying something about "zwsp". After some researching, "zwsp" stands for "Zero-Width-Space", essentially some unicode characters which do not appear … Continue reading CSAWCTF 2020 Qualification Round Writeup

So Google CTF has concluded, and I was reading writeups for web challenges and hoping I can learn something new since I did not put too much time into it. Then I came across the challenge 'log-me-in'. It was an easy challenge, but I had some questions while read writeups for this one. Essentially the … Continue reading Post Google CTF Reflection

Introduction File inclusion and directory traversal is always chained together. Depends on the application those vulnerabilities can do different damages. From file disclosure to code execution. Methodology I always check for file inclusion when I see those URLs: http://localhost/?page=home, or the parameter is file or filename, you get the idea. I first check if home.php … Continue reading File Inclusion and Directory Traversal, what files to look at? Linux Edition