Web [475 pts] Description: All files are included. Source code is the key. When we first visit the website, we see that there is an input for URLs and that this renders the HTML content below: After trying several PHP attack methods to try to get a foothold, using localhost:8080 provided the source code for… Continue reading Chain Race →
Web [300 pts] Description: cache all the things (this is python3) This challenge provides us with source code: We see that their server is using Redis for caching and flask_caching library. Looking at the form, we see that each input is treated as a key (title) and value (content). Looking into the cache functions, I… Continue reading flask_caching →
Forensics [100 pts] Description: We got hacked! Can you see what they took? We are given a pcap file, when analyzing it, we see that it is full of ICMP information. Looking at the first packet, we see that it is the beginning of a PNG header: The last packet also contains an IEND, which… Continue reading Incredibly Covert Malware Procedures →
Web [250 pts] Description: Check out our new sticky note website! We are given two endpoints for this challenge. I found an unintended solution for this challenge so I will be discussing how happened.. http://one.jh2i.com:50020 – Where we create an account http://one.jh2i.com:50039 – Where we can link our account from :50020 via OAuth and create… Continue reading Note Surfer →
Web [150 pts] Description: Check out the coolest web templates online! When we first visit the site we are greeted with a normal dashboard and seems to use a template engine. So we know our exploit will involve templates. One useful information is the JWT, when decoded, gives this: So we know it is using… Continue reading Template Shack →
Something went wrong. Please refresh the page and/or try again.