Intentions

Hack The Box. Linux. Hard machine

19 minutes to read

This machine has a website with an API that is vulnerable to second-order SQLi. Then, there is an authentication mechanism that just requires the password hash, so we can take a hash from the dumped database and log in as an administrator. Then, there is a vulnerability involving PHP and ImageMagick that leads to RCE. Once in the machine, we can pivot to user greg by analyzing a Git repository and finding plaintext credentials. After that, we are allowed to run a custom binary that hashes a given length of a file and compares the result with a set of pre-computed MD5 hashes. This binary has a capability that allows to read files as root, which can be used to extract all the contents of any file after automating the process, which allows to read an SSH private key for root

Impossible Password

Hack The Box. Challenges. Reversing

3 minutes to read

Key written in a binary. Bypassing with GDB

Templated

Hack The Box. Challenges. Web

1 minute to read

Flask. Server-Side Template Injection. RCE

Bad JWT

SECCON CTF Quals 2023

5 minutes to read

Node.js. JWT. Prototype Pollution

plai_n_rsa

SECCON CTF Quals 2023

2 minutes to read

RSA. Euler totient function

RSA 4.0

SECCON CTF Quals 2023

4 minutes to read

RSA. Quaternions. GCD

readme 2023

SECCON CTF Quals 2023

4 minutes to read

Directory Traversal. Symbolic links. File descriptors

rop-2.35

SECCON CTF Quals 2023

7 minutes to read

64-bit binary. Buffer Overflow. ROP

Sickle

SECCON CTF Quals 2023

17 minutes to read

pickle. RSA. CBC mode

Share

HITCON CTF Quals 2023

8 minutes to read

Shamir Secret Sharing. Lagrange interpolation. Chinese Remainder Theorem. multiprocessing

Careless Padding

HITCON CTF Quals 2023

28 minutes to read

Padding Oracle Attack. Custom padding. Guessing