i love cat
Profile

i love cat

as3617

tag guest post manage
search menu

Real World CTF 4th - web writeup

대회가 끝나고 나서 바로 놀러가서 이제야 라업을 올린다. Hack into skynet #!/usr/bin/env python3 import flask import psycopg2 import datetime import hashlib from skynet import Skynet app = flask.Flask(__name__, static_url_path='') skynet = Skynet() def skynet_detect(): req = { 'method': flask.request.method, 'path': flask.request.full_path, 'host': flask.request.headers.get('host'), 'content_type': flask.request.headers..
ctf writeup · 2022. 1. 30. 18:36

Log4j2 vulnerability analysis

보호되어 있는 글입니다.
CVE Analysis · 2021. 12. 14. 14:37

m0leconCTF 2021 final web writeup

I'm sorry for writing only the exploit and scenario because I don't have enough time. filesharing #scenario 1. upload javascript file 2. share admin 3. xss in /play 4. bypass csp via error page 5 inject script into error pageexploit.js a = window.open('/' + 'x'.repeat(4100)); setTimeout(function() { a.document.body.innerHTML = ``; }, 1000);" payload https://filesharing.m0..
ctf writeup · 2021. 12. 4. 20:34

HK CERT CTF 2021 writeup - WEB

Squirrel Community 1 http://chalf.hkcert21.pwnable.hk:28062/chat/user?id=323079825'sql injection이 터진다. http://chalf.hkcert21.pwnable.hk:28062/chat/user?id=3230%20or%201where 뒤를 true로 만들면 플래그를 얻을 수 있다. FLAG : hkcert21{squirrels-or-1-or-2-or-3-and-you}babyxss 그냥 xss하면 된다. FLAG : hkcert21{zOMG_MY_KEYBOARD_IS_BROKEN_CANNOT_TURN_OFF_CAPSLOCK111111111}babyuxss bot url만 준다. javascript scheme 쓰면 된다...
ctf writeup · 2021. 11. 14. 21:04

CyberGuardians CTF all writeup

보호되어 있는 글입니다.
ctf writeup · 2021. 11. 10. 16:58

Hack.lu CTF 2021 - web writeup

bookmarker payload trading_api payload payload : ||(select%20flag%20from%20flag)|| nodenb race condition create note with random=1 and immediately post /deleteme then access /notes/flag diamondsafe public static function prepare($query, $args){ if (is_null($query)){ return; } if (strpos($query, '%') === false){ error('%s not included in query!'); return; } // get args $args = func_get_args(); ar..
ctf writeup · 2021. 10. 31. 22:44

asis ctf 2021 - web writeup

ASCII art as a service jpg파일이 있는 url을 넘겨주면 ascii art로 변환해서 보여주는 사이트다. 코드를 확인해보면 setTimeout(()=>{ try{ const output = childProcess.execFileSync("timeout",["2","jp2a",...url]) fs.writeFileSync(outputFileName,output.toString()) fs.writeFileSync(reqFileName,[reqToken,req.session.id,outputFileName].join('|')) } catch(e){ fs.writeFileSync(reqFileName,[reqToken,req.session.id,"Something bad happened!"]..
ctf writeup · 2021. 10. 25. 23:10

2021 Whitehat Contest Finals web writeup

보호되어 있는 글입니다.
ctf writeup · 2021. 10. 10. 15:11
Close

티스토리툴바