Solving SaaS from ImaginaryCTF 2021

Posted on Tue 27 July 2021 in CTF by 0xm4v3rick • Tagged with webappsec, writeup, linux, bypass

CTF challenge based on sed linux utility.


Continue reading

Solving Apollo 1337 from San Diego CTF 2021

Posted on Mon 10 May 2021 in CTF by 0xm4v3rick • Tagged with webappsec, enumeration, writeup, API

CTF challenge all based on enumeration and troubleshooting.


Continue reading

Solving Cascade from csictf CTF 2020

Posted on Wed 22 July 2020 in CTF by 0xshrimantyogi • Tagged with webappsec, Source code enumeration, writeup

Source code enumeration to capture the flag.


Continue reading

Solving Oreo from csictf CTF 2020

Posted on Wed 22 July 2020 in CTF by 0xshrimantyogi • Tagged with webappsec, Cookie Manipulation, writeup

Cookie manipulation attack to retrieve flag.


Continue reading

Solving WarmUp from csictf CTF 2020

Posted on Wed 22 July 2020 in CTF by 0xshrimantyogi • Tagged with webappsec, PHP Type Juggling, writeup

Exploiting PHP Type Juggling issue by supplying magic hash via GET variable


Continue reading

Solving dorsia2 from WPICTF CTF 2020

Posted on Mon 20 April 2020 in CTF by 0xm4v3rick • Tagged with webappsec, file read, writeup, lfi

Local File Inclusion (LFI) in the code C code supplementing the web server.


Continue reading

Solving autograder from WPICTF CTF 2020

Posted on Mon 20 April 2020 in CTF by 0xm4v3rick • Tagged with webappsec, file read, writeup

Challenge involving application allowing C code compilation which could be exploited to read files.


Continue reading

Solving Screenshoter from FireShell CTF 2020

Posted on Mon 23 March 2020 in CTF by 0xm4v3rick • Tagged with webappsec, phantomjs, file read, writeup

Challenge based on CVE-2019-17221 - arbitrary file read in PhantomJS through 2.1.1.


Continue reading

Solving URL to PDF from FireShell CTF 2020

Posted on Mon 23 March 2020 in CTF by 0xm4v3rick • Tagged with webappsec, PDF generators, file read, writeup

Challenge based on the talk Owning the clout through SSRF and PDF generators.


Continue reading

Solving Chatt with Bratt from UTCTF 2020

Posted on Mon 09 March 2020 in CTF by 0xm4v3rick • Tagged with webappsec, XSS, writeup

Challenge included simple Stored XSS to steal cookies in a chat application.


Continue reading