bi0s

Notepad Series - InCTF Internationals 2021

Web Exploitation

tl;dr

Notepad 1 - Use Set-Cookie header to get XSS on the Admin
Notepad 1.5 - CRLF on the name parameter of Golang’s Header().Set() method
Notepad 2 - Xsleaks using Timing-Allow-Origin header

InCTFi CRLF XSS Xsleaks

Ancient House - InCTF Internationals 2021

tl;dr

Jemalloc heap challenge
A buggy implementation of strncat in merge allows for an overwrite onto the next region

InCTFi Exploitation Linux Heap Jemalloc

Vuln Drive - InCTF Internationals 2021

tl;dr

/source to get the source
Access local host from dev_test using SSRF
SQLI to get the flag path a nd LFI to get the flag

InCTFi SSRF LFI SQLI

DeadlyFastGraph - InCTF Internationals 2021

tl;dr

Arbitrary type confusion in DFG JIT
Bug eliminates a single CheckStructure node

InCTFi Exploitation Browser Safari

Json Analyser - InCTF Internationals 2021

Web Exploitation

tl;dr

Json_Interoperability - /verify_roles?role=supersuperuseruser\ud800","name":"admin
Prototype_Pollution - {"constructor":{"prototype":{"test":"123"}}} in config-handler

InCTFi Prototype_Pollution Json_Interoperability

MD-Notes - InCTF Internationals 2021

Yadhu Krishna M

Web Exploitation

tl;dr

Leak admin’s hash using wildcard target origin in postMessage or by calculating sha256('').
Create an XSS payload to read /api/flag and send it to attacker server.

InCTFi XSS JavaScript

Billu_Box_1 - VulnHub VM Challenge

Pentest / VulnHub

tl;dr

LFI(Local File Inclusion) Using Hackbar plugin.

WriteUp Vulnhub Billu Box 1

unknowndevice64 - Vulnhub VM Challenge

Pentest / Vulnhub

tl;dr

Steghide
Restricted Shell

Write up Vulnhub VM Challenge unknowndevice64

Nullbyte - VulnHub VM Challenge

Pentest / VulnHub

tl;dr

Reading meta data using Exiftool.
Using sqlmap to get Password hash.

WriteUp Vulnhub Nullbyte

Stapler1 - Vulnhub VM Challenge

Pentest / Vulnhub

tl;dr

Local File Inclusion

Write up Vulnhub VM Challenge Stapler 1

8 / 19