Writeup CSAW 2017 LittleQuery - 200

Problems LittleQuery I've got a new website for BIG DATA analytics! http://littlequery.chal.csaw.io POC Di source code pada halaman index kita bisa menemukan ada source yang di comment <!-- <div class="col-md-4"> <h2>For Developers</h2> <p>Check out our <a href="/api/db_explore.php">API</a></p> </div> --> kita...

Writeup final beefest 2017

Logic ssh 10.22.130.222:22 username : user1 pass : user1 read source code di /home/binex1/binex1.cpp binary ada di /home/binex1/binex1 Hint : System Variable Hint : Use $PATH Environment POC kita bisa manfaatin $PATH Environment untuk mengelabui program binex1.cpp yang memanggil system("id")...

SecurityFest2017 - Underconstruction

Problems Under Construction! Please protect your head, wear a hardhat. Solves: 12 Service: http://web.ctf.rocks:8080 Author: Kits / weckzen Writeup at this web challenges we can read in the source code at root path <!-- I don't know the status of...

SecurityFest2017 - Freddy Vs JSON

Problem Can you hack my friends facebook? no? what about this then? Solves: 19 Service: http://52.208.132.198:2999/ Author: avlidienbrunn Writeup First impression i thought that was SQL Injection challenges to get into login bypass but after a while i just figure...

SecurityFest2017 - A Temple Jest

Problems The target are setting up their intranet communication service. Hack it before they are done! Solves: 52 Service: http://alieni.se:3003/ Author: avlidienbrunn Writeup This web app using node and expressjs framework too we can read package.json { name: "atemplejest", version:...