CyberSpace24 - Trendz
To solve the “Trendz” CTF challenge, exploit JWT token validation and secret key exposure. By accessing the /static endpoint to retrieve the JWT secret, craft a valid token with the “admin” role to view the hidden post and obtain the flag.
CyberSpace24 - Trendzz
The challenge demonstrated a race condition vulnerability in post creation due to non-atomic operations. This allowed concurrent requests to bypass post limits. Key lessons include ensuring atomic operations, reviewing code for vulnerabilities, and using automated scripts for testing.
CyberSpace24 - Feature Unlocked
In this CTF challenge, we exploited a web app’s validation mechanism by setting a custom validation server with debug mode enabled. This allowed us to bypass feature access controls and perform Remote Code Execution (RCE) to retrieve the flag.
SEKAI 24 - Funny Lfr
The article explains exploiting a race condition in a Starlette app to bypass os.stat checks, using symlinks, and ultimately retrieving the flag from /proc/self/environ.
SEKAI 24 - Intruder
Challenge Description name: Intruder category: web exploitation points: 100pts solves: 89 solves I just made a book library website! Let me know what you think of it! Note: Due to security issue, you can’t add a book now. Please come by later! Solution We are given the following web page: The application is built using ASP.NET Core, which is a cross-platform framework for developing dynamic, high-performance web solutions. You can read more here...
IdekCTF 24 - Hello
Challenge Description name: hello category: web exploitation points: 136 ctf-date: Aug 17th, 2024 Just to warm you up for the next Fight :“D Note: the admin bot is not on the same machine as the challenge itself and the .chal.idek.team:1337 URL should be used for the admin bot URL Challenge Analysis We’re given two links and a source code for the admin bot. challenge link: http://idek-hello.chal.idek.team:1337 admin bot link: https://admin-bot.idek.team/idek-hello Since the admin bot is not on the same machine as the challenge, we should expect that the flag will be retrieved using a technique like XSS, CSRF…etc...
LITCTF24 - Traversed
Challenge Description name: traversed category: web points: 123 I made this website! you can’t see anything else though… right?? URL: http://litctf.org:31778/ Solution Based on the name of the challenge, I can feel a path traversal vulnerability looming around lol, anyway, let’s check the website: As we can see, nothing is in the page, the hint though lies within the url bar, let’s check if can traverse the the filesystem and reveal the contents of /etc/passwd....
LITCTF24 - Jwt 2
Challenge Description name: jwt-2 category: web points: 117 its like jwt-1 but this one is harder URL: http://litctf.org:31777/ Solution The description is very clear, the vulnerability should be in how the signature is handled, but instead of no verification at all, we should expect something harder this time. My first hunch tells me to brute force the key used to generate the jwt token, but we’re actually given the source code....
LITCTF24 - Jwt 1
Challenge Description name: jwt-1 category: web points: 111 I just made a website. Since cookies seem to be a thing of the old days, I updated my authentication! With these modern web technologies, I will never have to deal with sessions again. Come try it out at http://litctf.org:31781/. Solution We are presented with this interface If we hit GET FLAG, we see a simple unauthorized message, and since the challenge’s name is jwt-1, it’s likely that we have to bypass the authorization mechanism put in place by the developers of this application....
LITCTF24 - Anti Inspect
Challenge Description name: anti-inspect category: web exploitation points: 109 can you find the answer? WARNING: do not open the link your computer will not enjoy it much. URL: http://litctf.org:31779/ Hint: If your flag does not work, think about how to style the output of console.log Solution Since the challenge warns us against opening the link on our browser, I assumed there is some kind of infinite loop inside the script tag....