CyberSpace24 - Trendz

To solve the “Trendz” CTF challenge, exploit JWT token validation and secret key exposure. By accessing the /static endpoint to retrieve the JWT secret, craft a valid token with the “admin” role to view the hidden post and obtain the flag.

September 2, 2024 · 7 min · hxuu

CyberSpace24 - Trendzz

The challenge demonstrated a race condition vulnerability in post creation due to non-atomic operations. This allowed concurrent requests to bypass post limits. Key lessons include ensuring atomic operations, reviewing code for vulnerabilities, and using automated scripts for testing.

September 2, 2024 · 5 min · hxuu

CyberSpace24 - Feature Unlocked

In this CTF challenge, we exploited a web app’s validation mechanism by setting a custom validation server with debug mode enabled. This allowed us to bypass feature access controls and perform Remote Code Execution (RCE) to retrieve the flag.

September 2, 2024 · 8 min · hxuu

SEKAI 24 - Funny Lfr

The article explains exploiting a race condition in a Starlette app to bypass os.stat checks, using symlinks, and ultimately retrieving the flag from /proc/self/environ.

August 30, 2024 · 4 min · hxuu

SEKAI 24 - Intruder

Challenge Description name: Intruder category: web exploitation points: 100pts solves: 89 solves I just made a book library website! Let me know what you think of it! Note: Due to security issue, you can’t add a book now. Please come by later! Solution We are given the following web page: The application is built using ASP.NET Core, which is a cross-platform framework for developing dynamic, high-performance web solutions. You can read more here...

August 27, 2024 · 6 min · hxuu

IdekCTF 24 - Hello

Challenge Description name: hello category: web exploitation points: 136 ctf-date: Aug 17th, 2024 Just to warm you up for the next Fight :“D Note: the admin bot is not on the same machine as the challenge itself and the .chal.idek.team:1337 URL should be used for the admin bot URL Challenge Analysis We’re given two links and a source code for the admin bot. challenge link: http://idek-hello.chal.idek.team:1337 admin bot link: https://admin-bot.idek.team/idek-hello Since the admin bot is not on the same machine as the challenge, we should expect that the flag will be retrieved using a technique like XSS, CSRF…etc...

August 18, 2024 · 7 min · hxuu

LITCTF24 - Traversed

Challenge Description name: traversed category: web points: 123 I made this website! you can’t see anything else though… right?? URL: http://litctf.org:31778/ Solution Based on the name of the challenge, I can feel a path traversal vulnerability looming around lol, anyway, let’s check the website: As we can see, nothing is in the page, the hint though lies within the url bar, let’s check if can traverse the the filesystem and reveal the contents of /etc/passwd....

August 13, 2024 · 1 min · hxuu

LITCTF24 - Jwt 2

Challenge Description name: jwt-2 category: web points: 117 its like jwt-1 but this one is harder URL: http://litctf.org:31777/ Solution The description is very clear, the vulnerability should be in how the signature is handled, but instead of no verification at all, we should expect something harder this time. My first hunch tells me to brute force the key used to generate the jwt token, but we’re actually given the source code....

August 13, 2024 · 4 min · hxuu

LITCTF24 - Jwt 1

Challenge Description name: jwt-1 category: web points: 111 I just made a website. Since cookies seem to be a thing of the old days, I updated my authentication! With these modern web technologies, I will never have to deal with sessions again. Come try it out at http://litctf.org:31781/. Solution We are presented with this interface If we hit GET FLAG, we see a simple unauthorized message, and since the challenge’s name is jwt-1, it’s likely that we have to bypass the authorization mechanism put in place by the developers of this application....

August 13, 2024 · 2 min · hxuu

LITCTF24 - Anti Inspect

Challenge Description name: anti-inspect category: web exploitation points: 109 can you find the answer? WARNING: do not open the link your computer will not enjoy it much. URL: http://litctf.org:31779/ Hint: If your flag does not work, think about how to style the output of console.log Solution Since the challenge warns us against opening the link on our browser, I assumed there is some kind of infinite loop inside the script tag....

August 13, 2024 · 1 min · hxuu