Sharing writeups of CTF challenges and Machines
Download the zip file and unzip it. You will get the email with encoded contents. The first encoded block is like below. It’s saying it is base64 encoded. Let’s decode it from cyberchef. Then you will get the message from the leader of resistance. Now let’s check the second encoded block. When decode it, the … Read More “Hack the box – Urgent write up” »
I share the solution of “an unusual sighting” challenge from hack the box. Connect to the host machine using netcat. Then it will ask us questions. All the answers can be found in the log files. IP Address and Port of the SSH Server 100.107.36.130:2221 What time is the first successful Login 2024-02-13 11:29:50 What … Read More “Hack the box – An unusual sighting” »
I will share a solution for LootStash challenge of the CTF tryout. I tried two approaches. Simple one and the simpler one. I will start with the simple one. simple solution First of all, download the file and check the file type. It is an ELF file. Let’s execute it and see the result. I … Read More “CTF tryout – LootStash write-up” »
This post is the second part of the post. strace, ltrace Let’s run the file again but this time providing a random string. Now a new reply appears on the screen. Let’s try with the string discovered. It still ends up with the error but it returns ok. We are getting there! It is able … Read More “Chapter 5 of Practical Binary Analysis Review 2” »
This post will explain the exercise from chapter 5 in the textbook “Practical Binary Analysis Build Your Own Linux Tools for Binary Instrumentation, analysis, and Disassembly (Andriesse, Dennis) “ The post will be divided into 2 parts. Many tools will be mentioned in this post. The textbook asks us to find a flag in the … Read More “Chapter 5 of Practical Binary Analysis Review 1” »
Description The web project was rushed and no security assessment was done. Can you read the /etc/passwd file? Solution This challenge is about XML external entity Injection. I referred to the document on OWASP. The website looks like below. I noticed the special info changes when I clicked the Details button. I captured the request … Read More “picoCTF – SOAP write-up” »
