I will share a solution for LootStash challenge of the CTF tryout. I tried two approaches. Simple one and the simpler one. I will start with the simple one. simple solution First of all, download the file and check the file type. It is an ELF file. Let’s execute it and see the result. I … Read More “CTF tryout – LootStash write-up” »
Tag: ctf
Description The web project was rushed and no security assessment was done. Can you read the /etc/passwd file? Solution This challenge is about XML external entity Injection. I referred to the document on OWASP. The website looks like below. I noticed the special info changes when I clicked the Details button. I captured the request … Read More “picoCTF – SOAP write-up” »
Description Can you figure out how this program works to get the flag? Connect to the program with netcat: The program’s source code can be downloaded here. The binary can be downloaded here. Solution We can learn another function of gdb from this challenge. In the question, we are asked to input the address of … Read More “picoCTF – Picker IV write-up” »
To solve this challenge, we need an understanding of references in headers. We will use this reference throughout the challenge. Q1. Only people who use the official PicoBrowser are allowed on this site! Change the user-agent to PicoBrowser. Q2. I don’t trust users visiting from another site. The Referer header allows a server to identify referring pages … Read More “picoCTF2021 – who are you? writeup” »
Description Figure out how they moved the flag. Solution Download the file. It is a packet file. Open it with wireshark. The log shows it’s looking for mac addresses. And tons of TFTP packets are following. I noticed some files are sent over the TFPT. Let’s check the files. Filter the packets with tftp.type Ok, … Read More “picoCTF2021 – Trivial Flag Transfer Protocol” »