tl;dr

• UAF in chess game, overwrite __malloc_hook to one_gadget

tl;dr

• Intended: Append ; secure; samesite=none to cookie. Now, <script src="https://jason.2021.chall.actf.co/flags?callback=load"></script> would retrieve the flag.
• Unintended: Append .actf.co as domain to cookie using CSRF -> Setup a xss payload in reaction.py challenge -> Log in to this using CSRF -> Payload in Reaction.py exfiltrates document.cookie

tl;dr

• Kerberos Exploitation
• MS MySQL Server
• MS14-068
• GoldenTicket

tl;dr

• RCE by uploading web.config
• Windows IIS 7.5
• MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege

tl;dr

• File recovery from the memory dump
• Environment variables analysis.
• RAR and Zip password cracking.
• Cracking Windows user password hash.
• Extracting Keepass Master Password from keystrokes of logged data.

tl;dr

• Retrieving the flag from Samba SMB workgroup guest.

tl;dr

• Anonymous login to FTP server.
• Retrieve SSH login username and password from Firefox History

tl;dr

• SQL Injection
• Linpeas Priv-Esc

tl;dr

• The dump has some encrypted functions
• The encrypted bytes are being xorred with a 32 byte key
• Find the xor_key in the dump
• Use xor_key offset to find the offset of AES_key and iv
• AES_CBC decrypt to find flag

tl;dr

• Shellshock
• Local File Inclusion