bi0s

Ancient House - InCTF Internationals 2021

tl;dr

Jemalloc heap challenge
A buggy implementation of strncat in merge allows for an overwrite onto the next region

InCTFi Exploitation Linux Heap Jemalloc

Vuln Drive - InCTF Internationals 2021

tl;dr

/source to get the source
Access local host from dev_test using SSRF
SQLI to get the flag path a nd LFI to get the flag

InCTFi SSRF LFI SQLI

DeadlyFastGraph - InCTF Internationals 2021

tl;dr

Arbitrary type confusion in DFG JIT
Bug eliminates a single CheckStructure node

InCTFi Exploitation Browser Safari

Json Analyser - InCTF Internationals 2021

Web Exploitation

tl;dr

Json_Interoperability - /verify_roles?role=supersuperuseruser\ud800","name":"admin
Prototype_Pollution - {"constructor":{"prototype":{"test":"123"}}} in config-handler

InCTFi Prototype_Pollution Json_Interoperability

MD-Notes - InCTF Internationals 2021

Yadhu Krishna M

Web Exploitation

tl;dr

Leak admin’s hash using wildcard target origin in postMessage or by calculating sha256('').
Create an XSS payload to read /api/flag and send it to attacker server.

InCTFi XSS JavaScript

Billu_Box_1 - VulnHub VM Challenge

Pentest / VulnHub

tl;dr

LFI(Local File Inclusion) Using Hackbar plugin.

WriteUp Vulnhub Billu Box 1

unknowndevice64 - Vulnhub VM Challenge

Pentest / Vulnhub

tl;dr

Steghide
Restricted Shell

Write up Vulnhub VM Challenge unknowndevice64

Nullbyte - VulnHub VM Challenge

Pentest / VulnHub

tl;dr

Reading meta data using Exiftool.
Using sqlmap to get Password hash.

WriteUp Vulnhub Nullbyte

Stapler1 - Vulnhub VM Challenge

Pentest / Vulnhub

tl;dr

Local File Inclusion

Write up Vulnhub VM Challenge Stapler 1

LazySysAdmin_1.0 - VulnHub VM Challenge

Pentest / Vulnhub

tl;dr

smb enumeration using smbclient.

WriteUp Vulnhub LazySysAdmin_1.0

8 / 19