bi0s

Json Analyser - InCTF Internationals 2021

1nt3rc3pt0r

2021-08-15

Web Exploitation

tl;dr

Json_Interoperability - /verify_roles?role=supersuperuseruser\ud800","name":"admin
Prototype_Pollution - {"constructor":{"prototype":{"test":"123"}}} in config-handler

MD-Notes - InCTF Internationals 2021

Yadhu Krishna M

2021-08-14

Web Exploitation

tl;dr

Leak admin’s hash using wildcard target origin in postMessage or by calculating sha256('').
Create an XSS payload to read /api/flag and send it to attacker server.

InCTFi XSS JavaScript

Billu_Box_1 - VulnHub VM Challenge

01_susil

2021-08-10

Pentest / VulnHub

tl;dr

LFI(Local File Inclusion) Using Hackbar plugin.

Vulnhub WriteUp Billu Box 1

unknowndevice64 - Vulnhub VM Challenge

47Suriya

2021-08-10

Pentest / Vulnhub

tl;dr

Steghide
Restricted Shell

Vulnhub Write up VM Challenge unknowndevice64

Nullbyte - VulnHub VM Challenge

01_susil

2021-08-10

Pentest / VulnHub

tl;dr

Reading meta data using Exiftool.
Using sqlmap to get Password hash.

Vulnhub WriteUp Nullbyte

Stapler1 - Vulnhub VM Challenge

47Suriya

2021-08-10

Pentest / Vulnhub

tl;dr

Local File Inclusion

Vulnhub Write up VM Challenge Stapler 1

LazySysAdmin_1.0 - VulnHub VM Challenge

susil_01

2021-08-10

Pentest / Vulnhub

tl;dr

smb enumeration using smbclient.

Vulnhub WriteUp LazySysAdmin_1.0

pWnOS:2.0 - Vulnhub

Jose_v8_

2021-08-05

Pentest / Vulnhub

tl;dr

pWnOS:2.0 is a vulnerable VM , where our objective is to gain root access of the machine.
blog 0.4.0 - Multiple Remote s exploit.
upload reverse shell file to spawn a shell.

Vulnhub Write up PwnOS 2.0