bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

Pawn - Angstrom CTF 2021

d4rk_kn1gh7
2021-04-08
Pwn

tl;dr

  • UAF in chess game, overwrite __malloc_hook to one_gadget
Read More
Linux Heap AngstromCTF

Jason - Angstrom CTF 2021

Az3z3l
2021-04-08
Web Exploitation

tl;dr

  • Intended: Append ; secure; samesite=none to cookie. Now, <script src="https://jason.2021.chall.actf.co/flags?callback=load"></script> would retrieve the flag.
  • Unintended: Append .actf.co as domain to cookie using CSRF -> Setup a xss payload in reaction.py challenge -> Log in to this using CSRF -> Payload in Reaction.py exfiltrates document.cookie
Read More
AngstromCTF XSS CSRF Cookies

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.