Hacking Intigriti August 2024 CTF Defcon Challenge: Safe Notes tldr; This challenge was fun and engaging, blending CSPT with an open redirect flaw to ultimately pull off a successful XSS attack and grab the flag!
CTF Intigriti July 2024 CTF Challenge: Memo This fun little challenge was to get reflected cross-site scripting (XSS) on a simple web app that is protected by a content security policy (CSP) and DOMPurify. The solution involves DOM clobbering, relative path abuse and a CSP bypass via HTML base tag injection.
CTF NahamCon CTF 2024: My Shop Disaster Solution for the WooCommerce WordPress plugin challenge that PatchStack submitted to the NahamCon 2024 CTF.
CTF Featured Intigriti February CTF Challenge: Love Letter Storage tl;dr: Solved an awesome Valentine's Day challenge by @goatsniff from Intigriti. I gained valuable insights into using character conversions to bypass XSS protections and learned about data exfiltration through the manipulation of cookie paths. This details the exploits I used and my journey along the way and
CTF dCTF - Just Take Your Time Over the weekend I participated in dCTF by DragonSec SI along with some friends. There were some really interesting and unique challenges in this CTF.
CTF HTB CTF Write-up: Gunship The HTB x Uni CTF 2020 - Qualifiers have just finished and I wanted write-up some of the more interesting challenges that we completed.
CTF HTB CTF Write-up: Cargo Delivery Cargo Delivery was a Python command line application that uses AES CBC encryption and is vulnerable to a padding oracle attack.
CTF HTB CTF Write-up: Cached Web The HTB x Uni CTF 2020 - Qualifiers have just finished and I wanted to write-up some of the more interesting challenges that we completed.
CTF Metasploit Community CTF 2020 (Dec) Write-up: 5-of-clubs (port 8101) Summary The 5-of-clubs challenge was to write a Metasploit module that is uploaded and run on a computer to which you do not have direct access. The module is uploaded along with a resource file that is used to automate Metasploit, the output is logged and can be viewed following
CTF Metasploit Community CTF 2020 (Dec) Write-up: 7-of-spades (port 8888) Summary The 7-of-spades challenge is a basic Python web application that lists information about Metasploit modules. It uses a pickle saved in base64 to a cookie that can be modified to get remote code execution. Python web app listing Metasploit modulesWalk-through When we click on a module filter we are
CTF Metasploit Community CTF 2020 (Dec) Write-up: queen-of-hearts (port 9008 & 9010) Summary The queen-of-hearts challenge was on two ports, 9010 which contained a downloadable Java .jar file and 9008 which was the service that you needed to interact with. Initially it appeared that it was an insecure deserialisation exploit, and while it is likely that that was also present, the flag
CTF Metasploit Community CTF 2020 (Dec) Write-up: ace-of-clubs (port 9009) Summary The ace-of-clubs challenge presented a SSH server on port 9009 that had an easy to guess login. This is followed by a privilege escalation to root in a custom binary using a file overwrite exploit. Walk-through This port is running a SSH server and if we connect to it
CTF Metasploit Community CTF 2020 (Dec) Write-up: 9-of-clubs (port 1337) This fun little challenge was solved by our binary exploitation expert: benything.
CTF Metasploit Community CTF 2020 (Dec) Metasploit ran another community CTF this year, and we decided to put forward a team. The team ended up bigger than all other teams I've been part of before and hence PrettyBeefy team was born. PrettyBeefy rap album coverThe previous Metasploit CTFs have been some of my favourites