Taggged

Ctf

A collection of 14 posts

Metasploit Community CTF 2020 (Dec) Write-up: queen-of-hearts (port 9008 & 9010)
CTF

Metasploit Community CTF 2020 (Dec) Write-up: queen-of-hearts (port 9008 & 9010)

Summary The queen-of-hearts challenge was on two ports, 9010 which contained a downloadable Java .jar file and 9008 which was the service that you needed to interact with. Initially it appeared that it was an insecure deserialisation exploit, and while it is likely that that was also present, the flag could be obtained using a simple logic flaw as the application was relying on a client-side check for authentication status.