A combination of my own methodology and the Web Application Hacker's Handbook Task checklist, as a Github-Flavored Markdown file
For this year's Google CTF, I prepared a challenge that is based on a real-world vulnerability. The challenge wasn't solved by any team during the competition so here is the proof that the challenge was in fact solvable! :)
- Link to the challenge: https://capturetheflag.withgoogle.com/challenges/web-security-driven
- Link to the PoC: https://github.com/google/google-ctf/tree/master/2021/quals/web-security-driven/solution
The goal of the challenge was to send a malicious file to the admin and leak their file with a flag. The ID of the file was embedded into the challenge description (/file?id=133711377731
) and only admin had access to it, because the file was private.
Disclamer: The write-up is written on airplane therefore the quality of it is poor, mostly to showcase the required steps to solve the challenge
Nuclei Templates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Install VMWare Workstation PRO 17 (Read it right. PRO!) | |
Also, these keys might also work with VMWare Fusion 13 PRO. Just tested it. | |
Sub to me on youtube pls - PurpleVibe32 | |
if you want more keys - call my bot on telegram. @purector_bot (THE BOT WONT REPLY ANYMORE) - Or: https://cdn.discordapp.com/attachments/1040615179894935645/1074016373228978277/keys.zip - the password in the zip is 102me. | |
--- | |
This gist can get off at any time. | |
PLEASE, DONT COPY THIS. IF YOU FORK IT, DONT EDIT IT. | |
*If you have a problem comment and people will try to help you! | |
*No virus |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
NUMLIST = { | |
"\\": "\\\\", | |
"0": "${#}", | |
"1": "${##}", | |
"2": "$((${##}<<$((${##}))))", | |
"3": "$((${##}<<$((${##}))^${##}))", | |
"4": "$((${##}<<$((${##}))<<$((${##}))))", | |
"5": "$((${##}<<$((${##}))<<$((${##}))^${##}))", |