copy

FROM i386/alpine:latest

# https://wiki.gentoo.org/wiki/OpenRC/Baselayout_1_to_2_migration#Boot_runlevel
# https://wiki.alpinelinux.org/wiki/Installing_Alpine_Linux_in_a_chroot#Entering_your_chroot

RUN apk update && \
    apk upgrade && \
    apk add --no-cache linux-vanilla vim openrc && \
    rc-update add devfs sysinit && \
    rc-update add root boot && \

terjanq

A TL;DR solution to Security Driven by @terjanq

For this year's Google CTF, I prepared a challenge that is based on a real-world vulnerability. The challenge wasn't solved by any team during the competition so here is the proof that the challenge was in fact solvable! :)

• Link to the challenge: https://capturetheflag.withgoogle.com/challenges/web-security-driven
• Link to the PoC: https://github.com/google/google-ctf/tree/master/2021/quals/web-security-driven/solution

The goal of the challenge was to send a malicious file to the admin and leak their file with a flag. The ID of the file was embedded into the challenge description (/file?id=133711377731) and only admin had access to it, because the file was private.

Disclamer: The write-up is written on airplane therefore the quality of it is poor, mostly to showcase the required steps to solve the challenge

Neo23x0

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

terjanq

Postviewer - writeup

Challenge's overview

The rumor tells that adm1n stores their secret split into multiple documents. Can you catch 'em all? https://postviewer-web.2022.ctfcompetition.com

The challenge consisted of an all client-side simple page, i.e. no backend code was involved. A user can upload any file which will be then locally stored in indexedDB. They can preview their files by either clicking on the title or by visiting file's URL, for example https://postviewer-web.2022.ctfcompetition.com/#file-01d6039e3e157ebcbbf6b2f7cb2dc678f3b9214d. The preview of the file is rendered inside a blob created from data: URL. The rendering occurs by sending file's contents to the iframe via postMessage({ body, mimeType }, '*')

Additionally, there is a /bot endpoint which lets players send URLs to an xss-bot imitating another user. The goal is to steal their documents.

arkark

Google CTF 2023 - web/Biohazard

• 14 solves / 333 pts
• CTFtime: https://ctftime.org/event/1929
• Official repository: https://github.com/google/google-ctf/tree/master/2023/web-biohazard ¹

Summary writeup

Footnotes

1. I predict that this URL will be broken because the directory structure will change when the final round source code is released, as in previous years 😅 ↩