- task.pcap
- the flag is in flag{...} format.
kawing-ho
/ HackIT CTF 2017 - USB Ducker.md
Last active
April 5, 2018 13:19
This was a 100 point Forensics challenge, I spent a total of 4-5 hours on it which was probably more than necessary but at least I got it in the end :)
kawing-ho
/ natas15.md
Last active
April 5, 2018 13:19
This is NOT a write-up, I did not solve the challenge by myself but in terms of understanding the technicals required to solve it I would say that I've solved it. This gist is about highlighting my thought process and how I can improve it to avoid making the same mistake I did here ...
- As said in the description, this is NOT a write-up, there are many online that get straight to the point (what is required to solve the challenge) which unfortunately this gist is not 📚
- I didn't solve the challenge mainly because I got ahead of myself and missed a crucial detail in one of the many approcahes I took, in a sense I dived too deep down a rabbit hole which closed me off from the real answer, while I was digging deeper for one that simply wasn't there
- natas15 is a
Blind SQL Injectionchallenge, which I did not have knowledge of before (but I do now), in fact the only SQLi I knew of before this was the simple auto bypass method (basically' OR 1=1; --), so I'm actually glad I did this challenge til the very end because I ended up learning a lot !
- It's basically an SQL Injection but under the circumstances where the results aren't returned directly to you
- More often than not you will only get responses along the
kawing-ho
/ EasyCTF2018 - FlagTime.md
Last active
April 5, 2018 13:19
Files : https://github.com/EasyCTF/easyctf-iv-problems/tree/master/flagtime
This problem is so easy, it can be solved in a matter of seconds. Connect to c1.easyctf.com:12482.
So the moment I read the title and description I knew it was something like a Time-Based Blind SQL Injection
I began experimenting with different values to see if I could find a pattern ...
- It seems that when the character is wrong, the time taken for the reply is short
Target: https://smartcontracts.dev1-x.ns.agency/contract.php
A user is able to access local files present on the server without any access controls, enabling them to view sensitive information such as the /etc/passwd file
- Enter
file:///etc/passwdinto the search bar - the
/etc/passwdfile will then be returned, a comment at the bottom can be found stating that the flag is at/flag
Target: https://ssrfsquared.ns.agency/
- Intercept the requests made between the front and back end of the site during the initial load
- Notice that there is a request for
https://ssrfsquared.ns.agency/static?r=http%3A%2F%2F127.0.0.1%3A9447%2Fstyles.css, which can also be confirmed by viewing the source of the page - This becomes an entry point for an attacker to probe the internal network
- Some files return the same content when accessed externally or internally such as
index.htmlorstyles.css - When viewing
https://ssrfsquared.ns.agency/static?r=http://127.0.0.1:9447/styles.cssthere is a hint that something else is on the server
kawing-ho
/ r3s0urc3s.md
Last active
April 23, 2020 17:12
For quick access to slides / other links :)
Intro
(no 6843 lecture)
Break 1: *.nsnagency (Solution)
kawing-ho
/ link_collector.py
Created
August 26, 2018 00:49
Example of using selenium webdriver + headless chrome to scrape links from dynamic-content pages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from os import getpid | |
| from re import search | |
| from time import sleep | |
| from random import randint | |
| from selenium import webdriver | |
| from pyvirtualdisplay import Display | |
| from selenium.webdriver.common.by import By | |
| from selenium.webdriver.common.keys import Keys |
kawing-ho
/ upload.php
Last active
October 6, 2018 10:45
Arguments: [Path to an image file] Returns: [ URL to image ]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/php | |
| <?php /* install php and php-curl */ | |
| if($argc != 2) { | |
| fwrite(STDERR, "Usage: ".$argv[0]." <path to image>\n"); | |
| die(); | |
| } | |
| $image = $argv[1]; | |
| if(! file_exists($image)) { fwrite(STDERR, "Not an image!\n"); die(); } |
kawing-ho
/ picoCTF2018 - Flaskcards.md
Last active
October 12, 2018 12:43
Solutions to a series of web challenges of increasing difficulty surrounding Flask vulnerabilities
I played in picoCTF again this year, and I think I performed a lot better than I did last year, especially in web, I wanted to share this writeup because I think I did a good job being the 75th person (out of like 5000 other players) to solve the final part of this series of web challenges.
- Flaskcards (350 pts)
- Flaskcards Skeleton Key (600 pts)
- Flaskcards and Freedom [Highest point web challenge] (900 points)
OlderNewer