INS'hAck 2019 - Passthru

May 7, 2019 - by Renato "shrimpgo" Pacheco

Description You’re part of a company security team and the admin has recently enabled interception on the company filtering proxy. The admin is pretty confident when it comes to its domain whitelist. He gave you a capture to review. Time...

Capture the Flag , Forensics , Writeup

INS'hAck 2019 - You Shall Not Pass

May 6, 2019 - by Renato "shrimpgo" Pacheco

Description One of my friends is a show-off and I don’t like that. Help me find the backdoor he just boasted about! :D You’ll find an image of his USB key here. And one last thing, my friend owns

Capture the Flag , Forensics , Writeup

Asis CTF Quals 2019 - Fort Knox

Apr 25, 2019 - by FireShell Security Team

Introduction Let’s imagine a situation where we are analyzing some application that apparently is vulnerable to Server Side Template Injection (SSTI), but some of our payloads are not returning response, we also suspect that behind all this may have a...

Bug Bounty , Capture the Flag , Web , Writeup

Processo Seletivo FireShell Security Team - [PT-BR]

Apr 24, 2019 - by FireShell Security Team

Atenção você que gostaria de fazer parte do FireShell Security Team. Vamos abrir um processo seletivo para recrutamento de uma pessoa com habilidades em Pwnable. Este processo se dará em algumas etapas, e a primeira delas será desafios de Pwnable...


Byte Bandits CTF 2019 - ImgAccess

Apr 13, 2019 - by Elber "f0lds" Tavares

Description: n00b created a super secure website for sharing images. Do you think you can hack it? Write-up When looking at the index, we quickly noticed the uploader and input Enter image URL. Usually I think so I should...

Capture the Flag , Server Side Request Forgery , Web , Writeup

SSRF Tips: SSRF in Microsoft’s Bing Webmaster Central

Apr 9, 2019 - by Elber "f0lds" Tavares

Today I’m going to talk about a trick that might be useful for BugHunters. While I was looking for a few things about BugBounty, I found a report where the author talked about an SSRF which he had found in...

Bug Bounty , Proof of Concept

Sunshine CTF 2019 - The Whole Pkg

Apr 2, 2019 - by Rafael "rasknikov" Correia

Description I’ve stored all of my wrestling strategies in a state-of-the-art secret vault. I even wrote it in nodeJS, can’t get more cutting edge than that! Author: dmaria Strategy_Vault-win.exe Write-up The application showed options to list and read files, but...

Capture the Flag , Reverse Engineering , Writeup

Sunshine CTF 2019 - Golly Gee Willikers

Apr 2, 2019 - by Renato "shrimpgo" Pacheco

Someone sent me this weird file and I don’t understand it. It’s freaking me out, this isn’t a game! Please help me figure out what’s in this file. golly_gee_willikers.txt Author: hackucf_kcolley Write-up The content of file is: x = 0,...

Capture the Flag , Forensics , Writeup

Sunshine CTF 2019 - 16-bit-AES

Mar 31, 2019 - by Rafael "rasknikov" Correia

Description Why so small? nc 4200 Author: ps_iclimbthings Write-up Short write-up here. The server asked for a word to be encrypted and then asked the client to encrypt a given text using the same key: Welcome, I'm using an...

Cryptography , Capture the Flag , Writeup

0CTF/TCTF 2019 Quals - zer0lfsr

Mar 29, 2019 - by Rafael "rasknikov" Correia

Description Please enjoy the classical lfsr. zer0lfsr.tar.gz Attachment content keystream script from secret import init1,init2,init3,FLAG import hashlib assert(FLAG=="flag{"+hashlib.sha256(init1+init2+init3).hexdigest()+"}") class lfsr(): def __init__(self, init, mask, length): self.init = init self.mask = mask self.lengthmask = 2**(length+1)-1 def next(self): nextdata =...

Cryptography , Capture the Flag , Writeup