CyBRICS CTF Quals 2019 - QShell

Jul 23, 2019 - by Renato "shrimpgo" Pacheco

Description QShell is running on nc spbctf.ppctf.net 37338 Grab the flag When we connect on the server, we receive the following question: $ nc spbctf.ppctf.net 37338 █████████████████████████████████ █████████████████████████████████ █████████████████████████████████ █████████████████████████████████ ████ █ █ █ █ ████ ████ █████ █ ██...

Capture the Flag , Programming , Writeup

CyBRICS CTF Quals 2019 - Paranoid

Jul 22, 2019 - by Renato "shrimpgo" Pacheco

Description My neighbors are always very careful about their security. For example they’ve just bought a new home Wi-Fi router, and instead of just leaving it open, they instantly are setting passwords! Don’t they trust me? I feel offended. paranoid.zip...

Capture the Flag , Forensics , Networking , Writeup

CyBRICS CTF Quals 2019 - Dock Escape

Jul 21, 2019 - by Alisson "Infektion" Bezerra

Description As the name of the challenge implies, we are dealing with some sort of Docker escape and we need to read the flag file located in /home/flag. First step was accessing the web interface in http://95.179.188.234:8080/ and take a...

Capture the Flag , Privilege escalation , Writeup

Asis CTF Quals 2019 - A delicious soup

Jul 11, 2019 - by Lucas "K4L1" Nathaniel

Hi everyone! C: This is a crypto challenge that I liked a lot and I was wanted to do my first post on my blog with this writeup, so finally now I have that :D So basically we have… This...

Cryptography , Capture the Flag , Writeup

INS'hAck 2019 - Passthru

May 7, 2019 - by Renato "shrimpgo" Pacheco

Description You’re part of a company security team and the admin has recently enabled interception on the company filtering proxy. The admin is pretty confident when it comes to its domain whitelist. He gave you a capture to review. Time...

Capture the Flag , Forensics , Writeup

INS'hAck 2019 - You Shall Not Pass

May 6, 2019 - by Renato "shrimpgo" Pacheco

Description One of my friends is a show-off and I don’t like that. Help me find the backdoor he just boasted about! :D You’ll find an image of his USB key here. And one last thing, my friend owns you-shall-not-pass.ctf.insecurity-insa.fr....

Capture the Flag , Forensics , Writeup

Asis CTF Quals 2019 - Fort Knox

Apr 25, 2019 - by FireShell Security Team

Introduction Let’s imagine a situation where we are analyzing some application that apparently is vulnerable to Server Side Template Injection (SSTI), but some of our payloads are not returning response, we also suspect that behind all this may have a...

Bug Bounty , Capture the Flag , Web , Writeup

Processo Seletivo FireShell Security Team - [PT-BR]

Apr 24, 2019 - by FireShell Security Team

Atenção você que gostaria de fazer parte do FireShell Security Team. Vamos abrir um processo seletivo para recrutamento de uma pessoa com habilidades em Pwnable. Este processo se dará em algumas etapas, e a primeira delas será desafios de Pwnable...

Recruting

Byte Bandits CTF 2019 - ImgAccess

Apr 13, 2019 - by Elber "f0lds" Tavares

Description: n00b created a super secure website for sharing images. Do you think you can hack it? http://imgaccess.ctf.euristica.in Write-up When looking at the index, we quickly noticed the uploader and input Enter image URL. Usually I think so I should...

Capture the Flag , Server Side Request Forgery , Web , Writeup

SSRF Tips: SSRF in Microsoft’s Bing Webmaster Central

Apr 9, 2019 - by Elber "f0lds" Tavares

Today I’m going to talk about a trick that might be useful for BugHunters. While I was looking for a few things about BugBounty, I found a report where the author talked about an SSRF which he had found in...

Bug Bounty , Proof of Concept