Cool file upload vulnerability followed by a minimalist php shell!
RITSEC CTF: CictroHash write-up
Combining Python and C to write a sponge function and then brute-forcing a collision. Had you ever seen that? I hadn’t…
Square CTF 2018: Shredded write-up
Reducing the 27! permutations to over 300 and cracking of a shredded QR code! Really fun and interesting challenge by Square CTF…
Hack The Box: Access write-up
Windows machine with a ftp anonymous connection and a db backup? Not a good idea… And what about runas with Admin? Even worse!
Hack The Box: Active write-up
Really realistic machine based on a misconfiguration in GPP on SMB which lets one log in as user and then retrieve the kerberos ticket of the Administrator. One of the best machines I’ve done!
BSides Delhi 2018: RSA_Baby [Crypto]
RSA explanation along with a cool problem from BSides Delhi 2018 that takes it one step further
Hack The Box: Devops write-up
XXE is cool, a git repository could be as well… Wanna have a look at this box?
Hack The Box: Secnotes write-up
Linux inside windows, second order SQL injection, SMB and much more… Definitely the most interesting and educational machine I’ve rooted on HTB!
Hack The Box: Jerry write-up
My first windows box! The way to access the system was cool, but a bit simple… User and root? Looks like they are the same here
InCTF: The Most Secure File Uploader
From file upload to python RCE. Who would’ve guessed the solution had to do with the chr() and ord() functions?