Thứ Năm, 19 tháng 11, 2020
Thứ Năm, 22 tháng 10, 2020
Thứ Tư, 7 tháng 10, 2020
[VulnHub] Loly walkthrough
Hello, today I come back with VulnHub - which provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks .
I choose a random lab, named Loly. Let's get through it!
Thứ Tư, 30 tháng 9, 2020
[picoCTF] Forensics picoGym challenge
Hello buddy! Today I will introduce some new stuffs.
I'm in self-training for CTF competition. And according to the need of my team, I decide to explore Forensics area. I hope this decision will make it work and I can absorb more and more knowledge for pentesting.
So, I will kick off with picoCTF, this place is better for every beginner . Let's start!
like1000: 250pts
Thứ Sáu, 4 tháng 9, 2020
[VulnHub] LAMPSecurity: CTF5 Write Up
Hello sunny day ! Because of CTF competition training , I 'll continue practicing with VulnHub
As the entry's tittle , let's do this !
+GATHERING INFORMATION : After scanning the provided system (both manual and automatic ) , I figure out some stuff :
- OS : Linux 2.6.X
- Web Server ; Apache httpd 2.2.6 ((Fedora))
- DBMS : MySql 4.1.2
- PHP 5.2.4
+VULNERABILITIES :
- LFI
Thứ Ba, 1 tháng 9, 2020
[Root-Me] PHP EVAL - PHP NON ALPHANUMERIC WRITE UP !
Hello everyone . Today , I will comeback to RootMe . This challenge is about PHP non-alphanumeric . It's at medium level with 40 points! Let’s dive into it ! 👆
Here is the source code provided by author
Thứ Tư, 26 tháng 8, 2020
[VulnHub] HACKME 1 LAB WRITE UP
Hello guys, today I will show you some interesting stuffs . 👨
I am training for CTF competition which will be held by my school . And I decided to play with VulnHub.
Let's get started !
- GATHERING INFORMATION :
+Nmap
Thứ Ba, 4 tháng 8, 2020
[KMACTF] WEB-EXPLOITATION WRITE-UP !
Thứ Tư, 24 tháng 6, 2020
Thứ Tư, 17 tháng 6, 2020
[NahamCon CTF 2020] Web Exploitation WriteUp !
Today , I come back to my blog with NahamCon CTF which is held about 1 week ago.
I had solved some web challenges and absorbed many things useful 👅
Let's start!
Thứ Sáu, 22 tháng 5, 2020
[Root-Me] JWT Revoked Token
25 Points , not too much hard , huh? I though so . And after solved this chall , I have to say : " It's not really hard , but so much tricky" . Let's see !
Thứ Năm, 14 tháng 5, 2020
[PenTest] L*G.vn XSS detecting and exploiting!
Today, I will show you some interesting stuff which I have just done .
My friend want to buy a backpack from this website, she sent web address to me and asked me how the backpack was .
I dont really care about backpack.
In my vision, the only thing exist is the search engine on the left side.
Thứ Sáu, 8 tháng 5, 2020
[Securinets] Writeup jeopardy !
Corona Virus aka Covid-19 has spreaded all over the world , we much #stayhome to protect our shelves . So , I have very much time to learning and training my hacking skill . This month ,with my team, I has participated in Securinets ctf competition . Very interesing , it has many , many things to discuss . Here is the result .
Thứ Ba, 4 tháng 2, 2020
[WRITEUP] XML EXTERNAL ENTITY (XXE) INJECTION ROOTME
Thứ Tư, 18 tháng 12, 2019
[wargame.kr&rootme] PHP TYPE CONFUSION & LOOSE COMPARISON WRITEUP!
A loose comparison is one performed using two equals signs (==
).It follows suit with the “best-guess” approach, which can lead to some unexpected results.
TAKE A LOOK INTO THIS TABLEThứ Hai, 9 tháng 12, 2019
[WARGAME.KR] MD5 PASSWORD VULNERABILITY WRITEUP!
$row=@mysql_fetch_array(mysql_query("select * from admin_password where password='".md5($ps,true)."'"));OFCORSE WE DONT HAVE IDEA ABOUT PASSWORD , SO WE MUST FIND A WAY TO BYPASS THIS QUERY BY SQL INJECTION !
FIRST, TAKE A LOOK AT MD5() FUNCTION DEFINITION AND IT'S VULENERABILITY :
string md5 ( string $str , [ bool $raw_output = false ] )
Thứ Tư, 9 tháng 10, 2019
[WRITEUP] SQL INJECTION -ROUTED ROOTME
TRONG BÀI NÀY MÌNH SẼ KHÔNG GHI RÕ NHỮNG CÂU QUERY RA , CHỈ SHOW KẾT QUẢ VÀ CÁC BƯỚC CƠ BẢN ĐỂ THỰC THI :D
MỞ ĐẦU CHALL LÀ FORM KHÁ QUEN THUỘC , ĐỪNG AI DẠI DỘT FUZZ VÀO CÁI FORM NÀY NHÉ :D . CHUYỂN QUA TRANG "SEARCH" ĐI !
Thứ Tư, 2 tháng 10, 2019
[picoCTF2019][WEB EXPLOITATION] WRITE-UP !
Thứ Bảy, 21 tháng 9, 2019
[WRITEUP]JSON WEB TOKEN - WEAK SECRET ROOTME!
Phổ Biến
-
SO , THIS IS VERY FIRST TIME MY NEW TEAM TAKE PART IN A CTF COMPETITION [PICOCTF] I MAKE THIS WRITE-UP AS THE NOTE FOR ALL WEB-CHALLEN...