Dev JumpCloud-Proxy JumpCloud is a Directory as a Service provider providing cloud native Directory service for cloud native companies. In a Red Team engagement or Pentest scenario, one may come across a API token which
CTF De1CTF - SSRF Me Writeup (2019) UPDATE: This writeup was hidden since 2019 due to the solution used. It was only recently where I released a CTF challenge using the same solution. Since it was solved, I decided that
CTF HTB x Uni CTF 2020 - Quals Write Up Gunship This challenge is an AST injection challenge. const path = require('path'); const express = require('express'); const handlebars = require('handlebars'); const { unflatten } = require('flat'); const router = express.Router(); router.get('/', (req,
CTF PeeHagePee PHP can be interesting. I recently came across an interesting web CTF challenge. It is unfortunate that I am not able to show the beautiful screen shots of the challenge. What I have
Dev GoFindGit Inspired by my previous adventures and my recent Go encounters, here is my attempt to start something. A git directory finder on web roots written in go. Still a work in progress... https:
Blog Protostar Exploit Practice I NEED TO LEARN SOMETHING NEW!!!!! And yes, I started to learn some C and assembly.. Which ultimately lead to the learning of software security. This started my interest to explore bufferoverflow, format
Blog Sersiously? I have recently disclosed a couple of websites with issues relating to exposed .env and exposed .git web resources. Theses websites belongs to reputable local companies. To make matters worse, one of it
Blog EY Hackathon (CTF Qualifiers) Writeup (2019) The qualifers was a team based pentesting CTF, and it requires the knowledge of Windows and Linux systems, enumeration, privilege escalation, and lateral movement. Targets: 10.10.110.3 (Domain Controller for catalyst.
Dev All your Git is Mine! Oh wait.. Env too? Git Expose Exposed .git repositories is not something new. In fact, it has been reported many many times. But the question remains... "Why does it still affect companies?" The goal of
GLUG CTF 2018 Web Challenge Writeup Inspection Head over to the link below to find the flag. https://expect-glugctf.netlify.com/ This is a typical HTML source code view flag. Viewing source will give you the flag. <div&
Blog noxCTF 2018 - MyFileUploader write up A file upload web challenge during the recent noxCTF 2018. The following was presented: Uploading a file without extensions would give us this: It appears that the code checks for extensions .png .jpg
Blog A Telegram love story (Chat Bot) I have always been fascinated by how chat bots work! With the trend of the telegram phone app being popular among students, Chat Bots have become a new medium for application interaction. From
Blog OSCP Journey It starts with a "what if? What if I could achieve it?". According to many, OSCP is one of the hardest out there. No Metasploit, No automatic tools. Just plain old
Blog XOR? XOR!!!! Beginner (Python) I finally have the luxury of time to learn new things, in which I decided to beef up some of my cryptography knowledge. A basic cryptography category in which certain CTFs present is
Dev 4D Lottery Data Collecter DISCLAIMER: NO OFFENSIVE ACTIONS WERE DONE, CODES ARE PURELY FOR EDUCATION PURPOSE OF WHAT PYTHON CAN DO. Background Inspired by a friend who asked if it was possible to get historical data of
Dev vsftp 2.3.4 backdoor script Sometime ago I participated in a security comeptition where we are required to attack and defend servers. The key was to capture flags upon successful root/system exploitation. I did some recon on
Dev Simple Python Web Scanner Python Web Scanner (PWS) Version 1.0.1 This project was inspired by a bored afternoon after getting root on a vulnhub vm. This python script was developed on Python 3. (Not meant
CTF CrossCTF 2018 Writeups Crossctf 2018 Qualifier Writeups Credits to my teammates: https://github.com/tankeehock and https://github.com/tohzijie Web QruirkyScript 1 - 5 were do-able by referncing the truthy table from: https://developer.mozilla.
CTF Junior Defender Camp 2017 Blog Team member gits: https://github.com/Fuxingloh https://github.com/joeldavidw https://github.com/likzdev Finally, Junior Defender Camp 2017 has ended. it was a really great learning experience. Secure coding was covered
CTF Vulnhub - LazySysAdmin Writeup Well. What better way to spend christmas than solving a VulbHub machine? This VM is built for beginner/intermediate difficulty level. Link to LazySysAdmin on VulnHub. I spent about two days on this,
Blog Thoughts When I was first introduced to CTF, I know nothing about it. I was just a mere script kiddie. (skiddie? I think I still am one..) I was introduced to jeopardy style CTF
Blog First Post Hello readers. I go by the name Gladitor on CTFtime.org. I'm new to CTF, and this blog would be the place where I will documenting my adventures and personal write ups. My