Introduction After having the LFI CTF Challenge by BugPoc suggested for me by a friend, I wanted to participate and try solving the task and of course making a detailed writeup about it as usual. Having some bad luck, I just started participating after the start of the CTF task with a delay of 12 hours from what I remember, resulting in not being able to secure a TOP 3 place 😦.
Carthagods - 496pts (third blood) Introduction This is a writeup about the carthagods web exploitation challenge from the 3k CTF 2k20. It’s a sayefi writeup, so not that much of explaining all the little details and stuff. Hope you enjoy.
Description TL;DR Leak the parameter name used to include files Get some informations about configurations with the given info.php that calls phpinfo() function. Read the flag from the caching system (Zend Opcache) located at /var/www/cache/ Overview We are presented with a page that has some choices that turned out they are file names located in the thecarthagods directory.
Introduction Hey everyone, I participated with my team from Sousse, with love in the castorsCTF2020, we got 3rd place out of 500+ teams. This will be a detailed writeup about a web task and a pwn task. So i hope you like it ❤.
Web Challenge: Quiz TL;DR Bruteforce filename Leak the backup file of the main.go Leak the flag with a local file inclusion Description Overview Accessing the website we get a little welcome message
Introduction I finally decided to make my first writeup for a ctf challenge, it is a web exploitation one for a challenge called SignStealingSoftware-P2 from the UMDCTF2020. I know it’s too late since the ctf has ended 4 days ago but there is no writeups for this challenge 😒 and so I decided to make one for it 🙃.
TL;DR Leak /etc/passwd file with an LFI Target the gitserver user and know that there is a git repo inside his home directory Get the commits made to the repo in order to get the flag The Challenge description Overview Visiting the website we get a select menu