bi0s

DeadlyFastGraph - InCTF Internationals 2021

d4rk_kn1gh7

2021-08-15

Pwn

tl;dr

Arbitrary type confusion in DFG JIT
Bug eliminates a single CheckStructure node

Json Analyser - InCTF Internationals 2021

1nt3rc3pt0r

2021-08-15

Web Exploitation

tl;dr

Json_Interoperability - /verify_roles?role=supersuperuseruser\ud800","name":"admin
Prototype_Pollution - {"constructor":{"prototype":{"test":"123"}}} in config-handler

InCTFi Prototype_Pollution Json_Interoperability

MD-Notes - InCTF Internationals 2021

Yadhu Krishna M

2021-08-14

Web Exploitation

tl;dr

Leak admin’s hash using wildcard target origin in postMessage or by calculating sha256('').
Create an XSS payload to read /api/flag and send it to attacker server.

InCTFi XSS JavaScript

Billu_Box_1 - VulnHub VM Challenge

01_susil

2021-08-10

Pentest / VulnHub

tl;dr

LFI(Local File Inclusion) Using Hackbar plugin.

WriteUp Vulnhub Billu Box 1

unknowndevice64 - Vulnhub VM Challenge

47Suriya

2021-08-10

Pentest / Vulnhub

tl;dr

Steghide
Restricted Shell

Write up Vulnhub VM Challenge unknowndevice64

Nullbyte - VulnHub VM Challenge

01_susil

2021-08-10

Pentest / VulnHub

tl;dr

Reading meta data using Exiftool.
Using sqlmap to get Password hash.

WriteUp Vulnhub Nullbyte

Stapler1 - Vulnhub VM Challenge

47Suriya

2021-08-10

Pentest / Vulnhub

tl;dr

Local File Inclusion

Write up Vulnhub VM Challenge Stapler 1

LazySysAdmin_1.0 - VulnHub VM Challenge

susil_01

2021-08-10

Pentest / Vulnhub

tl;dr

smb enumeration using smbclient.

WriteUp Vulnhub LazySysAdmin_1.0

pWnOS:2.0 - Vulnhub

Jose_v8_

2021-08-05

Pentest / Vulnhub

tl;dr

pWnOS:2.0 is a vulnerable VM , where our objective is to gain root access of the machine.
blog 0.4.0 - Multiple Remote s exploit.
upload reverse shell file to spawn a shell.

Write up Vulnhub PwnOS 2.0

Dina 1.0.1 - Vulnhub VM Challenge

47Suriya

2021-08-05

Pentest / Vulnhub

tl;dr

Remote Code Execution
Unrestricted File Upload

Write up Vulnhub Dina 1.0.1 Dina VM Challenge