Category: CTF Challenges

  • Hackthebox : Emdee five for life Walkthrough

    Hackthebox : Emdee five for life Walkthrough

    Hackthebox: emdee five for life challenge is based on python scripting as how fast a request can be sent and stuff can be automated. For this challenge, I had to go through the forum threads on hackthebox because this challenge is pretty straight forward. You can’t be slow! Let’s begin with the walkthrough: Once you…

  • Hackthebox: Grammar Walkthrough

    Hackthebox: Grammar Walkthrough

    Hackthebox Grammar is based on the MAC [Message Authentication Code] and how PHP handles the MAC strings also called as typejuggling. PHP tries to evaluate the MAC based on the starting strings, if it is valid numeric then it is used otherwise the value will be 0. https://www.php.net/manual/en/language.types.type-juggling.php https://www.owasp.org/images/6/6b/PHPMagicTricks-TypeJuggling.pdf Let’s get to the walkthrough: Once…

  • Hackthebox: IknowMag1k Walkthrough

    Hackthebox: IknowMag1k Walkthrough

    Hackthebox: I know Mag1k is based on Oracle padding attack. Padding Oracle is based on decryption of the cipher text based on existing cipher information. Padding Oracle allows you to decrypt the encrypted code.Moreover, we can also encrypt arbitrary code without having the encryption key. This leads to having access to sensitive information.  Let’s start…

  • Cross-Site Scripting (XSS) – The Bug Bounty Guide

    Cross-Site Scripting (XSS) – The Bug Bounty Guide

    XSS stands for Cross-Site Scripting, which is one of the attacks type on the Websites. In this article, I will be using https://xss-game.appspot.com to demonstrate how you can check for XSS bugs in different input parameters. They provide a wonderful platform where you can perform exercises on how XSS works. Level – 1: The first…

  • HackTheBox Node:1 Vulnhub CTF Walkthrough

    HackTheBox Node:1 Vulnhub CTF Walkthrough

    Node CTF is available at: https://www.vulnhub.com/entry/node-1,252/ This Vulnerable machine Node is based on the new technologies and how we can hack into them. It uses Node Express server Json and hadoop. There are many ways to hack into the machine, here is my way. Let’s dive in the machine: If you are having problem with setting…

  • OVERTHEWIRE NATAS SERIES: 25 – 26 LEVEL Walkthrough

    OVERTHEWIRE NATAS SERIES: 25 – 26 LEVEL Walkthrough

    Overthewire Natas Level 25 – 26 is based on directory traversal. The code have many restrictions because it sanitizes the user input and makes it harder for us to get the password. Let’s see how can we bypass it and get the access for the next level. The code for this level is here: The…

  • OVERTHEWIRE NATAS SERIES: 24 – 25 LEVEL Walkthrough

    OVERTHEWIRE NATAS SERIES: 24 – 25 LEVEL Walkthrough

    Overthewire Natas 25 Level is based on strcmp() function vulnerability. Generally, strcmp() is used to compare two strings together, We need to generate some kind of error here so we can obtain the password for the next level. The code for the level is here: So, I tried a lot of ways to generate error…

  • OVERTHEWIRE NATAS SERIES: 23 – 24 LEVEL Walkthrough

    OVERTHEWIRE NATAS SERIES: 23 – 24 LEVEL Walkthrough

    Overthewire natas level 23 – 24 is also based on PHP GET request parameter tampering. We have to carry out the injection in such a way that it fits both the conditions of the code. The code for this level is here: The two conditions to be fulfilled are: 1. passwd parameter should contain the…

  • OVERTHEWIRE NATAS SERIES: 22 – 23 LEVEL Walkthrough

    OVERTHEWIRE NATAS SERIES: 22 – 23 LEVEL Walkthrough

    Overthewire natas level 22 – 23 is the easiest of all levels, We just have to send a GET request as “/?revelio” to reveal the admin password. This code for this level looks like this: So, again I am using Burpsuite’s Repeater in order to make the GET request and here you go, the password…

  • OVERTHEWIRE NATAS SERIES: 21 – 22 LEVEL Walkthrough

    OVERTHEWIRE NATAS SERIES: 21 – 22 LEVEL Walkthrough

    Overthewire natas level 21 -22 is also like the last level but, there is Key and value pair as the input values. All we need to do is inject admin=1 as one of the key->value pair and we will get the password. There are two different pages in this level which shares information with each…

  • OVERTHEWIRE NATAS SERIES: 20 – 21 LEVEL Walkthrough

    OVERTHEWIRE NATAS SERIES: 20 – 21 LEVEL Walkthrough

    OVERTHEWIRE NATAS level: 20 – 21 is quite different than all the other that we have completed. The code for this level is pretty hard to understand but took me a while but it’s done now. The problem lies in php code and how it is handling user input with the help of keys. We…

  • OVERTHEWIRE NATAS SERIES: 19 – 20 LEVEL Walkthrough

    OVERTHEWIRE NATAS SERIES: 19 – 20 LEVEL Walkthrough

    OVERTHEWIRE NATAS level 19-20 is similar to 18-19 level. We have to manipulate session in order to login as admin. In the last level, we just have to change the PHPSESSIONID number in order to gain the access to the admin account. We have to do the same in this level too but here the…