bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

Cronos - Hack The Box

7h3M0nk
2021-03-03
HackTheBox

tl;dr

  • SQL Injection
  • Linpeas Priv-Esc
Read More
HackTheBox Write up Linux Box Cronos

dummyper - AeroCTF 2021

fug1t1v3
2021-02-28
Reversing / Linux

tl;dr

  • The dump has some encrypted functions
  • The encrypted bytes are being xorred with a 32 byte key
  • Find the xor_key in the dump
  • Use xor_key offset to find the offset of AES_key and iv
  • AES_CBC decrypt to find flag
Read More
Linux Reversing AES_CBC AeroCTF

Beep - Hack The Box

7h3M0nk
2021-02-28
HackTheBox

tl;dr

  • Shellshock
  • Local File Inclusion
Read More
HackTheBox Write up Beep Linux Box

Arctic - Hack The Box

7h3M0nk
2021-02-16
HackTheBox

Cracking the Arctic Box.

tl;dr

  • Adobe ColdFusion 8
  • MS10-059
  • CVE-2009-2265
Read More
HackTheBox WriteUp Arctic

Valentine - Hack The Box

7h3M0nk
2021-02-13
HackTheBox

Cracking Valentine box without using metasploit.

tl;dr

  • HeartBleed Vulnerability
  • CVE-2014-0160
Read More
HackTheBox WriteUp Valentine

Nibbles - Hack The Box

7h3M0nk
2021-02-09
HackTheBox

How to crack Nibbles box without Metasploit.

tl;dr

  • Nibbleblog v4.0.3 Code Execution
  • CVE-2015-6967
Read More
HackTheBox WriteUp Nibbles

Web IDE - DiceCTF 2021

Yadhu Krishna M
2021-02-09
Web Exploitation

tl;dr

  • Unintended Solution: Cookie Path Restriction bypass using pop-up windows + JS Sandbox Escape
  • Intended Solution: Service Workers + JS Sandbox Escape
Read More
XSS DiceCTF JavaScript Sandbox Escape

Build A Better Panel - Dice CTF 2021

Az3z3l
2021-02-09
Web Exploitation

tl;dr

  • Payload: {"widgetName":"constructor","widgetData":"{\"prototype\":{\"srcdoc\":\"<script src='/admin/debug/add_widget?panelid=star7rix&widgetname=test123&widgetdata=%27%29%2C%28%27star7rix%27%2C+%28select+flag+from+flag%29%2C+%27%7B%22type%22%3A%22test123%22%7D%27%29+--'></script>\"}}"}
Read More
XSS Prototype Pollution CSP DiceCTF

Shocker - Hack the Box

7h3M0nk
2021-02-08
HackTheBox

How to crack Shocker box without Metasploit.

tl;dr

  • ShellShocker exploit
  • Apache mod_cgi
Read More
HackTheBox Writeup Shocker

ProxPi Relay Attack

bi0sHardware
2021-02-07
Hardware

tl;dr

In this post, we are going to share our research into PKES systems and the possibility of Relay attacks on such systems.

Read More
Relay Attacks PKES systems Smart Cars

 Previous 

10 / 18

 Next 

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.