bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

Lost Exponent - Pwn2Win 2021

xxMajinxx
2021-06-05
Misc

tl;dr

  • Reverse bytearray to recover matrix cflag.
  • Use first element of matrix to recover e (bruteforce &iroot)
  • Reduce the flag to finite field of a 32-bit prime, solve for each character.
Read More
Pwn2Win Writeup Misc Matrix

illusion - pwn2win 2021

Sayooj B Kumar
2021-06-03
Web Exploitation

tl;dr

  • Using Prototype pollution vulnerablity in fast-json-patch pollute value in outputFunctionName
  • Get a shell as the flag can only be obtained using binary file
Read More
RCE Prototype pollution

Waffle Write-up - m0leCon CTF 2021 Teaser

Yadhu Krishna M
2021-05-16
Web Exploitation

tl;dr

  • Make a GET request to /gettoken%3fcreditcard=mmm&promocode=FREEWAF to get the token.
  • Using the token make another request with {"name":"' union select flag, 1, 1, 1 from flag -- -", "name":"x"} to get the flag.
Read More
SQLi JSON Interoperability

Pawn - Angstrom CTF 2021

d4rk_kn1gh7
2021-04-08
Pwn

tl;dr

  • UAF in chess game, overwrite __malloc_hook to one_gadget
Read More
Heap Linux AngstromCTF

Jason - Angstrom CTF 2021

Az3z3l
2021-04-08
Web Exploitation

tl;dr

  • Intended: Append ; secure; samesite=none to cookie. Now, <script src="https://jason.2021.chall.actf.co/flags?callback=load"></script> would retrieve the flag.
  • Unintended: Append .actf.co as domain to cookie using CSRF -> Setup a xss payload in reaction.py challenge -> Log in to this using CSRF -> Payload in Reaction.py exfiltrates document.cookie
Read More
AngstromCTF XSS CSRF Cookies

Mantis - Hack The Box

7h3M0nk
2021-03-31
HackTheBox

tl;dr

  • Kerberos Exploitation
  • MS MySQL Server
  • MS14-068
  • GoldenTicket
Read More
HackTheBox Writeup Mantis Goldenticket

Bounty - Hack The Box

7h3M0nk
2021-03-27
HackTheBox

tl;dr

  • RCE by uploading web.config
  • Windows IIS 7.5
  • MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege
Read More
HackTheBox WriteUp Bounty

KarDi Bee X - Securinets Quals 2021

g4rud4
2021-03-22
Forensics / Memory

tl;dr

  • File recovery from the memory dump
  • Environment variables analysis.
  • RAR and Zip password cracking.
  • Cracking Windows user password hash.
  • Extracting Keepass Master Password from keystrokes of logged data.
Read More
Volatility Windows Memory Analysis Securinets Quals

Be My Guest - UTCTF21

g4rud4
2021-03-15
Forensics / Network

tl;dr

  • Retrieving the flag from Samba SMB workgroup guest.
Read More
UTCTF SMB

Hack Bob's Box - UTCTF21

g4rud4
2021-03-15
Forensics / Network

tl;dr

  • Anonymous login to FTP server.
  • Retrieve SSH login username and password from Firefox History
Read More
UTCTF FTP Firefox History

 Previous 

9 / 18

 Next 

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.