Tag: Writeup | bi0s

Nexus Void - HTB University CTF 2023

tl;dr

Misconfiguration in JWT token validation
SQL Injection through JWT token
Insecure Deserialization in .NET leading to RCE using custom class StatusCheckHelper

Writeup HTBUniversityCTF2023 .NET Deserialization SQL Injection JWT

Walk Off The Earth - TPCTF 2023

tl;dr

Mutation XSS using namespace confusion
Parsing inconsistency in JSDOM

Writeup TPCTF mXSS

Awesomenotes II - Hack.lu CTF 2023

tl;dr

XSS + HTML sanitization library (ammonia) bypass
Namespace confusion in ammonia using custom allowed extra tags(math & style)

Writeup Web mXSS Hack.lu CTF 2023

Vessel Cartographer - HTB CyberApocalypse 2023

tl;dr

Dynamically resolved hashed API
Tls_call_back based anti-debug check
AntiDebugFlag check implemented using ProcessInformationClass
AES_CBC decryption of image to find flag

Writeup HTBCA23 Reversing AES_CBC

Lost Exponent - Pwn2Win 2021

tl;dr

Reverse bytearray to recover matrix cflag.
Use first element of matrix to recover e (bruteforce &iroot)
Reduce the flag to finite field of a 32-bit prime, solve for each character.

Pwn2Win Writeup Misc Matrix

Mantis - Hack The Box

tl;dr

Kerberos Exploitation
MS MySQL Server
MS14-068
GoldenTicket

HackTheBox Writeup Mantis Goldenticket

Shocker - Hack the Box

How to crack Shocker box without Metasploit.

tl;dr

ShellShocker exploit
Apache mod_cgi

HackTheBox Writeup Shocker

TCalc - Hack.lu CTF 2019

tl;dr

Linux heap exploitation with arbitary free vulnerability

Writeup CTF Pwn

remain - SECCON CTF Quals 2019

tl;dr

linux heap exploitation challenge with glibc 2.30

Writeup CTF Pwn