HackTheBox – Backdoor Write-up

Hi everyone! This write-up is on Backdoor, an easy Linux machine. I wouldn’t say this machine is actually easy. This machine requires us to manually enumerate WordPress’s plugin directory, and exploit the directory traversal vulnerability to leak process. Exploit the gdbserver process to obtain a reverse shell before attaching to the root’s screen session for […]

Use DockerFile for debugging with Pwntools

Hi everyone! This article will be on setting up DockerFile for debugging with Pwntools. This may be useful for you during CTF challenges. In the example below, I will be using an example from DCTF 2022 Codechainz. The “app” binary I am using can be downloaded from here. Let’s get started! Setup image from DockerFile […]

DCTF 2022 – Codechainz Write-up

Hi everyone! This post is on DCTF 2022’s Codechainz which is a fairly easy pwn challenge. This challenge has a buffer overflow (BoF) vulnerability and requires us to jump to a space created by mmap() which is executable. However, there is a shellcode size limit due to the space available. Let’s get started! Files provided […]

BKSEC 2022 CTF Write-up (Pwn)

Hi everyone! This post is on BKSEC 2022 CTF which was held in early April this year. I only attempted the pwn category as I was feeling lazy to try out the others. The pwn challenges tested on arbitrary write via array out of bound (OOB), stack alignment on x64 programs, and bypassing integer inputs […]

picoCTF 2022 Write-up (Web Exploitation)

Hi everyone! This post is on picoCTF 2022 write-up for web exploitation that was held from 16th March 2022 to 30th Mar 2022. It covers the basics of analyzing the client source codes, path traversal, robots.txt, modifying cookies, directory fuzzing, and SQL injection. Let’s get started! 1. Includes Below shows the main page of the […]

picoCTF 2022 Write-up (Binary Exploitation)

Hi everyone! This post is on picoCTF 2022 write-up for binary exploitation that was held from 16th March 2022 to 30th Mar 2022. In this CTF, there are buffer overflow, on stack shellcode execution, format string attack, function overwrite, C programming array out of bound (OOB) arbilitary write, stack cache, and vulnerable string check. Let’s […]

CTF.SG CTF 2022 Write-up

Hi everyone! Today’s write-up is on CTF.SG 2022. It is a 24 hours CTF hosted over the weekend (12-13/3/2022) with many different categories such as Sanity, Web, Pwn, Cryptography, Reverse Engineering, and Misc. I did not have time to solve many challenges as I needed my sleep. This CTF definitely isn’t easy, especially for reverse […]

HackTheBox – Previse Write-up

Hi everyone! Today’s post is on Previse, an easy HackTheBox Linux machine. This machine was released on 8 August 2021. In this machine, a URL redirect status 302 is exploited to leak the actual web page without logining in, exploiting unsanitized POST data run on the server’s PHP’s exec(), extracting user password from one-liner MySQL […]