Writeups

Introduction

Hi! This is a collection of my CTF writeup!

There is also an challenge archive, you can pratice them in github.

Following is an index sorted by vulnerability types, use search utility to find them:

Web

JavaScript

  • Cat Chat (pt 210): XSS through CSS injection.
  • Grandline (pt 700): XSS by abusing PHP comment feature
  • Dot Free (pt 105): XSS via postMessage
  • Translate (pt 246): Angualr.js TEMPLATE INJECTION with sandbox escaping.
  • JS Safe 2.0 (pt 121): JavaScript REVERSE ENGINERRING
  • Simple Web (pt 100): Bypass number check via float

Python

  • PyCalx (pt 100): Python SANDBOX ESCAPE
  • Pysandbox (pt 121/126): Python SANDBOX ESCAPE(bypass ast santilzer via list builder.)
  • Shrine (pt 190): Flask TEMPLATE INJECTION. Bypass self and config_check via current_app
  • BookHub (pt 208): Redis SQL INJECTION to Pickle RCE
  • Slack Emoji Convert (pt 267): CVE: PIL in ghostscript vulnerability.

PHP

  • OmegaSector (pt 140): Abusing HTTP hostand constructing PHP WEBSHELL
  • Simple Auth (pt 55): LOGIC ERROR: parse_str acts the same as register_global

SQL

  • BookHub (pt 208): Redis SQL INJECTION to Pickle RCE

Pwn

Stack

  • Load (pt 208): BUFFER OVERFLOW via /proc/self/fd/0

MISC

  • Vim Shell (pt 126): Escape the vim shell via K(man page hotkey)

Wechall Wargame Solutions

  • 5 min read

I am not really familiar with CTF =_=, but it’s becoming extremely popular in security club. So I found Wechall to enhance my skills. The questions sequence from easy to difficult.

Read More