CHALLENGE DESCRIPTION Our SSH server is showing strange library linking errors, and critical folders seem to be missing despite their confirmed existence. Investigate the anomalies in the library l...

SOLUTION Download the file, analyze and look for it code, we can see the hash. Just decrypt the encoding with base64 -d

SOLUTION Download the file, go to BinaryNinja, look for main function and we get the flag.

SOLUTION Reading source code, we can see: The function takes a message (msg) and a shift value (shift). If the character is a space, it appends ‘0’ to the ciphertext. If the character is not...

SOLUTION We download the zip file, unzip it and we have package.json. We know that the web is running on NodeJS server. So we can do some NodeJS RCE. require( 'child_process') ,execSync( 'cat /f...

SOLUTION When we access the website, we try some SQL Injection but nothing happend. We need to download the source code of the web, search for flag.txt file and we see this $username == "administra...

SOLUTION Go to the website, we can see that it requires us to input pin code. Inspect the web, we know the correct pin is 9001. But we don’t have 0 button. Go to the script, we can see the data ty...

SOLUTION Firstly, we try XSS to the search bar: <script>alert(1)</script> We can see that it responses. But XSS is used for manipulating the user experience, and there is no user here...

Writeup Let scan it first, we can see there are some open ports here. Access to the website, go to my basket link. Modify settings Do some research about Maltrail (v0.53), we have payload file....

Writeup After scaning, we know some ports are opened. Connect to SMB to see what we have here So we see there is a default password, what we need to do is find which user have not changed their...