SOLUTION By analyzing the code, we can see the web uses MongoDB and its Content-Type. from pymongo import MongoClient app = Flask(__name__) app.config.from_object("application.config.Config") bcry...

SOLUTION By analyzing the source code, we can see the black list def blacklist_pass(email): email = email.lower() if "script" in email: return False return True def send_fla...

SOLUTION We can see the login page at first, let try some SQL injection. But nothing happend, so we need to inspect it and save the request to a file. Using sqlmap to find the web’s databse sqlma...

SOLUTION We can see at the bottom right of the web, they provide us some examples of XSS payload By guessing, we combine 2 payloads then see what happend. <img src=x onerror="alert(document.co...

CHALLENGE DESCRIPTION (NOTE: use https:// to connect to the instance) SOLUTION By analyzing the source code, we can see that account with admin username hold the flag. We get the /tickets path. ...

SOLUTION By analyzing the source code, we can see admin’s email. This functionality is vulnerable to IDOR because it verifies the validity of the token but does not check which user the token bel...

Writeup Scanning target and we get some open ports. We can look at port 21 FTP, we have vsFTPd 2.3.4 and port 445 SMB, we have Samba 3.0.20-Debian. Now try it with Metaploits. We can not exploi...

SOLUTION Q1: Which is the username of the compromised user used to conduct the attack? (for example: username) We search for LDAP protocol and get the answer. **Q2: What is the Distinguished Nam...

SOLUTION Open pcap file with Wireshark, search for HTTP and we can see some POST method, follow them. We can see lots of base64 strings. What we need to do is decode all of the outputs (blue text...

SOLUTION Using Wireshark to analyze the network. Search for HTTP protocol. We can see there is a Upload File Vulnerability here Follow IP with port 1337 and we get the Base64 string in reverse.