CHALLENGE DESCRIPTION Your security team must always be up-to-date and aware of the threats targeting organizations in your industry. As you begin your journey as a Threat Intelligence Intern, equi...

CHALLENGE DESCRIPTION In this Sherlock, players will be introduced to the MITRE ATT&CK framework, which is a comprehensive tool used to research and understand advanced persistent threat (APT) ...

CHALLENGE DESCRIPTION SOLUTION psql -h saturn.picoctf.net -p 55291 -U postgres pico #to connect to server. {Back splash} l #to show all databases {Back splash} dt #to show all tables select * ...

CHALLENGE DESCRIPTION SOLUTION From hint, we know that we need to use XML payload to done this challenge. Click on any Detail button of the post, we will see XML code below, inject payload and we...

CHALLENGE DESCRIPTION SOLUTION We can see the SQLite from the hint, try to login, and we see this. We need to add comment at password to bypass the username using ' or 1=1 --

CHALLENGE DESCRIPTION SOLUTION Analyze the files they gave us, and look into the server.js We can see that they use MongoDB and Json, search it and we have the payload for nosql.

CHALLENGE DESCRIPTION SOLUTION Using “BurpSuite” to intercept the web, and we can see that when that bot moves, it send the eval to us, let change it.

CHALLENGE DESCRIPTION SOLUTION From the hint, we can guess that the flag will be in the deepest folder, so we need to find those folders. We can see the folder of image Look into the header t...

CHALLENGE DESCRIPTION SOLUTION I have tried lots of things like XSS, SSTI, SQLi, but nothing happend. So I do research, and try dynamic functions in Python. getattr(__import__('subprocess'), 'ge...

CHALLENGE DESCRIPTION SOLUTION WebNet0 Open wireshark, go to the tab: Edit > Preferences > Protocols > TLS then add RSA key list We will see some new HTTP packets, follow them and we h...