DESCRIPTION SOLUTION def evaluate_polynomial(coefficients, x): result = 0 for i, coeff in enumerate(coefficients): result += coeff * (x ** i) return result # Read input coeff...

SOLUTION Using BinaryNinja to analyze the code, we can see the main function here. What we need to do is convert the hex to decimal and get the flag.

SOLUTION Q1: What is the file format of the executable? Q2: What is the CPU architecture of the executable? Q3: What library is used to read lines for user answers? (ldd may help) Using BinaryNi...

SOLUTION By analyzing the code, we can see this. public function getfacts($router) { $jsondata = json_decode(file_get_contents('php://input'), true); if ( empty($jsondata) ||...

SOLUTION By analyzing the code, we can see the web uses MongoDB and its Content-Type. from pymongo import MongoClient app = Flask(__name__) app.config.from_object("application.config.Config") bcry...

SOLUTION By analyzing the source code, we can see the black list def blacklist_pass(email): email = email.lower() if "script" in email: return False return True def send_fla...

SOLUTION We can see the login page at first, let try some SQL injection. But nothing happend, so we need to inspect it and save the request to a file. Using sqlmap to find the web’s databse sqlma...

SOLUTION We can see at the bottom right of the web, they provide us some examples of XSS payload By guessing, we combine 2 payloads then see what happend. <img src=x onerror="alert(document.co...

CHALLENGE DESCRIPTION (NOTE: use https:// to connect to the instance) SOLUTION By analyzing the source code, we can see that account with admin username hold the flag. We get the /tickets path. ...

SOLUTION By analyzing the source code, we can see admin’s email. This functionality is vulnerable to IDOR because it verifies the validity of the token but does not check which user the token bel...