Nahamcon CTF 2023 - Web
This is what I managed to solve in the last 8 hours, when I could finally login.
Reversing WordPress malware
I did some incident response, OSINT, PHP and Javascript deobfuscating and reversing on a malware that was dropped at a friend's WordPress server. Read the full story of what happened here!
HTB Cyber Apocalypse CTF 2023
This year I have managed to solve more challenges than ever before with TheWhiteCircle. But the forensics category, with the bashic ransomware challenge, actually made me want to share the write-up here!
Scam CTF 2022
This is the story of how I got scammed into participating in a CTF competition for someone else. I hope this article can help people not get scammed the same way or even help me find the competition I was unintentionally solving. I got contacted by a freshly created account on discord, 10 days old or so. The person first lightly asked for help in solving challenges,...
Timing
LOCAL FILE INCLUSION LFI can be found here: http://10.10.11.135/image.php?img=/etc/passwd but we are met with "hacking attempt detected" on a blank page. We can bypass the issue with the php wrapper php://filter as follows: http://10.10.11.135/image.php?img=php://filter/convert.base64-encode/resource=/etc/passwd decode results as base64 and find home path for the user ...
1337 up CTF
Transforming time into flags… As an OSINT challenge I started by checking the username @0pt1muspr1me on common social media platforms, and eventually found 0pt1muspr1me's Github profile. 2 repos there with a couple commits 0pt1muspr1me repository private repository Obviously that zip file is password protected, so I started by trying fcrackzip:...
Intelligence
Medium difficulty box - https://hackthebox.com Intelligence was a medium box I solved a few months ago. It’s also technically the first machine I decided to share a write-up for, because I really enjoyed solving it. RECON nmap -A 10.10.10.248 -Pn...