Collaborate Disseminate
public native boolean aaa(String str, AssetManager assetManager);
static {
System.loadLibrary("app");
}
/* access modifiers changed from: protected */
public void onCreate(Bundle savedInstanceState) {
super.onCreate(sav… Continue reading I have a CTF challenge for an Android app, How I extract the flag [closed]
I’m currently working on a cyber wargame using LFI to get an RCE. However, there are not many readable files such as log files and environ. What attack should I try to read the flag? In the case of flag, it exists as an executable file wit… Continue reading Lfi to rce in PHP [closed]
I came across a CTF that i’m trying to solve, the goal is fairly simple: Bypass the authentication form and access the admin-restricted area. You can find the code snippet below.
Things to consider:
The CTF is a simulation and a demonstra… Continue reading PHP CTF: Vulnerabilities in PHP before 2007?
I am new to bufferoverflow and was told that this code can lead to a buffer overflow.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/sha.h>
#include <stdbool.h>
#include <unist… Continue reading Anyone can help with this buffer ovewrflow (ctf) question?
I’m new to CTF and security. I just attend a course about security and CTF. I’m asking one problem in our homework. The teacher just does not give any hints or any materials. I’m confused and don’t know what should I learn. Can you just gi… Continue reading a CTF problem: how to capture a flag from a php page
I am working on the following war game from Defend The Web, which requires me to do a source code review to login as the user memtash. The code is on GitLab here.
Here is my methodology:
Reset the password for user memtash which causes me… Continue reading Crashing the sha1() function in PHP?
I am working on the following war game from Defend The Web, which requires me to do a source code review to login as the user memtash. The code is on GitLab here.
Having inspected the source code during this code review, I find this line i… Continue reading How long would this take to bruteforce?
During one CTF I’ve encountered an interesting scenario. You have read access to files in one directory through a Flask server, but the names must match a regex to be displayed. You only have append privileges of some user on the machine. … Continue reading Linux privilege escalation only with append permission
I was trying to solve some recon badge problem from pentesterlab.com
But when I tried to transfer zone (using dig axfr), the website (hackycorp.com, z.hackycorp.com) says connection failed or time out.
And if I scan it with nmap, port 53 i… Continue reading How to zone transfer – (Pentester lab – problem in recon badge – port 53 filtered ) [closed]
I’ve actually tried asking this question in hack the box forum, but nothing has worked so far.
So when I connect to a vulnerable machine using a tunneled IP using OpenVPN, all I’m able to do to a box is scan it (which is working fine), irr… Continue reading Not able to view a webpage or connect to a service in a vulnerable machines connected using OpenVPN, only able to perform Nmap scans