Collaborate Disseminate
I train on vulnerable boxes and during my recon phase, I use nmap to collect info on open ports.
I use the command nmap -sS [IP|URL] and no matter the machine, I get the result that port 554 – RTSP open.
But my mate used the same command a… Continue reading Why when i nmap scan a machine i get the port 554 (RTSP) open?
At even vaguely infosec-related conferences, CTFs are a staple. For KernelCon 2021, [Tyler Rosonke] resolved to create a challenge breaking the traditions, entertaining and teaching people in a different way, …read more Continue reading Spaceship Repair CTF Covers Hardware Hacker Essentials
The following code demonstrates the source code of this challenge and basically, I need to send a post request with arbitrary code to execute on the server. However, after multiple attempts Im unable to run any bash with the http request? … Continue reading How to perform php post request attack with javascript sanitization?
I was working on a CTF practice qn by picoCTF called ‘Transformation’ which relies on Reverse Engineering
”.join([chr((ord(flag[i]) << 8) + ord(flag[i + 1])) for i in range(0, len(flag), 2)])
We are tasked to decrypt a file with ran… Continue reading Understanding code PicoCTF-Transformation [closed]
I know the ways to use python or a file to pass to a c binary file when running it but my question is different.
Asking this for a CTF challenge.
I have a binary file that:
produces an address in hex format as an output (each time the add… Continue reading How to pass a hex input to the binary from the command line?
I’m relatively new to the CTF scene and I’m stuck on this one. I need to get access to a file named "top_secret" and the only helpful info I got was:
15.12.1993: BUG: all changes are only temporary … will fix this after x-mas
… Continue reading How to create Filenames with hash collisions? [closed]
[As part of a ctf] I am trying to exploit a remote server through a tcp connection. The server is using snprintf() and provides user input as the formatting string. My goal is to dump the stack. Determine the address on the stack of a vari… Continue reading C – Remote string format attack exploit – %n Does not seem to write anything on the stack
[As part of a ctf] I am trying to exploit a remote server through a tcp connection. The server is using snprintf() and provides user input as the formatting string. My goal is to dump the stack. Determine the address on the stack of a vari… Continue reading C – Remote string format attack exploit – %n Does not seem to write anything on the stack
I was trying to solve the picoCTF challenge filtered-shellcode.
I started by trying to get the base-address of the libc library and executing system or execve. Important to note is that you can only use 2 Byte assembler commands, since the… Continue reading ROP-Attack on picoCTF challenge
I have a CTF machine. I can see the port 8009 and 80 open. From that I found pretty quickly the Ghostcat exploit.
I then listed the folder of the machine and I got :
then I followed this article
I created the file 48143.py and pasted the … Continue reading Ghostcat exploit, how to use it?