Search posts

WebSQL InjectionXSSEncoding

Intigriti July XSS Challenge (0722)

A Cross-Site Scripting challenge where you need to do 2 nested SQL Injections to finally place your payload, and bypass CSP using googleapis.com

MobileReversingCryptoScripting +150 points

Unlock Train Data

Reverse Engineer an APK to find the Java code that encrypts the flag. Find the vulnerability in the encryption algorithm to brute-force the key

MobileReversingEncodingMiscellaneous +150 points

Pizza Pazzi

A medium Mobile reversing challenge for which I had an unintended solution to find 3/4 flags. It's a funny trick and I'm sure this can be used to solve some other challenges

ForensicsMiscellaneousCrypto +225 points

Stop the Heist

A medium 3 part challenge, finding traces of an attack. Explore a Windows filesystem and network capture to find every step and flags along the way

WebCrypto +200 points

Recover Pet Data

A medium web challenge with JSON Web Tokens for authentication. Upload your own public key to the server to verify tokens with your own keypair to forge JWTs

WebXSSFilter Bypass

Intigriti May XSS Challenge (0522)

A Prototype Pollution challenge with a CVE in a jQuery plugin. Bypass a filter by setting our own options to get XSS

WebReversingEncoding +150 points

Identicon

Generate an icon from a password. Reverse the algorithm of an open source library to find a correct password and bypass the check

CryptoScriptingReversing +150 points

Watering System

A 3 part cryptography challenge with brute-forcing, XOR and reversing an encryption algorithm. Learn a lot of different crypto techniques in one challenge

WebFilter BypassRCE +321 points

File Upload (Training Mission)

A web challenge in the Training Mission, where we first bypass a login, and then upload a shell using some .htaccess tricks

ReversingScriptingCrypto +392 points

Babyrev

Reverse engineer a Linux binary and find the encrypted password. Use Ghidra to decompile the code and decrypt the password in a Python script

MobileReversingWeb +402 points

OTP Vault

An Android application with an OTP code. Reverse engineer the React Native APK to find a flag endpoint on a webserver

ScriptingMiscellaneous +383 points

LOLD

A Python Scripting challenge with an esoteric programming language called LOLPython. Write LOLPython code to execute commands on the remote server. Includes LOLD, LOLD2 and LOLD3

WebXSS +473 points

Two For One

A Hard challenge in the Web category with 2 Factor Authentication. Use a Blind XSS to reset the administrator 2FA and password and read the secret flag

HardwareReversingEncoding +368 points

Dweeno

A hardware challenge with Arduino and a circuit. Reverse engineer the circuit with the output to get back the flag

WebScriptingSQL Injection +168 points

Flaskmetal Alchemist

A web challenge made in Python with Flask and SQLAlchemy. Research to find a CVE and exploit the boolean SQL Injection vulnerability

RCEFilter BypassScripting

Getting RCE on a Brute Forcing Assignment

The story and walkthrough of how I got Remote Code Execution on a school assignment meant to teach Brute Forcing

Reversing

Introduction to Reverse Engineering (with Ghidra)

A very basic introduction to Reverse Engineering using Ghidra. Contains looking at strings, decompiling to C code, and patching instructions.

CryptoScripting +325 points

Warehouse Maintenance

Forge your own SHA512 signature using a length extension attack to execute signed SQL queries and get the flag.

CryptoScripting +325 points

Meet me halfway

Double AES ECB encryption. Use a cryptographic trick to brute force 2 keys separately and decrypt the flag.

ForensicsMiscellaneous +300 points

Honeypot

A memory dump that needs to be analyzed to find traces of a malware attack

CryptoReversing +325 points

Intercept

A packet capture file with encrypted data, and reverse the assembly instructions to decrypt the data

WebXSS

Intigriti October XSS Challenge (1021)

An XSS challenge by Intigriti where you manipulate the DOM to fix JavaScript syntax and execute your code

CryptoScripting

7 - ReadySetAction

A simple crypto challenge where you need to find a trick to decrypt the RSA-like algorithm. Learn about simple cryptography, math and gmpy2 in Python

CryptoScriptingMiscellaneous

5 - Twisted robot

A challenge that generates random numbers and encrypts a secret. Using RandCrack the random seed can be cracked and the secret decrypted

ReversingScripting

4 - Electronics Research Lab

A challenge with some C code, used in a hardware device. learn about reversing the code and looking up documentation of functions to see what it does

WebScripting

3 - High Speed Chase

Create an algorithm to guide a car through traffic in JavaScript. Learn about creating your own algorithms, and coding in JavaScript

WebReversing

1 - CCTV

First challenge. Learn about reversing JavaScript code and creating a password the passes a condition

MiscellaneousScriptingFilter Bypass +300 points

Build yourself in

The extraterrestrials have upgraded their authentication system and now only them are able to pass. Did you manage to learn their language well enough in order to bypass the the authorization check?

WebLFIRCE +300 points

Extortion

Use a Local File Inclusion vulnerability in PHP to get Remote Code Execution by poisoning the session cookie

WebScripting +300 points

E.Tree

Using Boolean XPATH Injection to slowly exfiltrate hidden data