Home

LIT CTF 2021

LIT CTF 2021 Here, you can find write-ups of few interesting challenges from my solves in LIT CTF 2021. You can find and learn the below mentioned techniques: SQL injection with WAF bypass RCE using python pickle desirialisation, bypassing the input(dictionary) validation Abusing the funtionality of a Web-Socket Server LIT BUGS Sou...

Read more

Notes

Challenge Description TL;DR The application has a funtionality to store notes Each note has two sections, a body and a tag The body is the text section of note and tag can be public or private The challange invovled exploiting a stored XSS vulnerability in the tag parameter But the payload is constrained to 10 charachters As we c...

Read more

Cool

Challenge Description TL;DR The application allows users to register. The register funtionality is vulnerable to SQL injection. In this case, SQLi is inside the INSERT statement. Retriving data is non-trivial and time consuming using this type of SQLi The goal is to retrive the admin’s password. And we get the flag Looking in...

Read more

Git Good

Challenge Description TL;DR Initial recon leads to robots.txt on the website with a /admin.html and /.git/ paths The /.git path was not accessible directly, as the directory listing was not enabled But checking any standard file like /.git/config would give a clue that version control repository was hosted in production So with help...

Read more

GETS Request

Challenge Description Disclaimer I did not solve the challenge in time. I found the solution on discord, later. This write-up helps you understand the detailed solution. TL;DR The website is intented to calculate the no. of primes under the given number. It takes the user provided number as a get-parameter - n Length of...

Read more

Apollo 1337

Challenge Description TL;DR The website’s interface seems to be down. While investigating the network, website uses an API with the path /api/status?verbose= Setting parameter verbose to any value, unlocks other API paths Investigating the responses and crafting a right request would launch the rocket Finally, the crafted request, ...

Read more