Home

Whoami ┌─[koimet@parrot]─[~] └──╼ $whoami koimet - captain fr334aks SSRF What is SSRF a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing. ~portswigger a Web security that lets attackers send requests from t...

Howdy, We recently participated in DawgCTF 2021 and we got 41st from 595 teams that got 5 points and above, here are some of my writeups and those of some of my teammates. Enjoy Crypto Really Secure Algorithm Points : 150 Challenge Description I like my e’s like I like my trucks: big and obnoxious Author: trashcanna reallysecure Solutio...

Howdy, we recently took part in HeroCTF V3 and we settled for #68 from 645 teams here are some of my writeups Forensics We need you 1/5 Category Forensics Description Interpol and the FBI have been investigating for over a year now. They are trying to get their hands on two hackers very well known for their ransomware and their ultra effic...

Foreword Took some time to solve this challenge,learnt alot in the process. hope you also grab something new from it :) Challenge Solution visiting the link provided http://web.ctf.ae:8812/ - will be offline soon XD we are met with this friendly page filling the form and clicking on submit we are met with this response so far we...

Challenge Solution we are also given the source file here which had the following and the challenge the two python scripts as follows from flask import Flask, request, render_template from urllib.parse import unquote from bot import visit_report app = Flask(__name__) @app.route("/") def index(): return render_template("index.ht...

we settled for #43 from 484 teams Misc more writeups from Mystik0ri0n here John’s Return Description you can get the challenge file here received.pcapng Solution summary : WPA traffic decrypting Here we have a pcapng file wirh 802.11 radiotap (wireless) traffic dump,seems it’s encrypted …. but wait it’s a .pcapng file which air...

Web Writeups Hello there we (fr334aks) took part in hackpack CTF 2021 and ended up solving all the available Web challenges, here are our writeups for them. “N”ot “G”am”I”ng a”N”ymore in “X”mas Challenge Solution tried a random name as password and used the network tab in dev options to inspect the requests found a post request with ...

SSRF Hello there,below is a list of most common SSRF payloads and open-redirect bypasses SSRF & Open Redirect Bypass With [::], abuses IPV6 http://[::]/ http://0000::1/ http://0000::1:80/ http://0000::1:25/ SMTP http://0000::1:22/ SSH http://0000::1:3128/Squid With domain redirection, useful when all IP addresses are blackli...