HTB CBBH Experience Sharing Finally, I’ve got my CBBH certification from HackTheBox on last friday! This certification is totally underrated! It’s content is well-organized & comprehensive. I would say that this is really a good start if you’re interested in offensive web security. It’s a unforgettable experience, and here are some tips for those who also want to join the CBBH gang! 📚 Go through the content twice There’s really A LOT in the whole CBBH content, from different attack approach ...

Why this? Why? Just since it makes my terminal looks prettier and easier to understand. It devides every command into a BLOCK so that I can easily get to the point. How it looks like? The gray line in the graph is how it looks like. You can change the color later in your setup. Setup function print_separator() { local cols=$(tput cols) local color="\033[38;2;68;71;90m" # RGB(68, 71, 90), you can change the color here local reset="\033[0m" printf "\n" printf ...

0x00 Challenge Info Obviously, it’s an LFI vuln. The web application can read the local file to response the different page. 0x01 Reconnaissance We can found that the file can be read by such as page=file:///etc/passwd. 0x02 Exploit Use the file:///flag.txt to read the flag.txt in the root path. 0x03 Pwned

Prologue This is the first time I have won a place in a CTF contest. Following are the score board and my score over time. Web Ave Mujica After some recons, I found the web server is built by gunicorn, and the web looks like having a directory traversal to LFI vulnerability. After I go do some research, I tried some LFI wordlist and finally got the flag by reading the /proc/self/environ. The PoC is as follows. curl 'http://172.31.3.2:168/image?name=../../../../proc/self/environ' --output flag. ...

Easy Crack Open IDA and find the check password function (you can use a string to find it). I will put the decompiled function below. int __cdecl sub_401080(HWND hDlg) { CHAR String[97]; // [esp+4h] [ebp-64h] BYREF __int16 v3; // [esp+65h] [ebp-3h] char v4; // [esp+67h] [ebp-1h] memset(String, 0, sizeof(String)); v3 = 0; v4 = 0; GetDlgItemTextA(hDlg, 1000, String, 100); if ( String[1] != 'a' || strncmp(&String[2], Str2, 2u) || strcmp(&String[4], aR3v ...

0x00 Challenge Info A test! Getting onto the team is one thing, but you must prove your skills to be chosen to represent the best of the best. They have given you the classic - a restricted environment, devoid of functionality, and it is up to you to see what you can do. Can you break open the chest? Do you have what it takes to bring humanity from the brink? 0x01 Reconnaissance This challenge is a Python jail (Pyjail). Let’s check the challenge code first. banner = r""" .____ ...

Prologue Fermat’s Little Theorem is quite often seen in the CTF contests, so let’s dive in to this article to know more about it! Math is powerful! Required Knowledge a≡b(modk)⇔k∣(a−b)a\equiv{b}\pmod{k}\Leftrightarrow{k}\mid(a-b)a≡b(modk)⇔k∣(a−b) a≡b(modk)andc≡d(modk)⇔a+c≡b+c(modk)a\equiv{b}\pmod{k}\quad\text{and}\quad c\equiv{d}\pmod{k}\Leftrightarrow a+c\equiv b+c\pmod{k}a≡b(modk)andc≡d(modk)⇔a+c≡b+c(modk) a≡b(modk)andc≡d(modk)⇔ac≡bd(modk)a\equiv{b}\pmod{k}\quad\text{and}\quad c\equiv{d}\pmod ...