https://blog.zars.me/tags/web/Recent content in Web on Tyler's BlogHugoen-us© AthulSat, 17 Jun 2023 12:13:32 +0530https://blog.zars.me/posts/nahamctf2023/Sat, 17 Jun 2023 12:13:32 +0530https://blog.zars.me/posts/nahamctf2023/I keep having busy weekends and I wish I had a touch more time to grind out the challenges I had left for this CTF. Awesome challenges by the authors! Thanks for the fun CTF nahamsec team! Glasses 50 points - Warmups - 955 Solves - easy Author: @JohnHammond#6971 Everything is blurry, I think I need glasses! We can’t inspect element with a mouseclick. No worries, just use the keyboard shortcut (or on Mac the menu still pops).https://blog.zars.me/posts/deadsecctf-2023/Mon, 22 May 2023 12:13:32 +0530https://blog.zars.me/posts/deadsecctf-2023/Dont’ hack my website My Attempt echo & head both work with no spaces, id, whoami Running df will show us Filesystem 1K-blocks Used Available Use% Mounted on overlay 98831908 6164312 92651212 7% / /dev/sda1 98831908 6164312 92651212 7% /flag.txt none 4096 0 4096 0% /tmp none 4096 0 4096 0% /run Anything containing flag.txt won’t work. head${IFS}&&${IFS}pwd /app head${IFS}&&${IFS}a=fl&&${IFS}b=ag&&${IFS}c=.t&&${IFS}d=xt a=fl${IFS}b=ag${IFS}c=.t${IFS}d=xt${IFS}&&${IFS}echo${IFS}$a$b$c$d fl b=ag c=.t d=xt a=fl${IFS}ag${IFS}.t${IFS}xt${IFS}&&${IFS}echo${IFS}$a$b$c$d fl ag .t xt Somehow strip out the whitespace?https://blog.zars.me/posts/heroctfv5/Mon, 15 May 2023 12:13:32 +0530https://blog.zars.me/posts/heroctfv5/Overview HeroCTF was my first solo team attempt at CTF’ing. It was a blast and huge props to the authors of the challenges. I had fun solving all the ones I did and had plenty of time to experiment with the ones I couldn’t. The CTF was hosted here: link. I’ll break down my solves below in no particular order. dev.corp 1/4 The famous company dev.corp was hack last week.. They don't understand because they have followed the security standards to avoid this kind of situation.