Have you ever wondered what a supply-chain attack in the NodeJS ecosystem could look like? In this blog post, we’ll explore a CTF challenge I created to demonstrate a supply-chain attack in the NodeJS ecosystem. The challenge was originally released as “Prison Pipeline” at the Business CTF 2024, hosted by Hack The Box.
In preparation for the HTB University CTF 2021 Finals, my colleagues and I at Hack The Box discovered a Remote Code Execution vulnerability in the Node.js templating engine ‘Eta’. The vulnerability was reported via Snyk and assigned CVE-2022-25967. This blog post covers a short technical write-up of this vulnerability.
This blog post will cover the creator’s perspective, challenge motives, and the write-up of the web challenge Spell Orsterra from UNI CTF 2022. The challenge portrays a fictional application with a heavy tech stack and involves exploiting Nginx UNIX socket injection, queued message handling deserialization, and custom POP chain to export PHP backdoor with PHP-GD image compression bypass.
This blog post will cover the creator’s perspective, challenge motives, and the write-up of the web challenge Felonious Forums from Business CTF 2022. The challenge portrays a functional forums application and involves exploiting a self XSS and chaining it with Cache Poisoning for a client-side attack to steal session cookies.
This blog post will cover the creator’s perspective, challenge motives, and the write-up of the web challenge Phishtale from Business CTF 2022. The challenge involves exploiting an HTTP/2 Request Smuggling vulnerability and bypassing Twig Sandbox Policy for Server-Side Template Injection to gain RCE.
In this write-up, we’ll go over the web challenge Red Island, rated as medium difficulty in the Cyber Apocalypse CTF 2022. The solution requires exploiting a Server-Side Request Forgery (SSRF) vulnerability to perform Redis Lua sandbox escape RCE (CVE-2022-0543) with Gopher protocol.
In this write-up, we’ll go over the web challenge Acnologia Portal, rated as medium difficulty in the CyberApocalypse CTF 2022. The solution requires exploiting a blind-XSS vulnerability and performing CSRF to upload a zip file for arbitrary file injection, crafting Flask-Session cookie for deserialization to get remote code execution.
In this writeup, we’ll go over the web challenge Mutation Lab, rated as medium difficulty in the CyberApocalypse CTF 2022. The solution requires exploiting a local file read vulnerability to steal the cookie signing key and crafting a session cookie for the admin.
In this write-up, we’ll go over the solution for the challenge SteamCoin that requires the exploitation of multiple server-side and client-side vulnerabilities. The solution involves a JWT authentication bypass through JKU claim misuse using unrestricted file upload, HTTP request smuggling for ACL bypass, and XSS to CSRF on an automated UI testing service to exfiltrate the flag from CouchDB.
We participated in the 5 days long Cyber Apocalypse CTF 21 hosted by HackTheBox and secured 94th place against 4740 teams comprised of 9900 players! I had final exams during this event but it’s the first public CTF of HackTheBox! How could I resist?
A few days ago I earned my OSWE certification and naturally, this calls for a write-up that many asked me to do! Without reiterating the same things and suggestions written better in some of the guides I read before my exam, I will link those in this post and only add some pointers that I think will be helpful. It never hurts with one extra write-up as you get another angle on the same thing and you may resonate better with the person’s thinking!
Recently I have come across several CTF challenges on SQL injection over WebSocket. So I decided to build a vulnerable WebSocket web app for others to practice blind SQL injection over WebSocket. I spent a day building this on NodeJS from scratch which helped me better understand WebSocket implementations. I’ll also share a nifty trick to perform SQL injection over WebSocket with SQLMap using an approach similar to tamper scripts.
Two days ago, I collaborated with few students like myself from “The infinity bytes” and participated in the first National Cyber Drill 2020 organized by the Bangladesh Government’s e-Government Computer Incident Response Team (BGD e-GOV CIRT) and secured 2nd place against 234 teams.
About a month ago, I passed my OSCP certification exam! From winning the OSCP course voucher from a CTF competition to attempting and passing the exam on the first try, I shared my crazy journey via this medium post to inspire more youngsters like me!
Hey there! This post is for the folks who want to take on the OSCP exam. Some of the experiences I am sharing here might help you answer some of the questions you might have! If you want to read my OSCP journey, please have a read at this post! Here I’ll be discussing some of the common issues you might face during the exam, share some of my resources, and tips for someone just starting this journey!
In the qualifiers round of Defcon RedTeam Village CTF, there were 10 Jeopardy-style challenges in the Tunneler section where we had to pivot from one host to another. I was able to solve 7 of them and here’s how I did it.
In the qualifiers round of Defcon RedTeam Village CTF, there were 8 Jeopardy-style challenges in the Programming section. The highest point was in the “TPS Report System - 2” challenge which only unlocked after solving the first one and had very few solves.
ctf write-up web HTB rce scripting CA-CTF nodejs deserialization certifications business-ctf blind-xss uni-ctf ssti ssrf sqli request-smuggling remote-code-execution redteamvillage redteam redis oscp lfr forensic express defcon csrf cookie-forgery zip-slip ysoserial xss xpath-injection websocket web-300 verdaccio unix-socket-injection templating-engine supply-chain-attack steghide sqlmap socks4a snyk self-xss saleae py-jail proxychains prototype-pollution pop-chain pickle-deserialization php-messenger php-gd oswe-prep oswe olevba npm-registry npm node-libcurl nginx misc meterpreter maldoc lfi jwt idat-chunks http2 hardware gopher flask-session eta docker directory-traversal cyberdrill cve-2022-25967 cve-2022-23614 cve-2022-0543 cve-2021-40346 cve-2021-36740 cve-2021-23631 cve-2017-7494 csp-bypass cookie-session cache-poisoning buffer-overflow awae autopsy asti