secure-notekeeper Writeup
Exploiting prototype pollution to execute arbitrary commands. Challenge Description The challenge involves a web application that allows us to add objects to a database. Our goal is to exploit ...
Exploiting prototype pollution to execute arbitrary commands. Challenge Description The challenge involves a web application that allows us to add objects to a database. Our goal is to exploit ...
Analyze a 32-bit binary in IDA and find a QR code from the graph view. Challenge Description The challenge involves a binary that prints an ASCII cat. Our goal is to reverse engineer the binary...
Bruteforce timestamps to find the correct ticket hash and retrieve the flag. Challenge Description Accessing the website, we have a simple ticket system. We can input a name and message and sub...
Hidden path that executes input as Rust code. Challenge Description The challenge involves a web application that is in “maintenance” mode. However, there is a hidden path that allows us to exe...
Reverse-engineer a React Native APK, decrypt the admin password from the decompiled JavaScript code, and access a Firebase database to retrieve the flag. Challenge Description In this challenge...
Exploiting CVE-2019-5418 Challenge Description The challenge name was “rubies” and we had an image with a ruby. The website title, when base64 decoded, was “rails”. Clicking on the image brough...
Unintended solution: answer leak in file name. Challenge Description Accessing the URL given by the challenge, we are greeted with a fingerprint and are prompted to determine if it’s a male or ...
A relatively simple ret2libc. Challenge Description Upon opening the challenge in Ghidra, we had a simple gets() and a puts() with user input. The goal was to leak the libc address and then use...