SQLi
-
Read more: Google CTF 2016 – Little Bobby applicationNote: For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation Download APK: https://lautarovculic.com/my_files/BobbyApplication_CTF.apk Install the apk with adb adb install -r BobbyApplication_CTF.apk We can see a login form. Let’s decompile the content with apktool. apktool d BobbyApplication_CTF.apk And let’s check the source code with jadx (GUI version)We can conclude that the package name is bobbytables.ctf.myapplication After create an user “asd” for…
-
Read more: Injured Android – Flag 1 to 13This CTF Mobile has taken from here:https://github.com/B3nac/InjuredAndroid I use a Genymotion Android device (API 29) for this challenge.For install and use the application, you must install an ARM Translator. I use the .zip file for Android 9.0, it’s work fine for the emulator. You can find the translator here:https://github.com/m9rco/Genymotion_ARM_Translation Flags First Steps There are so many flags in the application,…
-
Read more: Blazorized – Hack The Box – @lautarovculicUser.txt In first place, we need know what ports are open with nmap sudo nmap -sV -p- -Pn -vv -T4 10.129.81.51 Output: PORT STATE SERVICE REASON VERSION 53/tcp open domain syn-ack ttl 127 Simple DNS Plus 80/tcp open http syn-ack ttl 127 Microsoft IIS httpd 10.0 88/tcp open kerberos-sec syn-ack ttl 127 Microsoft Windows Kerberos…
-
Read more: Micro-CMS v2 – Hacker101 CTF – @lautarovculicDifficulty: Moderate Skills: Web Flags: 3 Flag 1/3 The /page/1 Say: This version fixed the multitude of security flaws and general functionality bugs that plagued v1. Additionally, we added user authentication; we’re still not sure why we didn’t think about that the first time, but hindsight is 20/20. By default, users need to be an…
-
Read more: Micro-CMS v1 – @lautarovculicFlags: 4 Difficulty: Easy Category: Web Flag 1/4 By taking a short tour through the application, we can view and edit a number of ready-made testing pages, and we can also create a page. On the first page we see that markdown is allowed, but script… no? Let’s try it. Press the save button and..…