Dev JumpCloud-Proxy JumpCloud is a Directory as a Service provider providing cloud native Directory service for cloud native companies. In a Red Team engagement or Pentest scenario, one may come across a API token which
CTF HTB x Uni CTF 2020 - Quals Write Up Gunship This challenge is an AST injection challenge. const path = require('path'); const express = require('express'); const handlebars = require('handlebars'); const { unflatten } = require('flat'); const router = express.Router(); router.get('/', (req,
CTF PeeHagePee PHP can be interesting. I recently came across an interesting web CTF challenge. It is unfortunate that I am not able to show the beautiful screen shots of the challenge. What I have
Dev GoFindGit Inspired by my previous adventures and my recent Go encounters, here is my attempt to start something. A git directory finder on web roots written in go. Still a work in progress... https:
Blog Protostar Exploit Practice I NEED TO LEARN SOMETHING NEW!!!!! And yes, I started to learn some C and assembly.. Which ultimately lead to the learning of software security. This started my interest to explore bufferoverflow, format
Blog Sersiously? I have recently disclosed a couple of websites with issues relating to exposed .env and exposed .git web resources. Theses websites belongs to reputable local companies. To make matters worse, one of it
Blog EY Hackathon (CTF Qualifiers) Writeup (2019) The qualifers was a team based pentesting CTF, and it requires the knowledge of Windows and Linux systems, enumeration, privilege escalation, and lateral movement. Targets: 10.10.110.3 (Domain Controller for catalyst.
Dev All your Git is Mine! Oh wait.. Env too? Git Expose Exposed .git repositories is not something new. In fact, it has been reported many many times. But the question remains... "Why does it still affect companies?" The goal of
Blog noxCTF 2018 - MyFileUploader write up A file upload web challenge during the recent noxCTF 2018. The following was presented: Uploading a file without extensions would give us this: It appears that the code checks for extensions .png .jpg
Blog A Telegram love story (Chat Bot) I have always been fascinated by how chat bots work! With the trend of the telegram phone app being popular among students, Chat Bots have become a new medium for application interaction. From
Blog OSCP Journey It starts with a "what if? What if I could achieve it?". According to many, OSCP is one of the hardest out there. No Metasploit, No automatic tools. Just plain old
Blog XOR? XOR!!!! Beginner (Python) I finally have the luxury of time to learn new things, in which I decided to beef up some of my cryptography knowledge. A basic cryptography category in which certain CTFs present is
Dev 4D Lottery Data Collecter DISCLAIMER: NO OFFENSIVE ACTIONS WERE DONE, CODES ARE PURELY FOR EDUCATION PURPOSE OF WHAT PYTHON CAN DO. Background Inspired by a friend who asked if it was possible to get historical data of
Blog Thoughts When I was first introduced to CTF, I know nothing about it. I was just a mere script kiddie. (skiddie? I think I still am one..) I was introduced to jeopardy style CTF
Blog First Post Hello readers. I go by the name Gladitor on CTFtime.org. I'm new to CTF, and this blog would be the place where I will documenting my adventures and personal write ups. My