Introduction This is walkthrough for level0 of ROP Primer from vulnhub. ROP Primer This VM is meant as a small introduction to 32-bit return-oriented-programming on Linux. It contains three vulnerable binaries, that must be exploited using ROP. The machine is built and tested in VirtualBox 4.3.20. It’s an Ubuntu 32 bit VM, with ASLR disabled. Useful tools like gdb-peda are installed. A description of the levels, including instructions, can be found on the webserver....

Challenge Description Difficulty : Medium Points : 250 Categoty : Web Walkthrough The black note application allows us to self register and save notes. After self registering and logging in, I noticed a cookie named notes. Inspecting it revealed that it is Base 64 encoded JSON data for the notes which are displayed in the page. Since we know that the backend is Node.JS and the cookie is actaully getting deserialized, it obviously a JSON deserialisation vulnerability via the notes cookie....

Challenge Description Difficulty : Hard Points : 400 Categoty : Web Source Code File and directory structure of given source code. index.js const express = require("express"); const cookieParser = require("cookie-parser"); const sessions = require('express-session'); const body_parser = require("body-parser"); const multer = require('multer') const crypto = require("crypto") const path = require("path"); const fs = require("fs"); const utils = require("./utils"); const app = express(); app.set('view engine', 'ejs'); app....

Challenge Description Difficulty : Medium Points : 250 Categoty : DFIR Walkthrough We are given with a memory dump and we are asked to recover a password from the memory dump. I used Volatility to analyse the memory dump. First step was to find more information about the memory dump. vol.py -f mem.raw imageinfo Find list of running processes. vol.py -f mem.raw --profile=Win7SP1x64 pslist vol....

Challenge Description Difficulty : Medium Points : 250 Categoty : Web Walkthrough The Meme Generator website allows you generate a Meme by seaching a term on any one of the 3 below search engines. Google DuckDuckGo Search Encrypt When searching on any of the search engines, the search URL would look like this. # Google https://google.com/?q=<MEME_SEARCH_TERM> # DuckDuckGo https://DuckDuckGo.com/?q=<MEME_SEARCH_TERM> # Search Encrypt https://searchencrypt.com/?q=<MEME_SEARCH_TERM> # General Format https://<SEARCH_ENGINE>....

Challenge Description Difficulty : Easy Points : 150 Categoty : Web Walkthrough The page source had a comment with details of an endpoint which reveals the PHP source code. Accessing the /?source= endpoint shows the following source code. <?php //Show Page code source if (isset($_GET["source"])) { highlight_file(FILE); } // Juicy PHP Part $flag = getenv("FLAG"); if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_POST["email"]) && isset($_POST["pass"])) { if ($_POST["email"] === "admin@naruto....

Challenge Description Difficulty : Easy Points : 150 Categoty : Web Walkthrough The challenge home page shows a list of songs and allows the user to search for songs. Checking the robots.txt files reveals a new directory location /superhiddenadminpanel/. Accessing the new location shows a page where it asks for admin password. When searching for songs in the home page, it showed a message that the search query should be atleast 5 characters long....

Update (12/May/2022) : I reported below observations to the PyScript team and they have confirmed that these are expected behavior. Since the emscripten filesystem is in the user’s browser memory itself, no harm in being able to list files, access files or write to arbitrary locations. Refer this issue. Introduction Vulnerabilities I found in PyScript. Vulnerability 1: File System Browsing Using the glob module which is part of Python Standard Library, the Emscripten filesystem can be browsed....

What is PyScript ? PyScript is a Pythonic alternative to Scratch, JSFiddle, and other “easy to use” programming frameworks, with the goal of making the web a friendly, hackable place where anyone can author interesting and interactive applications. Reference: PyScript Git Repo Note: Only modules in Python Standard Library are available. PyScript Hello World <html> <head> <link rel="stylesheet" href="https://pyscript.net/alpha/pyscript.css" /> <script defer src="https://pyscript.net/alpha/pyscript.js"></script> </head> <body> <py-script> print('Hello, World!') </py-script> </body> </html> Reference: PyScript Hello World...

Introduction The GRC section in our organisation wanted to run a ransomware simulation targeting organisation employees. Just like any other corporate environment, most of the employees will be using either Windows or MacOS machines to do their job. We had to target both Windows and MacOS users during the activity. Since windows operating systems is so widespread and most of the ransomware campaigns are targetted at windows users, we dont hear much about MacOS being targetted by ransomwares....