Black Hat

Challenge Description Difficulty : Medium Points : 250 Categoty : Web Walkthrough The black note application allows us to self register and save notes. After self registering and logging in, I noticed a cookie named notes. Inspecting it revealed that it is Base 64 encoded JSON data for the notes which are displayed in the page. Since we know that the backend is Node.JS and the cookie is actaully getting deserialized, it obviously a JSON deserialisation vulnerability via the notes cookie....

Challenge Description Difficulty : Hard Points : 400 Categoty : Web Source Code File and directory structure of given source code. index.js const express = require("express"); const cookieParser = require("cookie-parser"); const sessions = require('express-session'); const body_parser = require("body-parser"); const multer = require('multer') const crypto = require("crypto") const path = require("path"); const fs = require("fs"); const utils = require("./utils"); const app = express(); app.set('view engine', 'ejs'); app....

Challenge Description Difficulty : Medium Points : 250 Categoty : DFIR Walkthrough We are given with a memory dump and we are asked to recover a password from the memory dump. I used Volatility to analyse the memory dump. First step was to find more information about the memory dump. vol.py -f mem.raw imageinfo Find list of running processes. vol.py -f mem.raw --profile=Win7SP1x64 pslist vol....

Challenge Description Difficulty : Medium Points : 250 Categoty : Web Walkthrough The Meme Generator website allows you generate a Meme by seaching a term on any one of the 3 below search engines. Google DuckDuckGo Search Encrypt When searching on any of the search engines, the search URL would look like this. # Google https://google.com/?q=<MEME_SEARCH_TERM> # DuckDuckGo https://DuckDuckGo.com/?q=<MEME_SEARCH_TERM> # Search Encrypt https://searchencrypt.com/?q=<MEME_SEARCH_TERM> # General Format https://<SEARCH_ENGINE>....

Challenge Description Difficulty : Easy Points : 150 Categoty : Web Walkthrough The page source had a comment with details of an endpoint which reveals the PHP source code. Accessing the /?source= endpoint shows the following source code. <?php //Show Page code source if (isset($_GET["source"])) { highlight_file(FILE); } // Juicy PHP Part $flag = getenv("FLAG"); if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_POST["email"]) && isset($_POST["pass"])) { if ($_POST["email"] === "admin@naruto....

Challenge Description Difficulty : Easy Points : 150 Categoty : Web Walkthrough The challenge home page shows a list of songs and allows the user to search for songs. Checking the robots.txt files reveals a new directory location /superhiddenadminpanel/. Accessing the new location shows a page where it asks for admin password. When searching for songs in the home page, it showed a message that the search query should be atleast 5 characters long....