Redlike (Redis PrivEsc) Hacktivitycon 2021 Writeup [Alternate Approach]

Redlike (Redis PrivEsc) Hacktivitycon 2021 Writeup [Alternate Approach]
After I read write-ups by other hackers of this challenge, I found out that most of them solved it with adding SSH keys, and I did it by installing redis module, so here is my approach. As we start the challenge we get ssh login to start with, in privilege escalation just like everyone else I started with linpeas.sh after analysing the results of linpeas I realised soon there is nothing much in this box other than redis.
Read more →

Go Blogs Hacktivitycon 2021 Writeup [Golang SSTI]

Go Blogs Hacktivitycon 2021 Writeup [Golang SSTI]
This was my first ever jeopardy style CTF and for most my team mates as well, I was kind of lost after seeing so many challenges then I saw this tweet from John Hammond and I took it as a challenge to solve it. So I started the challenge with the basic enumeration, directory fuzzing. It was a simple blog writing application made in golang, After registering an account and logging in you’ll be greeted with this home page, and functionalities to add new post and edit username in profile page.
Read more →

CCC H1-CTF WRITE-UP

This write-up is co-written by me @Dexter0us and @mass0ma. We were one of the winners of the CTF and won a $100 reward from hacker101. The CTF was quite challenging and fun to play. We hope you can enjoy and gain something from this write-up. You can follow us of Twitter @Dexter0us, @mass0ma and hang out with us on Discord Hack The Planet Bounty Hunters if you like :). We started the CTF with the basic endpoint enumeration.
Read more →