Wednesday, November 8, 2023

Heap Attacks - Summary and Requirements

House of Spirit on Tcache Tested on libc 2.37 Requirements:   Able to perform a free() on any address you want, which allows you to put an a...
Wednesday, December 8, 2021

Hack The Box Cyber Santa CTF - Web Day 3 - Gadget Santa Writeup

Challenges Files - Local Docker Webserver:  web_gadget_santa.zip Exploit Techniques Used:  Linux Command Injection, PHP Whitespace Filter By...

Hack The Box Cyber Santa CTF - Web Day 2 - Toy Management Writeup

Challenge Files - Local Docker Webserver:   web_toy_management.zip Exploit Technique Used:   Time-Based Blind SQL Injection with sqlmap Deta...
Monday, December 6, 2021

Hack The Box Cyber Santa CTF - Web Day 1 - Toy Workshop Writeup

  Challenge Files - Local Docker Web Server:   web_toy_workshop.zip Exploit Technique Used:   XSS - Cross Site Scripting Details: When you s...

Hack The Box Cyber Santa CTF - Pwn Day 3 - Naught List Writeup

  Challenge Files:    pwn_naughty_list.zip     13320  2021-11-17 11:42   naughty_list   2030928  2021-11-17 11:42   libc.so.6 Exploitation T...
Sunday, December 5, 2021

Hack The Box Cyber Santa CTF - Pwn Day 2 - Sleigh Writeup

Exploitation Technique :  Inject 64-bit shellcode using a buffer overflow, then overwrite RIP to jump to the shellcode.  The binary leaks a ...
Saturday, December 4, 2021

Hack The Box Cyber Santa CTF - Web Day 4 - Elf Directory Writeup

  Technique Used:   Bypassing file upload restrictions by changing the magic bytes on the header of a PHP file to make it look like a PNG im...