Rabbit

MaxPassManager was a challenge from Web category. The web app was a password manager.

Vulnerability

MaxPassManager’s api endpoint /api/passwords/{uid} was prone to IDOR. The code of the web app was downloadable through the challenge. The migrate script creates the following users with the following UIDs:

After requesting the password for UID…

--

--

DeLorean Clock was a web challenge in the Siemens Future Minds CTF. It had the following description:

Solving the challenge

The vulnerable code is in util.py. As you can see in the following screenshot, it creates a command (line 8) which gets run afterwards (line 9).

--

--

Cupcake Magdalena was a challenge during Siemens’ Future Minds CTF. It was in the Web category and had the following description:

Solving the challenge

The challenge presented a web page with a functionality to submit a review. After submitting the review an admin is going to look at the review. So I have…

--

--

The Wide challenge was in Reversing category and has the following description:

The challenge had a downloadable part, which contains an executable and a data file. In order to execute the executable you have to provide a path to the data file on the command line:

./wide db.ex

Decompiling

After decompilation…

--

--

This article contains two challenges, as both of them were pretty fast to do challenges.

Space Pirate: Entrypoint

Entrypoint is a Pwn challenge with the following description:

After starting the challenge you have to connect to the challenge via Netcat. After connecting it shows a menu to insert a password. I have choosen the second options and then inserted the password “test”. I have done that just to tamper around with the challenge. Somehow I received the flag, without even doing much :D

--

--

--

--

Rabbit

Rabbit

Passionate about Cyber Security. I am publishing CTF writeups and Cybersecurity content!