Everything about security



[noxCTF 2018] HiddenDOM Write-up (Web670)

I decided to create a tool that searches for hidden elements inside a web pages. Few days ago someone told me that my website is not so /secure/… Can you check it yourself ? The website says that it… Continue Reading →

[Angstrom CTF 2018] File Storer Write-up (Web160)

My friend made a file storage website that he says is super secure. Can you prove him wrong and get the admin password? After we sign up and login, the website allows us to upload files from URLs. At first,… Continue Reading →

[Angstrom CTF 2018] The Best Website Write-up (Web230)

I have created what I believe to be the best website ever. Or maybe it’s just really boring. I don’t know. After checking the source code of the page, I noticed the following comment:

Then, I decided to check… Continue Reading →

[Angstrom CTF 2018] MadLibs Write-up (Web120)

When Ian was a kid, he loved to play goofy Madlibs all day long. Now, he’s decided to write his own website to generate them! When we checked the website, we see that we are expected to choose either┬áThe Tale… Continue Reading →

[Angstrom CTF 2018] Md5 Write-up (Web140)

defund’s a true MD5 fan, and he has a site to prove it. The website says that we need to give two different strings whose md5 hashes after prepended by the server’s secret salt are the same. It also shares… Continue Reading →

[XIOMARA CTF 2018] Flag Locker Write-up (Web200)

We keep the flag secure. Secure!?. Let’s check the website first.

We have two links. Let’s check both.

It looks we have Local File Inclusion (LFI) here. Let’s try to retrieve the source files for these two… Continue Reading →

Copyright © 2020 PwnDiary