PwnDiary

Everything about security

Tag

web

[Angstrom CTF 2018] File Storer Write-up (Web160)

My friend made a file storage website that he says is super secure. Can you prove him wrong and get the admin password? After we sign up and login, the website allows us to upload files from URLs. At first,… Continue Reading →

[Angstrom CTF 2018] The Best Website Write-up (Web230)

I have created what I believe to be the best website ever. Or maybe it’s just really boring. I don’t know. After checking the source code of the page, I noticed the following comment:

Then, I decided to check… Continue Reading →

[Angstrom CTF 2018] MadLibs Write-up (Web120)

When Ian was a kid, he loved to play goofy Madlibs all day long. Now, he’s decided to write his own website to generate them! When we checked the website, we see that we are expected to choose either┬áThe Tale… Continue Reading →

[Angstrom CTF 2018] Md5 Write-up (Web140)

defund’s a true MD5 fan, and he has a site to prove it. The website says that we need to give two different strings whose md5 hashes after prepended by the server’s secret salt are the same. It also shares… Continue Reading →

[XIOMARA CTF 2018] Flag Locker Write-up (Web200)

We keep the flag secure. Secure!?. http://103.5.112.91:1234 Let’s check the website first.

We have two links. Let’s check both.

It looks we have Local File Inclusion (LFI) here. Let’s try to retrieve the source files for these two… Continue Reading →

[XIOMARA CTF 2018] Flag Generator Software Write-up (Web100)

xiomara doesn’t generate flag anymore. Can you get one? http://103.5.112.91:5000/ Let’s see what’s on the page.

So, we have a subscription form which posts our email to the email.php for newsletter subscription. Let’s submit an email address to see… Continue Reading →

Copyright © 2019 PwnDiary