Vulnerability anaylsis and PoC Development for CVE-2024-42471 Introduction Zip it, unzip it — and boom, you’ve got unintended file writes on your hands. In this post, we dive into a directory tra...

Vulnerability anaylsis and PoC Development for CVE-2024-12905 Introduction The tar-fs npm package is commonly used in JavaScript projects to pack and extract .tar archive files. However, a critica...

Binary Exploitation - Quack Quack Difficulty: Very Easy Overview: Basic file checks The challenge begins with a zip file that we download from the HTB website. Here’s a breakdown of its contents:...

How I Discovered Vulnerabilities in Simple Online Planning v1.53.00 Introduction Ever come across an old vulnerability and wonder, “What else could be lurking in there?” That’s exactly what happe...

Binary Exploitation - Bad Grades Difficulty: Easy Overview: This challenge presents a classic binary exploitation scenario centered on a buffer overflow vulnerability due to an out-of-bounds write...

CDNio - HackTheBox To be released soon

Etceterad - echoCTF Information Gathering And Enumeration Let’s us first start off by firing up nmap to discover open ports and running services on our target. mcsam@0x32:~/$ sudo nmap -vvv 10.0...

BattleCTF 2024 Hi there, i participated in the battleCTF2024 under the name sigsegv. Here are the challenges i solved: Misc Rules Upon joining the discord server and nagivating to the #announcem...

Syswatch - brCTF Information Gathering And Enumeration Let’s us first start off by firing up our network mapper (nmap) to discover open ports and running services on our target. nmap -sC -sV -oN ...

Flawed - brCTF Information Gathering/Reconnaissance As is customary, we initiate our preferred network scanning tool, Nmap, to conduct initial reconnaissance. Our scan reveals that port 80, which ...