Home
BitisGabonica
Cancel

Ret2win writeup

Disclaimer I am in no way a binary exploitation guru. In fact, I only very recently started doing binary exploitation. Therefore, if you find any incorrect information or errors, please feel free t...

Ambassador writeup

Summary This box focuses on primarily on enumeration, as well as finding publically available exploits. First, a publicly known exploit in Grafana to achieve arbitrary file read. This must then be ...

Artifacts of dangerous Sightings writeup

Description Pandora has been using her computer to uncover the secrets of the elusive relic. She has been relentlessly scouring through all the reports of its sightings. However, upon returning fro...

DroidComp writeup

Summary This challenge focuses on reverse engineering an APK that uses a function with a vulnerable webView object. We can use this object and the JavascriptInterface bound to it to execute one spe...

Tar and Feathers - FE-CTF 2022 writeup

Summary This challenge revolves around extracting a bunch of layers from a tar archive, and then rearranging those layers into other files. In short, someone at FE got creative with their use of ta...

Noter writeup

Summary This medium box was quite tricky, especially the root step, which took a while to figure out. The box focuses on exploiting a flask web application, alongside enumeration an ftp service hos...

Shared writeup

Summary Foothold We start out by doing an nmap port scan: Starting Nmap 7.92 ( https://nmap.org ) at 2022-08-14 15:25 CEST Nmap scan report for 10.129.44.47 Host is up (0.024s latency). Not shown...

Faculty writeup

Summary Foothold We start out by doing an nmap port scan: ┌──(bitis㉿workstation)-[~/Downloads] └─$ nmap -sC -sV 10.129.227.208 Starting Nmap 7.92 ( https://nmap.org ) at 2022-08-08 20:15 CEST Nma...

RedPanda writeup

Summary This was actually a pretty tricky box. It starts out with thymeleaf template injection, and ends with a slightly complicated XXE attack to gain root access. Let’s take a look! Foothold We ...

Unicode writeup

Summary This box focuses on exploiting an authentication system using a jwt with an insecure jku parameter. After this, we can do unicode normalization to gain lfi, which will allow us to get a pas...