Disclaimer I am in no way a binary exploitation guru. In fact, I only very recently started doing binary exploitation. Therefore, if you find any incorrect information or errors, please feel free t...

Summary This box focuses on primarily on enumeration, as well as finding publically available exploits. First, a publicly known exploit in Grafana to achieve arbitrary file read. This must then be ...

Description Pandora has been using her computer to uncover the secrets of the elusive relic. She has been relentlessly scouring through all the reports of its sightings. However, upon returning fro...

Summary This challenge focuses on reverse engineering an APK that uses a function with a vulnerable webView object. We can use this object and the JavascriptInterface bound to it to execute one spe...

Summary This challenge revolves around extracting a bunch of layers from a tar archive, and then rearranging those layers into other files. In short, someone at FE got creative with their use of ta...

Summary This medium box was quite tricky, especially the root step, which took a while to figure out. The box focuses on exploiting a flask web application, alongside enumeration an ftp service hos...

Summary Foothold We start out by doing an nmap port scan: Starting Nmap 7.92 ( https://nmap.org ) at 2022-08-14 15:25 CEST Nmap scan report for 10.129.44.47 Host is up (0.024s latency). Not shown...

Summary Foothold We start out by doing an nmap port scan: ┌──(bitis㉿workstation)-[~/Downloads] └─$ nmap -sC -sV 10.129.227.208 Starting Nmap 7.92 ( https://nmap.org ) at 2022-08-08 20:15 CEST Nma...

Summary This was actually a pretty tricky box. It starts out with thymeleaf template injection, and ends with a slightly complicated XXE attack to gain root access. Let’s take a look! Foothold We ...

Summary This box focuses on exploiting an authentication system using a jwt with an insecure jku parameter. After this, we can do unicode normalization to gain lfi, which will allow us to get a pas...