HTB Cyber Apocalypse – Emoji Voting Writeup

Emoji Voting was a 2-star rated 'Web' machine. The server was vulnerable to SQL injection, which allowed for the flag to be discovered. This was a fairly laborious process, as the SQL injection was after an 'ORDER BY' statement, which increased the complexity of exploiting it. Pwning Emoji Voting The website itself appears to be … Continue reading HTB Cyber Apocalypse – Emoji Voting Writeup →

HTB Cyber Apocalypse CTF 2021 – BlitzProp Writeup

BlitzProp is a 1* rated challenge from the web category of the HTB CTF. To exploit this, you need to use a 'prototype pollution' vulnerability in order to gain RCE against the target. This was the first time I had exploited a target using a vulnerability such as this, so I learned a lot from … Continue reading HTB Cyber Apocalypse CTF 2021 – BlitzProp Writeup →

HTB CTF 2021 – MiniSTRyplace Writeup

MiniSTRyplace was a 1-star rated 'Web' challenge from the HackTheBox Cyber Apocalypse CTF. The solution was pretty simple, with a vulnerable str_replace function allowing for a simple path traversal exploit. Initially, the files for the server were supplied as part of the challenge. From a quick initial search, the index.php file stood out as being … Continue reading HTB CTF 2021 – MiniSTRyplace Writeup →

HTB CTF 2021 – Input as a Service Writeup

Input as a Serivce (Iaas) 1-star rated challenge from the HackTheBox Cyber Apocalypse CTF. This challenge was from the 'Misc' section, in contrast to most of the others I attempted! This challenge revolved around a input function vulnerability in a Python web server, which could be exploited to achieve an RCE. Some initial poking around … Continue reading HTB CTF 2021 – Input as a Service Writeup →