Category: HTB Cyber Apocalypse CTF 2021
-
HTB Cyber Apocalypse – Emoji Voting Writeup
Emoji Voting was a 2-star rated ‘Web’ machine. The server was vulnerable to SQL injection, which allowed for the flag to be discovered. This was a fairly laborious process, as the SQL injection was after an ‘ORDER BY’ statement, which increased the complexity of exploiting it. Pwning Emoji Voting The website itself appears to be […]
-
HTB Cyber Apocalypse CTF 2021 – BlitzProp Writeup
BlitzProp is a 1* rated challenge from the web category of the HTB CTF. To exploit this, you need to use a ‘prototype pollution’ vulnerability in order to gain RCE against the target. This was the first time I had exploited a target using a vulnerability such as this, so I learned a lot from […]
-
HTB CTF 2021 – MiniSTRyplace Writeup
MiniSTRyplace was a 1-star rated ‘Web’ challenge from the HackTheBox Cyber Apocalypse CTF. The solution was pretty simple, with a vulnerable str_replace function allowing for a simple path traversal exploit. Initially, the files for the server were supplied as part of the challenge. From a quick initial search, the index.php file stood out as being […]
-
HTB CTF 2021 – Input as a Service Writeup
Input as a Serivce (Iaas) 1-star rated challenge from the HackTheBox Cyber Apocalypse CTF. This challenge was from the ‘Misc’ section, in contrast to most of the others I attempted! This challenge revolved around a input function vulnerability in a Python web server, which could be exploited to achieve an RCE. Some initial poking around […]