CTF & Wargames - writeups and exploits
Note: Currently working on moving writeups out from this repo and onto https://fyx.me/
Interesting Writeups
- [redteam] Dreams :: Using PrintNightmare to exploit a vulnerable DC
- [redteam] Scorching :: NTLM hash cracking and using that hash for kerberoasting
- [web] Skylark Capsule :: Weak JWT secret cracking. CRC-32 hash collision to login to admin
- [pwn] Deleted Flag :: Bypass seccomp to read a flag from an open file descriptor
Notes: Old repo notes below:
This repo contains a few of the ctf and wargames I've participated in. The repo is currently a mess and needs to be cleaned up. Some challenges have the exploits and not the writeup and other have the writeup but no exploit script.
Folder structure
./firehose/
contains all the challenges which have yet to be sorted./<challenge type>/
contain challenges specific to the specified type./<challenge type>/<ctf name>/
contains all challenges of that type from that specific ctf./<challenge type>/<ctf name>/<challenge name>/
contains the challenge's files when possible and a writeup of the challenge
Interesting Writeups
Binary exploitation
- Use after free vulnerability with memory leak allowing heap exploit
- Ret2libc using a buffer overflow and information leak
- Format string vulnerability with %n rewrite
Websec
- SQL injection with strong WAF and IP ban
- Oauth, SAML & XXE challenges
- Multiple XXS, SSRF & LFI vulns
- Performing recon
- Basic SQL injection