My team and I recently took place in the CyberTalents National CTF 2021 where we emerged 1st in Kenya :) We managed to solve all challenges but one. Here are some of the writeups for the challenges we solved

Since the challenges are down, I will try my best to…


Bypassing stack pointer restrictions to gain arbitrary code execution

Protostar is a series of beginner binary exploitation challenges which showcases concepts like basic stack-based buffer overflows, bypassing stack protections and even performing format string attacks. I tried out these challenges as I have close to 0 experience with binary exploitation and wanted to learn some of it and it…


getimagesize() File upload vulnerability

In this write-up we go through Indead in the web category

We are given a web page with an upload functionality.

I immediately went for a file upload vulnerability and tried uploading a simple php web shell.


Exploiting a deserialize vunlerability in pyyaml

Hackpack has recently concluded and we placed 47th out of 447 teams. In this short writeup we look at Yaml-2-Json in the web category

In this challenge we exploit a code execution vulnerability in pyYaml- a yaml parser and emitter for python. The server is using pyYAML and Flask.

We…


Exploit a buffer overflow vulnerability by analyzing a Windows executable.

Enumeration

Perform a quick rustscan to view open ports.


Exploit an SUID bit file, use GNU debugger to take advantage of a buffer overflow and gain root access by PATH manipulation.

Enumeration

Started off by running rustscan to discover open ports. We end up with port 22,139,445


Reverse engineering a chat application to exploit a windows machine using a buffer overflow

Prerequisites

  1. Windows 7/10 virtual environment
  2. Immunity Debugger
  3. Basic understanding of buffer overflows

Enumeration

We Spin off the instance and get right into some enumeration. We can begin with some nmap or rustscan scanning to identify open ports


In this brief walk-through , we will be hacking a vulnerable database server by showcasing the res room in Tryhackme.

Enumeration

As always, spin up our machine instance and begin some enumeration. For speed and more accuracy, I perform a port scan using rustscan( an incredibly fast port scanning tool)…


ASPIRE CTF was a good refresher for basic CTF skills. I hopped onto it played and solo to get the most out of it. Below is a detailed walk-through for all the challenges I solved in the Linux skills category

Needle in a haystack -50pts


Welcome to another episode of spending 4 hours to automate something that would take me 5 minutes to manually do 😂But hey, this was a fun project to do and it proved useful in my day to day project workflow.

In this article, I will show you how you can…

Trevor saudi

Just a hacker looking for fun

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store