Introduction We (Kalmarunionen) firstblooded the Leakless Note challenge during the SekaiCTF 2023. Only four teams solved the challenge during the competition. This is our write-up of the working - yet, unintended solution. TL;DR: We open 50 tabs and can use the timing difference from an iframe CSP violation in the …
Read MoreWriteup by: andyandpandy, Anakin Solved by: Fr3d, c3lphie, Anakin, andyandpandy, patriksletmo, ly4k and more Writeup This challenge took us 21 hours to solve. Only 3 out of 524 teams solved it. Overview The challenge included a scenario where we had arbitrary javascript execution on a website. From here we were able to …
Read Morekgbfskfsb, MidnightSun CTF writeup Writeup by: Nigma, nrabulinski Solved by: sebastianpc, Eldar Zeynalli (Hako), nrabulinski, Nigma Description: DeNiS Sergeev wants a secret mission payload… Attachments: kgbfskfsb.tar.gz The challenge description pretty clearly hints towards DNS stuff and sure enough, after …
Read MoreWriteup by: Zanderdk | linkedin Solved by: ZZZ | linkedin, N00byedge | linkedin Indie VMM - HXP 2021 In this challenge we are given a root access to a linux machine running in the linux tools hypervisor and the goal is to escape out of the hypervisor to access the flag file on the host system. During this challenge we …
Read MoreWriteup by: andyandpandy Solved by: andyandpandy, Hako Writeup The challenge has a race condition vulnerability, where you can delete your user and rapidly after send another request for the flag, which is successful when timed correctly. Description Web challenge Challenge author: pspaul/SonarSource To keep track of …
Read More