H1-702 CTF Introduction Start Dirbuster Readme Json Web Token Versioning Hidden Enumerate Final steps Introduction() My last two weeks being occupied began with this simple tweet from Jobert Abma. ‏ “Hackers, we’ve built a mobile […] Read More

TL;DR  By using the search function in the mail with an empty search string, I retrieved all the usernames, for which I then checked if the password is the same as the username. By filtering […] Read More

TL;DR By uploading a web.config I was able to bypass the blacklist, which blocks files with an executable extension (such as ‘.asp’ and ‘.aspx’). After setting execution rights to ‘.config’ and then adding asp code […] Read More

So Hackerone launched a new CTF. H1-202 (2017) CTF https://www.hackerone.com/blog/hack-your-way-to-nyc-this-december-for-h1-212 I wrote my write-up in a Github gist. Here you go: