H1-702 CTF Introduction Start Dirbuster Readme Json Web Token Versioning Hidden Enumerate Final steps Introduction() My last two weeks being occupied began with this simple tweet from Jobert Abma. “Hackers, we’ve built a mobile […] Read More
Write-up
TL;DR By using the search function in the mail with an empty search string, I retrieved all the usernames, for which I then checked if the password is the same as the username. By filtering […] Read More
TL;DR By uploading a web.config I was able to bypass the blacklist, which blocks files with an executable extension (such as ‘.asp’ and ‘.aspx’). After setting execution rights to ‘.config’ and then adding asp code […] Read More
So Hackerone launched a new CTF. H1-202 (2017) CTF https://www.hackerone.com/blog/hack-your-way-to-nyc-this-december-for-h1-212 I wrote my write-up in a Github gist. Here you go: