Hello everyone. This was the best ctf that has happened this week. This was organized by HackingForSoju team. All the web challenges were dope. So here is the writeup.
This app got hacked due to admin and uberadmin directories being open. Was just about to wget -r it, but then they fixed it :( Can you help me get the files again?
settings Service: http://bigspin-01.play.midnightsunctf.se:3123
Opening the link gives us 4 urls
Only /pleb was giving out output. it is the same output of http://example.com. Tried some directory bruteforce, spent almost many hours on this but couldn’t get anything. accidentally I have typed /plebs/ instead of /pleb/ it was showing 502 bad gateway. …
Hello guys, This was the first time I played 35C3 CTF. It was a very though ctf and It has a wide exposure of new vulnerabilities. I spent the two days of ctf on only web. Here are the writeups
Opening up the IP gave us 4 lamda functions, At the start I thought lamda would be integrated with API gateway and I tried to interact with GET and POST parameters. Spent a lot a time of in interacting but it didnt work. …