Image for post
Image for post

This is the walkthrough for the uncaptured challenges from c0c0n XI CTF organized by RedTeamVillage.

There wont be much screenshots because I forgot to take it please apologize

Challenge 1 Argentina

In this challenge all we need was to post a photo of our team and tweet in and send the link to the admins via Telegram Just to ease up everyone


Image for post
Image for post

About c0c0n XI

c0c0n is an annual international cybersecurity, data privacy and hacking conference organised by the International public-private partnership led by the Society for the Policing of Cyberspace (POLCYB) in association with Information Security Research Association (ISRA), Group of Technology Companies ( GTec) and Kerala State IT Mission.

Capture the Flag

This time Capture the Flag competition was organized by AppFabs and Kerala Police Cyberdome .

Registration

The registration was quiet easy as the organizers noted down our names and contact details and gave us the rules and a hash that was needed to verify the registration in the CTF platform and a really cool Badge


Image for post
Image for post
Courtesy of BruteLogic

Few week ago I was talking to a friend of mine when he gave me a subdomain that had an admin panel and asked me weather I could find a way to get inside, Why not give it a try.


So its been some time since I've done some Bug Bounty as I was busy working .

I wont be revealing the Program due to Privacy Issues …

Image for post
Image for post

I started my initial recon by doing some subdomain enumeration using KNOCKPY SUBLISTER etc..

And i got a subdomain named test.REDACTED.com there was nothing much to look for it returned a simple static HTML page , Then I did a Directory Scan using Dirsearch


Image for post
Image for post

Bashed is a CTF box on Hackthebox which is gonna be retired soon so I thought I would write a walk through.

So as always I started my recon on the box by doing a nmap scan and found the following results.


So Hey everyone I am back with another write-up this time its Oracle

Image for post
Image for post

This is a really short write-up and there wont be much info

So few weeks back I was sitting at home watching TV and looking at my linked in when the Postman came with my Udacity Swag and I saw a post by someone who found a XSS in Oracle so I thought lets find some..

So I didn't have my laptop ( because i was so lazy to go upstairs) but I had termux in my mobile so I ran sublister against oracle.com and landed on…


This was a bug that I found back in 2017. This started when a friend of mine (a.k.a 1337) showed me a T-Shirt that he got from Sony . So I thought why can’t I get one so I started doing Recon on the target Sony had a wide range of domains and Sub-domains. I spend 2 days looking for a bug on Sony's main domain and I got nothing

Image for post
Image for post

So went for the next thing Acquisitions Same result. So I thought I should do something else so started Dorking

site:*.sony.*

And I landed in sony.co.kr and found a sub-domain…

Rahul R

Security NOOB :)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store