HeroCTF v5 Writeup
CTFTime event link: https://ctftime.org/event/1951
Writeups
- Forensic:
- Misc:
- Prog:
- Reverse:
- Sponsors:
- Steganography:
- System:
- Web:
- Best Schools
- Referrrrer
- Drink from my Flask#1
- Blogodogo 1/2 (Unsolved)
Background
- Starts: 12 May 2023, 21:00 UTC+2
- Ends: 14 May 2023, 23:00 UTC+2
HeroCTF is an online cybersecurity competition for beginners and advanced players.
Team up to 5 players. Join us on Discord https://discord.gg/R3tdPvDcNN
Categories:
- Blockchain
- Crypto
- Forensic
- Misc
- OSINT
- Prog
- Pwn
- Reverse
- Sponsors
- Steganography
- System
- Web
Overview
- Solves: 16
- Score: 1532
- Rank: 125/1085
- Overall Difficulty To Me: ★★★★★☆☆☆☆☆
What I’ve learned in this CTF
- Forensic:
- HTTP Access Log Forensic (dev.corp 1/4)
- Misc:
- Python Jail Escape (PyJail)
- Prog:
- Using Python To Solve Math Problems (Math Trap)
- Reverse:
- Manually Deobfuscating VBScript Code (Give My Money Back)
- Sponsors:
- Dynamically Deobfuscating JavaScript Code (Open your eyes 1/5)
- Steganography:
- System:
- Modifiying File Permission Using Perl (Chm0d)
- Horizontal Privilege Escalation Via Misconfigurated
/usr/bin/socket
Sudo Permission (SUDOkLu) - Port Forwarding With
chisel
& Enumerating YouTrack (IMF#1: Bug Hunting) - Werkzeug Debug Console PIN Code Bypass With Extra Hardening, Horizontal Privilege Escalation Via Werkzeug Debug Console (Drink from my Flask#2)
- Web:
- Exploiting GraphQL Batching Attack (Best Schools)
- Exploiting Referer-based Access Control In Node.js Express (Referrrrer)
- Cracking JWT Secret & Exploiting RCE Via SSTI (Drink from my Flask#1)
- Blogodogo 1/2 (Unsolved)