-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
196 lines (192 loc) · 23.5 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="generator" content="Hugo 0.99.1" />
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noodp" />
<title>Team7even</title><meta name="Description" content="Team7even Blog, Contains writeups and Walkthrough for htb boxes"><meta property="og:title" content="Team7even" />
<meta property="og:description" content="Team7even Blog, Contains writeups and Walkthrough for htb boxes" />
<meta property="og:type" content="website" />
<meta property="og:url" content="https://team0se7en.github.io/" /><meta property="og:image" content="https://team0se7en.github.io/logo.png"/><meta property="og:site_name" content="My cool site" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="https://team0se7en.github.io/logo.png"/>
<meta name="twitter:title" content="Team7even"/>
<meta name="twitter:description" content="Team7even Blog, Contains writeups and Walkthrough for htb boxes"/>
<meta name="application-name" content="Team7even">
<meta name="apple-mobile-web-app-title" content="Team7even"><meta name="theme-color" content="#ffffff"><meta name="msapplication-TileColor" content="#da532c"><link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"><link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"><link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"><link rel="manifest" href="/site.webmanifest"><link rel="canonical" href="https://team0se7en.github.io/" /><link rel="alternate" href="/index.xml" type="application/rss+xml" title="Team7even">
<link rel="feed" href="/index.xml" type="application/rss+xml" title="Team7even"><link rel="stylesheet" href="/css/style.min.3c197b208f9b5823aeba4a4b2e21743cb9ba6d05a1019cd4d6eb0cddfbbe9964.css" integrity="sha256-PBl7II+bWCOuukpLLiF0PLm6bQWhAZzU1usM3fu+mWQ="><link rel="preload" href="https://cdn.jsdelivr.net/npm/@fortawesome/[email protected]/css/all.min.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<noscript><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/[email protected]/css/all.min.css"></noscript><link rel="preload" href="https://cdn.jsdelivr.net/npm/[email protected]/animate.min.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<noscript><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/animate.min.css"></noscript><script type="application/ld+json">
{
"@context": "http://schema.org",
"@type": "WebSite",
"url": "https:\/\/team0se7en.github.io\/","inLanguage": "en","author": {
"@type": "Person",
"name": "member"
},"description": "Team7even Blog, Contains writeups and Walkthrough for htb boxes","name": "Team7even"
}
</script></head>
<body data-header-desktop="fixed" data-header-mobile="auto"><script type="text/javascript">(window.localStorage && localStorage.getItem('theme') ? localStorage.getItem('theme') === 'dark' : ('dark' === 'auto' ? window.matchMedia('(prefers-color-scheme: dark)').matches : 'dark' === 'dark')) && document.body.setAttribute('theme', 'dark');</script>
<div id="mask"></div><div class="wrapper"><header class="desktop" id="header-desktop">
<div class="header-wrapper">
<div class="header-title">
<a href="/" title="Team7even"><span class="header-title-pre"><i class='fas fa-skull-crossbones'></i></span>Team7even</a>
</div>
<div class="menu">
<div class="menu-inner"><a class="menu-item" href="/posts/"> Posts </a><a class="menu-item" href="/tags/"> Tags </a><a class="menu-item" href="/categories/"> Categories </a><span class="menu-item delimiter"></span><span class="menu-item search" id="search-desktop">
<input type="text" placeholder="Search for writeups/Walkthrough's" id="search-input-desktop">
<a href="javascript:void(0);" class="search-button search-toggle" id="search-toggle-desktop" title="Search">
<i class="fas fa-search fa-fw" aria-hidden="true"></i>
</a>
<a href="javascript:void(0);" class="search-button search-clear" id="search-clear-desktop" title="Clear">
<i class="fas fa-times-circle fa-fw" aria-hidden="true"></i>
</a>
<span class="search-button search-loading" id="search-loading-desktop">
<i class="fas fa-spinner fa-fw fa-spin" aria-hidden="true"></i>
</span>
</span><a href="javascript:void(0);" class="menu-item theme-switch" title="Switch Theme">
<i class="fas fa-adjust fa-fw" aria-hidden="true"></i>
</a>
</div>
</div>
</div>
</header><header class="mobile" id="header-mobile">
<div class="header-container">
<div class="header-wrapper">
<div class="header-title">
<a href="/" title="Team7even"><span class="header-title-pre"><i class='fas fa-skull-crossbones'></i></span>Team7even</a>
</div>
<div class="menu-toggle" id="menu-toggle-mobile">
<span></span><span></span><span></span>
</div>
</div>
<div class="menu" id="menu-mobile"><div class="search-wrapper">
<div class="search mobile" id="search-mobile">
<input type="text" placeholder="Search for writeups/Walkthrough's" id="search-input-mobile">
<a href="javascript:void(0);" class="search-button search-toggle" id="search-toggle-mobile" title="Search">
<i class="fas fa-search fa-fw" aria-hidden="true"></i>
</a>
<a href="javascript:void(0);" class="search-button search-clear" id="search-clear-mobile" title="Clear">
<i class="fas fa-times-circle fa-fw" aria-hidden="true"></i>
</a>
<span class="search-button search-loading" id="search-loading-mobile">
<i class="fas fa-spinner fa-fw fa-spin" aria-hidden="true"></i>
</span>
</div>
<a href="javascript:void(0);" class="search-cancel" id="search-cancel-mobile">
Cancel
</a>
</div><a class="menu-item" href="/posts/" title="">Posts</a><a class="menu-item" href="/tags/" title="">Tags</a><a class="menu-item" href="/categories/" title="">Categories</a><a href="javascript:void(0);" class="menu-item theme-switch" title="Switch Theme">
<i class="fas fa-adjust fa-fw" aria-hidden="true"></i>
</a></div>
</div>
</header><div class="search-dropdown desktop">
<div id="search-dropdown-desktop"></div>
</div>
<div class="search-dropdown mobile">
<div id="search-dropdown-mobile"></div>
</div><main class="main">
<div class="container"><div class="page home" data-home="posts"><div class="home-profile"><div class="home-avatar"><a href="/posts/" title="Posts"><img
class="lazyload"
src="/svg/loading.min.svg"
data-src="/images/logo.png"
data-srcset="/images/logo.png, /images/logo.png 1.5x, /images/logo.png 2x"
data-sizes="auto"
alt="/images/logo.png"
title="/images/logo.png" width="200" height="200" /></a></div><div class="home-subtitle"><div id="id-1" class="typeit"></div></div><div class="links"><a href="https://github.com/team0se7en" title="GitHub" target="_blank" rel="noopener noreffer me"><i class="fab fa-github-alt fa-fw" aria-hidden="true"></i></a><a href="https://twitter.com/team7even1" title="Twitter" target="_blank" rel="noopener noreffer me"><i class="fab fa-twitter fa-fw" aria-hidden="true"></i></a><a href="https://facebook.com/Team_7even-113631387103659" title="facebook" target="_blank" rel="noopener noreffer me"><i class="fab fa-facebook fa-fw" aria-hidden="true"></i></a><a href="mailto:[email protected]" title="Email" rel=" me"><i class="far fa-envelope fa-fw" aria-hidden="true"></i></a><a href="/index.xml" title="RSS" target="_blank" rel="noopener noreffer me"><i class="fas fa-rss fa-fw" aria-hidden="true"></i></a></div></div>
<article class="single summary" itemscope itemtype="http://schema.org/Article"><div class="featured-image-preview">
<a href="/hackini-10th-challenge-creator/"><img
class="lazyload"
src="/svg/loading.min.svg"
data-src="/hackini-10th-challenge-creator/hackini.png"
data-srcset="/hackini-10th-challenge-creator/hackini.png, /hackini-10th-challenge-creator/hackini.png 1.5x, /hackini-10th-challenge-creator/hackini.png 2x"
data-sizes="auto"
alt="/hackini-10th-challenge-creator/hackini.png"
title="Writeup for Hackini 10th 2022, challenge name: Challenge Creator" /></a>
</div><h1 class="single-title" itemprop="name headline">
<a href="/hackini-10th-challenge-creator/">Hackini 10th 2022 Challenge Creator</a>
</h1><div class="post-meta"><span class="post-author"><a href="https://github.com/vvxhid" title="Author" target="_blank" rel="noopener noreffer author" class="author"><i class="fas fa-user-circle fa-fw" aria-hidden="true"></i>vvxhid</a></span> <span class="post-publish">published on <time datetime="2022-06-02">2022-06-02</time></span> <span class="post-category">included in <a href="/categories/ctf-writeups/"><i class="far fa-folder fa-fw" aria-hidden="true"></i>CTF Writeups</a></span></div><div class="content">@chenx3en created a fun XSS challenge in HackINI 2022 ctf.
TL; DR HTML injection in the title tag. CSP injection. Prototype pollution and XSS Overview When we visit the website link, we will be presented with a form to create a ctf challenge and share it with the admin (bot):
After completing and submitting the form, we see a query parameter named challenge that has a JSON string including all of the supplied data.</div><div class="post-footer">
<a href="/hackini-10th-challenge-creator/">Read More</a><div class="post-tags">
<i class="fas fa-tags fa-fw" aria-hidden="true"></i> <a href="/tags/web/">web</a>, <a href="/tags/xss/">xss</a>, <a href="/tags/csp/">csp</a>, <a href="/tags/prototype-pollution/">prototype-pollution</a>, <a href="/tags/injection/">injection</a></div></div>
</article><article class="single summary" itemscope itemtype="http://schema.org/Article"><div class="featured-image-preview">
<a href="/csawquals20-smallsurp/"><img
class="lazyload"
src="/svg/loading.min.svg"
data-src="/csawquals20-smallsurp/featured.png"
data-srcset="/csawquals20-smallsurp/featured.png, /csawquals20-smallsurp/featured.png 1.5x, /csawquals20-smallsurp/featured.png 2x"
data-sizes="auto"
alt="/csawquals20-smallsurp/featured.png"
title="Writeup for CSAW CTF 2020, challenge name: Web RTC" /></a>
</div><h1 class="single-title" itemprop="name headline">
<a href="/csawquals20-smallsurp/">Csawquals20 Smallsurp</a>
</h1><div class="post-meta"><span class="post-author"><a href="https://github.com/akram09" title="Author" target="_blank" rel="noopener noreffer author" class="author"><i class="fas fa-user-circle fa-fw" aria-hidden="true"></i>akram</a></span> <span class="post-publish">published on <time datetime="2020-09-15">2020-09-15</time></span> <span class="post-category">included in <a href="/categories/ctf-writeups/"><i class="far fa-folder fa-fw" aria-hidden="true"></i>CTF Writeups</a></span></div><div class="content">Writeup summary Challenge Info TL-DR Analysis of the server code Bypass Hmac Verification Assemble Secrets and Get Flag Challenge Info Your APT group scr1pt_k1tt13z breached into a popular enterprise service, but due to inexperience, you only got the usernames of the administrators of the service, and an encrypted password for the root admin. However, you learned that the company had a key agreement ceremony at some point in time, and the administrators keys are all somehow connected to the root admin’s.</div><div class="post-footer">
<a href="/csawquals20-smallsurp/">Read More</a><div class="post-tags">
<i class="fas fa-tags fa-fw" aria-hidden="true"></i> <a href="/tags/crypto/">crypto</a>, <a href="/tags/shamir/">shamir</a>, <a href="/tags/shamir-secret-scheme/">shamir-secret-scheme</a>, <a href="/tags/math/">math</a>, <a href="/tags/number-theory/">number-theory</a>, <a href="/tags/csawquals20/">csawquals20</a></div></div>
</article><article class="single summary" itemscope itemtype="http://schema.org/Article"><div class="featured-image-preview">
<a href="/csawquals20-webrtc/"><img
class="lazyload"
src="/svg/loading.min.svg"
data-src="/csawquals20-webrtc/featured.png"
data-srcset="/csawquals20-webrtc/featured.png, /csawquals20-webrtc/featured.png 1.5x, /csawquals20-webrtc/featured.png 2x"
data-sizes="auto"
alt="/csawquals20-webrtc/featured.png"
title="Writeup for CSAW CTF 2020, challenge name: Web RTC" /></a>
</div><h1 class="single-title" itemprop="name headline">
<a href="/csawquals20-webrtc/">CsawQuals2020 WebRTC </a>
</h1><div class="post-meta"><span class="post-author"><a href="https://github.com/th3happybit" title="Author" target="_blank" rel="noopener noreffer author" class="author"><i class="fas fa-user-circle fa-fw" aria-hidden="true"></i>oussama</a></span> <span class="post-publish">published on <time datetime="2020-09-14">2020-09-14</time></span> <span class="post-category">included in <a href="/categories/ctf-writeups/"><i class="far fa-folder fa-fw" aria-hidden="true"></i>CTF Writeups</a></span></div><div class="content">WEB real time chat Challenge Info Writeup Summary Challenge description Enumeration Challenge description I started playing around with some fancy new Web 3.1 technologies! This RTC tech looks cool, but there's a lot of setup to get it working... I hope it's all secure.
http://web.chal.csaw.io:4955
they also included some files: Dockerfile , supervisord.conf and app.py. supervisord.conf:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [supervisord] nodaemon=true [program:gunicorn3] command=gunicorn3 --workers=10 -b 0.</div><div class="post-footer">
<a href="/csawquals20-webrtc/">Read More</a><div class="post-tags">
<i class="fas fa-tags fa-fw" aria-hidden="true"></i> <a href="/tags/turn/">turn</a>, <a href="/tags/redis/">redis</a>, <a href="/tags/rce/">rce</a>, <a href="/tags/csawquals20/">csawquals20</a>, <a href="/tags/web/">web</a></div></div>
</article><article class="single summary" itemscope itemtype="http://schema.org/Article"><div class="featured-image-preview">
<a href="/pwn2win2020-androids-encryption/"><img
class="lazyload"
src="/svg/loading.min.svg"
data-src="/pwn2win2020-androids-encryption/featured.png"
data-srcset="/pwn2win2020-androids-encryption/featured.png, /pwn2win2020-androids-encryption/featured.png 1.5x, /pwn2win2020-androids-encryption/featured.png 2x"
data-sizes="auto"
alt="/pwn2win2020-androids-encryption/featured.png"
title="Writeup for Pwn2Win CTF 2020, challenge name: Androids_Encryption" /></a>
</div><h1 class="single-title" itemprop="name headline">
<a href="/pwn2win2020-androids-encryption/">Pwn2win2020 Androids Encryption</a>
</h1><div class="post-meta"><span class="post-author"><a href="https://github.com/akram09" title="Author" target="_blank" rel="noopener noreffer author" class="author"><i class="fas fa-user-circle fa-fw" aria-hidden="true"></i>kero</a></span> <span class="post-publish">published on <time datetime="2020-08-09">2020-08-09</time></span> <span class="post-category">included in <a href="/categories/ctf-writeups/"><i class="far fa-folder fa-fw" aria-hidden="true"></i>CTF Writeups</a></span></div><div class="content">Challenge Info The challenge is a crypto challenge from the pwn2win event , it’s focused on the symmetric cryptography and especially the aes block cipher.So we are given remote connection nc encryption.pwn2.win 1337 and the python script that is running in the remote server.py .
Writeup Summary gain general information deep look into encrypt your secret Solution gain general information By the first look at the server.</div><div class="post-footer">
<a href="/pwn2win2020-androids-encryption/">Read More</a><div class="post-tags">
<i class="fas fa-tags fa-fw" aria-hidden="true"></i> <a href="/tags/symmetric-crypto/">symmetric-crypto</a>, <a href="/tags/aes/">aes</a>, <a href="/tags/pwn2win-ctf/">pwn2win-ctf</a>, <a href="/tags/crypto/">crypto</a></div></div>
</article><article class="single summary" itemscope itemtype="http://schema.org/Article"><div class="featured-image-preview">
<a href="/cybrics2020-otp/"><img
class="lazyload"
src="/svg/loading.min.svg"
data-src="/cybrics2020-otp/featured.png"
data-srcset="/cybrics2020-otp/featured.png, /cybrics2020-otp/featured.png 1.5x, /cybrics2020-otp/featured.png 2x"
data-sizes="auto"
alt="/cybrics2020-otp/featured.png"
title="Writeup for Cybrics CTF 2020, challenge name: OTP" /></a>
</div><h1 class="single-title" itemprop="name headline">
<a href="/cybrics2020-otp/">Cybrics2020 Otp</a>
</h1><div class="post-meta"><span class="post-author"><a href="https://github.com/Fa2y" title="Author" target="_blank" rel="noopener noreffer author" class="author"><i class="fas fa-user-circle fa-fw" aria-hidden="true"></i>Fa2y</a></span> <span class="post-publish">published on <time datetime="2020-08-08">2020-08-08</time></span> <span class="post-category">included in <a href="/categories/ctf-writeups/"><i class="far fa-folder fa-fw" aria-hidden="true"></i>CTF Writeups</a></span></div><div class="content">Challenge Info A crack the box challenge (hackthebox/vulnhub-like) http://otp-cybrics2020.ctf.su/ the web-page provides a input for auth token and a the client binary and the server’s, and the source code of the server.
Main Page TL-DR We discover the client binary is using ssh, we get the private key out of the binary and get the user also we use ssh keys to do forward port tunneling of the mongodb port from the server to our machine we connect to the db and get the otp of the admin provide it to the website and we get the flag.</div><div class="post-footer">
<a href="/cybrics2020-otp/">Read More</a><div class="post-tags">
<i class="fas fa-tags fa-fw" aria-hidden="true"></i> <a href="/tags/linux/">linux</a>, <a href="/tags/ctb/">ctb</a>, <a href="/tags/cybrics-ctf/">cybrics-ctf</a>, <a href="/tags/ssh/">ssh</a></div></div>
</article></div></div>
</main><footer class="footer">
<div class="footer-container"><div class="footer-line">Powered by <a href="https://gohugo.io/" target="_blank" rel="noopener noreffer" title="Hugo 0.99.1">Hugo</a> | Theme - <a href="https://github.com/dillonzq/LoveIt" target="_blank" rel="noopener noreffer" title="LoveIt 0.2.11"><i class="far fa-kiss-wink-heart fa-fw" aria-hidden="true"></i> LoveIt</a>
</div><div class="footer-line" itemscope itemtype="http://schema.org/CreativeWork"><span class="author" itemprop="copyrightHolder"> <a href="/" target="_blank">member</a></span> | <span class="license"><a rel="license external nofollow noopener noreffer" href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank">CC BY-NC 4.0</a></span></div>
</div>
</footer></div>
<div id="fixed-buttons"><a href="#" id="back-to-top" class="fixed-button" title="Back to Top">
<i class="fas fa-arrow-up fa-fw" aria-hidden="true"></i>
</a><a href="#" id="view-comments" class="fixed-button" title="View Comments">
<i class="fas fa-comment fa-fw" aria-hidden="true"></i>
</a>
</div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/katex.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/contrib/copy-tex.min.css"><script type="text/javascript" src="https://polyfill.io/v3/polyfill.min.js?features=Array.prototype.fill%2CArray.prototype.find%2CArray.from%2CIntersectionObserver%2CMath.sign%2CObject.assign%2CPromise%2CObject.entries%2Chtml5shiv%2CObject.values%2Cfetch%2CElement.prototype.after"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/dist/autocomplete.min.js"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/lunr.min.js"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/lazysizes.min.js"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/dist/clipboard.min.js"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/sharer.min.js"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/dist/index.umd.js"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/dist/katex.min.js"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/dist/contrib/auto-render.min.js"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/dist/contrib/copy-tex.min.js"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/dist/contrib/mhchem.min.js"></script><script type="text/javascript">window.config={"code":{"copyTitle":"Copy to clipboard","maxShownLines":30},"data":{"id-1":"Writeups \u0026 Walkthrough Made by Team7even"},"math":{"delimiters":[{"display":true,"left":"$$","right":"$$"},{"display":true,"left":"\\[","right":"\\]"},{"display":true,"left":"\\begin{equation}","right":"\\end{equation}"},{"display":true,"left":"\\begin{equation*}","right":"\\end{equation*}"},{"display":true,"left":"\\begin{align}","right":"\\end{align}"},{"display":true,"left":"\\begin{align*}","right":"\\end{align*}"},{"display":true,"left":"\\begin{alignat}","right":"\\end{alignat}"},{"display":true,"left":"\\begin{alignat*}","right":"\\end{alignat*}"},{"display":true,"left":"\\begin{gather}","right":"\\end{gather}"},{"display":true,"left":"\\begin{CD}","right":"\\end{CD}"},{"display":false,"left":"$","right":"$"},{"display":false,"left":"\\(","right":"\\)"}],"strict":false},"search":{"highlightTag":"em","lunrIndexURL":"/index.json","maxResultLength":10,"noResultsFound":"No results found","snippetLength":30,"type":"lunr"},"typeit":{"cursorChar":"|","cursorSpeed":1000,"data":{"id-1":["id-1"]},"duration":-1,"speed":100}};</script><script type="text/javascript" src="/js/theme.min.c1d5acc03abc8af9ee0a42aa4e942566a338a3e29d21b6c9f11536101f6914ad.js" integrity="sha256-wdWswDq8ivnuCkKqTpQlZqM4o+KdIbbJ8RU2EB9pFK0="></script><script type="text/javascript">
window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}gtag('js', new Date());
gtag('config', 'UA-174974975-1', { 'anonymize_ip': true });
</script><script type="text/javascript" src="https://www.googletagmanager.com/gtag/js?id=UA-174974975-1" async></script></body>
</html>