Lädt...

🕵️ h1-ctf: Wholesome Hacky Holidays: A Writeup


Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vulners.com


image
Flag 1 Warm-up: flag{48104912-28b0-494a-9995-a203d1e261e7} Checking the robots.txt the flag can be found. Also a path is revealed: /s3cr3t-ar3a Flag 2 It's right in front of you: flag{b7ebcb75-9100-4f91-8454-cfb9574459f7} With the previously found path /s3cr3t-ar3a, the flag was hidden in plain sight. Opening the dev tools and searching for flag reveals it. Flag 3 People Rater: flag{b705fb11-fb55-442f-847f-0931be82ed9a} On the front page a new button Apps appeared. One app, the People Rater is aviailable. At URL https://hackyholidays.h1ctf.com/people-rater we can use the Grinch People Rater by clicking one of the names. For example selecting Tea Avery pops an alertbox with Awful. Looking at the request in Burp: Request: GET /people-rater/entry?id=eyJpZCI6Mn0= HTTP/1.1 Host: hackyholidays.h1ctf.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: close Referer: https://hackyholidays.h1ctf.com/people-rater Response: ``` HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 15 Dec 2020 03:47:29 GMT Content-Type: application/json Connection: close Content-Length: 57 {"id":"eyJpZCI6Mn0=","name":"Tea Avery","rating":"Awful"} ``` In the request, we see the parameter id=eyJpZCI6Mn0= which is an encoded base64 string. Decoding it reveals {"id":2}. Simply replacing the value with... ...

📰 Hacky hack on whack 'Hacky Hack Hack' Mac chaps hack attack rap cut some slack


📈 49.64 Punkte
📰 IT Security Nachrichten

🍏 Checklist 309: The Hacky Holidays Special


📈 40.27 Punkte
🍏 iOS / Mac OS

📰 How to look for holidays of any country using Public Holidays API


📈 30.9 Punkte
📰 IT Security Nachrichten

📰 How to look for holidays of any country using Public Holidays API


📈 30.9 Punkte
📰 IT Security Nachrichten

🐧 Redefining Firefox shortcuts the hacky (but interesting!) way


📈 24.82 Punkte
🐧 Linux Tipps

🪟 Wholesome Pokemon-like "Creatures of Ava" shows off a new trailer, with a playable demo coming soon


📈 24.82 Punkte
🪟 Windows Tipps

📰 Teenage Apple hacker avoids jail for 'hacky hack hack' attack


📈 24.82 Punkte
📰 IT Security Nachrichten

🐧 Wholesome linux


📈 24.82 Punkte
🐧 Linux Tipps

📰 "Hacky hack hack": Apple-Hacker kommt vor Gericht glimpflich davon


📈 24.82 Punkte
📰 IT Security Nachrichten

🔧 Steam: Dieses Aufbauspiel ist wholesome - und perfekt für die freien Tage


📈 24.82 Punkte
🔧 Programmierung

📰 "Hacky hack hack": 16-jähriger Apple-Hacker tritt seine Strafe an


📈 24.82 Punkte
📰 IT Nachrichten

🔧 Steam: Dieses Aufbauspiel ist wholesome - und perfekt für die freien Tage


📈 24.82 Punkte
🔧 Programmierung

📰 'Hacky Hack Hack': Australia Teen Breaches Apple's Secure Network


📈 24.82 Punkte
📰 IT Security Nachrichten

📰 Humble Bundle: „Uplifting Adventures: A Wholesome Games Bundle“ veröffentlicht


📈 24.82 Punkte
📰 IT Nachrichten

📰 'Hacky hack hack': Teen arrested for breaking into Apple's network


📈 24.82 Punkte
📰 IT Security Nachrichten

🐧 Sweet Dreams Alex is a wholesome puzzle and construction game


📈 24.82 Punkte
🐧 Linux Tipps

📰 "Hacky hack hack": 16-jährigem Apple-Fan gelingt offenbar Unmögliches


📈 24.82 Punkte
📰 IT Nachrichten

🪟 Ooblets Xbox review: Even the glitches are wholesome


📈 24.82 Punkte
🪟 Windows Tipps

🪟 Moonglow Bay for Xbox and PC is the wholesome co-op fishing sim we deserve


📈 24.82 Punkte
🪟 Windows Tipps

🪟 Ooblets brings the wholesome Nintendo formula to Xbox


📈 24.82 Punkte
🪟 Windows Tipps

🪟 ICYMI here are all the feel-good games mentioned in the Wholesome Direct


📈 24.82 Punkte
🪟 Windows Tipps

📰 Wholesome Direct – Indie Game Show für nächsten Dienstag angekündigt


📈 24.82 Punkte
📰 IT Nachrichten

📰 Wholesome Direct – Indie Game Show für nächsten Dienstag angekündigt


📈 24.82 Punkte
📰 IT Nachrichten

📰 Wholesome Direct 2020: „Gemütliche und herzliche“ Präsentation mehrerer Indie-Spiele angekündigt


📈 24.82 Punkte
📰 IT Nachrichten

📰 Wholesome Games Celebration: Steam-Sale rabattiert fröhliche Cozy Games [Notiz]


📈 24.82 Punkte
📰 IT Nachrichten

📰 Wholesome Direct 2020 angekündigt


📈 24.82 Punkte
📰 IT Nachrichten

🐧 Prickle is a wholesome Sokoban-style puzzler about catching baby hedgehogs


📈 24.82 Punkte
🐧 Linux Tipps

📰 Wholesome Direct 2020 präsentiert nächste Woche mehrere Indie-Spiele


📈 24.82 Punkte
📰 IT Nachrichten

🐧 TalkingArch is one of the most wholesome projects I've encountered in my Linux journey


📈 24.82 Punkte
🐧 Linux Tipps

🕵️ My First Malware Analysis Writeup! I'd be very glad for any feedback :)


📈 18.62 Punkte
🕵️ Reverse Engineering

📰 A creative Open Redirect vulnerability Bug Bounty writeup on Medium!


📈 18.62 Punkte
📰 IT Security Nachrichten

🕵️ Writeup to the FLARE-ON 7 challenge


📈 18.62 Punkte
🕵️ Reverse Engineering

🔧 HackTheBox - Writeup Sau [Retired]


📈 18.62 Punkte
🔧 Programmierung

🕵️ PHP Kernel Writeup with Instructions (Reversing)


📈 18.62 Punkte
🕵️ Reverse Engineering

matomo