Nahamcon CTF 2023 writeups warmups blobber Thic challenge had a downloadable part , the file was a sqlite database. I opened the file using sqlite database browser browsing the data there is only gibberish , except on line 238 where data is a blob object.Blobs in sqlite is whereby files can be addedtto database as entries. Read more here we can use this sql statement to get the blob...
htb pc writeup category: web difficulty: easy Hello, and welcome to another walkthrough of a htb machine. When you run a port scan on the target we get port 22 open , a full port scan reveals port 50015 that nmap cannot tell the service which it is running open port 22 open port 50015 a little reserarch i found out that the service is grpc » for more datails of what it is here...
HTB monitortwo writeup categoty : web difficulty : easy As always we begin with a port scan Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-02 12:45 EAT Stats: 0:00:21 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan Connect Scan Timing: About 56.80% done; ETC: 12:46 (0:00:15 remaining) Nmap scan report for 10.10.11.211 Host is up (0.28s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8....
check it out on my github » here
check it out on my github » here
xee1 category: web solution From the title you can tell this is a classic xxe challenge , when you capture the login request in burp repeater you will realize that the username is echoed out , so we have to make sure the output of our xxe payload is reflected in the page through the user name field. I crafted a payload to read /flag.txt , we also need to pass it through a php filter , we get the flag in base64 format...