$ whoami
Home
  • 분류 전체보기 (116)
    • Exploit (9)
      • Tools (2)
      • Exploit (5)
      • Bug Bounty (2)
    • Wargame (82)
      • HackCTF (15)
      • XSS game (6)
      • Dreamhack (2)
      • Webhacking.kr (7)
      • XSS Challenges (8)
      • H4CKING GAME (3)
      • 정보보호영재교육원 (1)
      • Lord of SQL Injection (40)
    • CTF (25)
      • YISF 2022 (2)
      • CBHC 2022 (1)
      • HeroCTF v4 (2)
      • corCTF 2022 (2)
      • Aero CTF 2022 (0)
      • BDSec CTF 2022 (4)
      • San Diego CTF 2022 (5)
      • WACon 2022 Qualifier (1)
      • Cyber Conflict Exercise 202.. (4)
      • DiceCTF 2023 (1)
      • Incognito 4.0 (3)
Home
  • 분류 전체보기 (116)
    • Exploit (9)
      • Tools (2)
      • Exploit (5)
      • Bug Bounty (2)
    • Wargame (82)
      • HackCTF (15)
      • XSS game (6)
      • Dreamhack (2)
      • Webhacking.kr (7)
      • XSS Challenges (8)
      • H4CKING GAME (3)
      • 정보보호영재교육원 (1)
      • Lord of SQL Injection (40)
    • CTF (25)
      • YISF 2022 (2)
      • CBHC 2022 (1)
      • HeroCTF v4 (2)
      • corCTF 2022 (2)
      • Aero CTF 2022 (0)
      • BDSec CTF 2022 (4)
      • San Diego CTF 2022 (5)
      • WACon 2022 Qualifier (1)
      • Cyber Conflict Exercise 202.. (4)
      • DiceCTF 2023 (1)
      • Incognito 4.0 (3)
블로그 내 검색
CONTACT

HACKINTOANETWORK

WEB APPLICATION BUG HUNTER, PENETRATION TESTER

CTF/Incognito 4.0 (3)

  • CTF/Incognito 4.0

    [Incognito 4.0] massive

    To summarize this CTF challenge, it could be solved by performing a NoSQL injection attack. The challenge provided a login and registration feature, as well as a functionality to check the existence of an email and whether an account had admin privileges. The ultimate goal of the challenge was to log in with an admin account, so I had to find an account with "isAdmin" set to true. Payload import..

    2023. 2. 19.

  • CTF/Incognito 4.0

    [Incognito 4.0] get flag2

    This CTF challenge is an SSRF challenge with some additional filtering compared to the "get flag1" challenge that was previously solved. The challenge provides a URL form where a user can input a URL, and the goal is to bypass the filtering and trigger an SSRF attack. Payload http://0x7f.0x00.0x00.0x01:9001/flag.txt The payload used to trigger the SSRF attack is the URL "http://0x7f.0x00.0x00.0x..

    2023. 2. 19.

  • CTF/Incognito 4.0

    [Incognito 4.0] get flag 1

    This CTF challenge is a simple SSRF challenge When you access the challenge, there is a URL form where you can input a URL. Payload http://0.0.0.0:9001/flag.txt Exploit By entering "http://0.0.0.0:9001/flag.txt" into the URL form, you can trigger an SSRF vulnerability. FLAG : ictf{l0c4l_byp4$$_323theu0a9}

    2023. 2. 19.

이전
1
다음
전체 글 보기
Tistory 로그인
Tistory 로그아웃
로그아웃 글쓰기 관리

Today 0

Total 13,024

Powered by hackintoanetwork

Designed by Nana
블로그 이미지
hackintoanetwork

티스토리툴바