HACKINTOANETWORK

WEB APPLICATION BUG HUNTER, PENETRATION TESTER

CTF/Incognito 4.0

To summarize this CTF challenge, it could be solved by performing a NoSQL injection attack. The challenge provided a login and registration feature, as well as a functionality to check the existence of an email and whether an account had admin privileges. The ultimate goal of the challenge was to log in with an admin account, so I had to find an account with "isAdmin" set to true. Payload import..

2023. 2. 19.

CTF/Incognito 4.0

This CTF challenge is an SSRF challenge with some additional filtering compared to the "get flag1" challenge that was previously solved. The challenge provides a URL form where a user can input a URL, and the goal is to bypass the filtering and trigger an SSRF attack. Payload http://0x7f.0x00.0x00.0x01:9001/flag.txt The payload used to trigger the SSRF attack is the URL "http://0x7f.0x00.0x00.0x..

2023. 2. 19.

CTF/Incognito 4.0

This CTF challenge is a simple SSRF challenge When you access the challenge, there is a URL form where you can input a URL. Payload http://0.0.0.0:9001/flag.txt Exploit By entering "http://0.0.0.0:9001/flag.txt" into the URL form, you can trigger an SSRF vulnerability. FLAG : ictf{l0c4l_byp4$$_323theu0a9}

2023. 2. 19.