├── README.md └── CTF-BIBLE ├── ctf.jpg ├── Web ├── LFI │ ├── lfi.jpg │ └── Readme.md ├── XSS │ ├── xss.png │ └── Readme.md ├── SSRF │ ├── ssrf.jpg │ └── Readme.md ├── SSTI │ ├── ssrf.png │ └── Readme.md ├── InsecureDeserialization │ ├── serialize.png │ └── Readme.md ├── XXE │ ├── Readme.md │ └── xxe-injection.svg ├── README.md └── SQLi │ ├── Readme.md │ └── sql-injection.svg ├── Forensics └── README.md ├── Readme.md └── Mobile └── README.md /README.md: -------------------------------------------------------------------------------- 1 | # CTF STUFF 2 | - [CTF-BIBLE](./CTF-BIBLE) 3 | -------------------------------------------------------------------------------- /CTF-BIBLE/ctf.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/k0imet/CTFs/HEAD/CTF-BIBLE/ctf.jpg -------------------------------------------------------------------------------- /CTF-BIBLE/Web/LFI/lfi.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/k0imet/CTFs/HEAD/CTF-BIBLE/Web/LFI/lfi.jpg -------------------------------------------------------------------------------- /CTF-BIBLE/Web/XSS/xss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/k0imet/CTFs/HEAD/CTF-BIBLE/Web/XSS/xss.png -------------------------------------------------------------------------------- /CTF-BIBLE/Web/SSRF/ssrf.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/k0imet/CTFs/HEAD/CTF-BIBLE/Web/SSRF/ssrf.jpg -------------------------------------------------------------------------------- /CTF-BIBLE/Web/SSTI/ssrf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/k0imet/CTFs/HEAD/CTF-BIBLE/Web/SSTI/ssrf.png -------------------------------------------------------------------------------- /CTF-BIBLE/Web/InsecureDeserialization/serialize.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/k0imet/CTFs/HEAD/CTF-BIBLE/Web/InsecureDeserialization/serialize.png -------------------------------------------------------------------------------- /CTF-BIBLE/Forensics/README.md: -------------------------------------------------------------------------------- 1 | # TOC 2 | ## Topics 3 | - [File System Forensics](./FSF) 4 | 5 | - [Memory Forensics](./Memory-Forensics) 6 | 7 | - [Network Forensics](./Network-Forensics) 8 | 9 | - [Database Forensics](./Database-Forensics) 10 | 11 | - [Application Forensics](./Application-Forensics) 12 | 13 | - [E-mail Forensics](./E-mail-Forensics) 14 | 15 | 16 |
17 | 18 | 19 | Digital Forensics 20 | 21 | -------------------------------------------------------------------------------- /CTF-BIBLE/Readme.md: -------------------------------------------------------------------------------- 1 | # CTF-BIBLE 2 | 3 | ##### tags `ctf` `web` `crypto` `reversing` `pwn` `forensics` `OSINT` 4 | ## TL;DR 5 | ### Writeups 6 | 7 | - [Mobile](./Mobile) 8 | 9 | - [Web](./Web) 10 | 11 | - [Forensics](./Forensics) 12 | 13 | - [pwn](./pwn) 14 | 15 | - [crypto](./crypto) 16 | 17 | - [reversing](./reversing) 18 | 19 | - [OSINT](./Osint) 20 | 21 | ### Archived CTFs 22 | 23 | - [Archive](https://github.com/sajjadium/CTFium) 24 | 25 | 26 | 27 | 28 | # Introduction to CTFs 29 | ![](ctf.jpg) 30 | ## What’s a CTF? 31 | - A CTF (Capture the Flag) is a cybersecurity competition where players must “hack” their way through different challenges in order to retrieve a flag, which is then submitted for points, allowing them to climb up the leader board. 32 | CTF Overview: 33 | ### Jeopardy: 34 | - A set of different tasks, usually providing players with the freedom of choosing which challenge to start off with. 35 | Jeopardy Main Categories: 36 | 37 | #### Web Exploitation 38 | - The player has to find and exploit vulnerabilities in a web application (XSS, SQLi, RCE, etc.) 39 | 40 | #### Forensics 41 | - Forensics is a key area of blue teaming and CTFs which includes aspects such as packet analysis, image analysis or in some cases location recovery. 42 | 43 | #### Reverse Engineering 44 | - RE mostly involves getting a compiled program and then deconstructing it into a far more readable format in order to get the flag. 45 | 46 | #### Binary Exploitation(pwn) 47 | - Binexp revolves around finding and exploiting vulnerabilities in programs, and get the flag. The best thing about binexp is that there are hundreds of possibilities and vulnerabilities to get the flag, be it through function modification, getting a shell or anything else. 48 | 49 | #### Cryptography 50 | - This category is in relation to finding some vulnerabilities within the overall cryptographic structure provided, be it RSA, AES, etc. 51 | 52 | #### OSINT (Open-source intelligence) 53 | - Making use of given data or clues and then taking into use Open source data online to investigate through the web in order to find the intended target. 54 | 55 | #### Steganography 56 | - This category usually contains revolves around finding hidden data within different forms of media, be it music, pictures, videos, etc. 57 | 58 | #### Misc 59 | Anything other than the mentioned categories, and the difficulty will always vary. 60 | 61 | Full Description 62 | 63 | 64 | # Where to Play CTFs 65 | ###### `Jeorpardies` 66 | 67 | - ctftime.org 68 | - ctf events calendar and team ratings 69 | 70 | 71 | - cybertalents.com 72 | - beginner friendly ctf platform 73 | 74 | ###### `Boot2root` 75 | 76 | - [Hackthebox](https://hackthebox.eu) 77 | 78 | - [Vulnhub](https://vulnhub.com) 79 | 80 | - [CTFROOM](https://ctfroom.com) 81 | 82 | - [Tryhackme](https://tryhackme.com) 83 | 84 | 85 | 86 | ### more links 87 | 88 | - [ctfsites](https://ctfsites.github.io) 89 | 90 | 91 | ### Similar Projects 92 | 93 | - [CTF-NOTES](https://github.com/lanjelot/ctfs) 94 | 95 | Watch this Space for More XD 96 | 97 | 98 | -------------------------------------------------------------------------------- /CTF-BIBLE/Web/XXE/Readme.md: -------------------------------------------------------------------------------- 1 | # XXE 2 | 3 | ### What is XML external entity injection? 4 | 5 | ![](xxe-injection.svg) 6 | 7 | XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. 8 | 9 | In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other back-end infrastructure, by leveraging the XXE vulnerability to perform [server-side request forgery](.././SSRF) attacks. 10 | [Read more](https://portswigger.net/web-security/xxe) 11 | 12 |
13 | CTF-Writeups 14 | 15 | ### CTF Writeups 16 | 17 | - [2017](#2017) 18 | 19 | - [2018](#2018) 20 | 21 | - [2019](#2019) 22 | 23 | - [2020](#2020) 24 | 25 | - [2021](#2021) 26 | 27 | - [2022](#2022) 28 | 29 | - [read-more](#other-interesting-reads) 30 | 31 | 32 | #### 2017 33 | 34 | - [Aaditya : upl0ad3r,inCTF](https://aadityapurani.com/2017/12/17/inctf/) 35 | 36 | - [qiita : xmlvalidator,HamaCTF](https://qiita.com/no1zy_sec/items/03b8f335e84995fec3e3) 37 | 38 | 39 | #### 2018 40 | 41 | - [vladtoie: message-board,pwn2win](https://medium.com/@vladtoie/message-board-first-flag-pwn2win-ctf-2018-writeup-5627ae5daed4) 42 | 43 | - [honoki : From blind XXE to root-level file read access](https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/) 44 | 45 | - [Balsn : Berg’s Club,Pwn2win ](https://balsn.tw/ctf_writeup/20181130-pwn2winctf/#berg%E2%80%99s-club) 46 | 47 | - [Thibaud : santahacklaus](https://thibaud-robin.fr/writeups/santhacklaus-2018/archdrive/) 48 | 49 | - [nettitude : derbycon ](https://labs.nettitude.com/blog/derbycon-2018-ctf-write-up/) 50 | 51 | - [Dvd848 : blind, 35C3](https://github.com/Dvd848/CTFs/blob/4f288117c2261b73e125f2338931c86a3641de1c/2018_35C3_Junior/blind.md) 52 | 53 | #### 2019 54 | 55 | - [pointhi : Baby Recruitor,Pwn2Win](https://www.sigflag.at/blog/2019/writeup-pwn2win-baby-recruiter/) 56 | 57 | - [ctrsec : BNV,Google CTF ](https://ctrsec.io/wp-content/uploads/2019/06/Google-CTF-2019-Writeups-Web-BNV.pdf) 58 | 59 | - [Bushwhackers : Gphotos,Google CTF](https://blog.bushwhackers.ru/googlectf-2019-gphotos-writeup/) 60 | 61 | - [w0u : Household,RuCTFE](https://w0y.at/writeup/2019/11/23/ructfe-2019-household.html) 62 | 63 | - [rawsec : Securinets Quals](https://rawsec.ml/en/SecurinetsCTF-2019-Quals-write-up/) 64 | 65 | - [rawsec : Wrestler Name Generator, SunshineCTF](https://rawsec.ml/en/Sunshine-CTF-2019-write-ups/) 66 | 67 | - [jaime : Wrestler Name Generator, SunshineCTF](https://jaimelightfoot.com/blog/sunshinectf/) 68 | 69 | - [m09ic : Ogeek CTF Quals](https://m09ic.top/posts/45148/) 70 | 71 | - [bookgin : Defcon27 Quals](https://bookgin.tw/2019/05/17/defcon-27-qual-ctf-web-writeups/) 72 | 73 | - [noistar : Juice Shop](https://noirstar.tistory.com/232) 74 | 75 | - [midnight : j2x2j,TokyoWesterns](https://syn-ack.hatenablog.com/entry/2019/09/05/104038) 76 | 77 | - [st98 :j2x2j,TokyoWesterns](https://st98.github.io/diary/posts/2019-09-14-tokyowesterns-ctf-5th-2019.html#j2x2j-web-59) 78 | 79 | - [Dead && end : ncc2019](https://d3adend.org/blog/posts/cloudiot-write-ups/) 80 | 81 | - [alevsk : bad injections.fireshell](https://www.alevsk.com/2019/01/fireshell-ctf-2019-bad-injections-web/) 82 | 83 | - [anemone : fireshell](https://anemone.top/ctf-2019fireshell%E4%B8%80%E9%81%93%E4%BB%8Exxe%E5%88%B0ssrf%E9%A2%98/) 84 | 85 | - [secpulse : OGeekCTF ](https://www.secpulse.com/archives/111370.html) 86 | 87 | - [s1r1us : Unagi,CSAW ](https://www.s1r1us.ninja/2019/09/csaw-ctf19-quals-writeup.html) 88 | 89 | - [zhaoj : ByteCTF](https://www.zhaoj.in/read-6310.html) 90 | 91 | - [Ambrotd : Special Order,HacktivityCON](https://github.com/Ambrotd/hacktivitycon/blob/master/Special%20Order/Special%20Order.md) 92 | 93 | 94 | #### 2020 95 | 96 | - [asd007: XXExternalXX,SharkyCTF](https://ctftime.org/writeup/20569) 97 | 98 | - [jai : XXExternalXX,SharkyCTF](https://jaiguptanick.github.io/Blog/blog/SharkyCTF_Writeup_web/) 99 | 100 | - [szymanski : ratctf](https://szymanski.ninja/en/ctfwriteups/2020/ratctf2020/) 101 | 102 | - [sqrtrev : wwww,3k](https://wrecktheline.com/writeups/3kctf-2020/) 103 | 104 | - [jaiguptanick : Traffic Lights W,HSCTF](https://jaiguptanick.github.io/Blog/blog/HSCTF7_2020_Writeups/) 105 | 106 | - [Bigpick : ExtraTerestrial,Nahamcon](https://bigpick.github.io/TodayILearned/articles/2020-06/nahamConCTF-writeups) 107 | 108 | - [ptr-yudai : A payload to rule them all,Pwn2win](https://ptr-yudai.hatenablog.com/entry/2020/06/01/102049) 109 | 110 | - [progpilot :spooky store,UTCTF](https://www.progpilot.com/writeups/nc2020/spook/) 111 | 112 | - [st98 : JACC](https://st98.github.io/diary/posts/2020-04-13-hexion-ctf-2020-online.html) 113 | 114 | - [hamayan : File Reader,DarkCTF](https://www.hamayanhamayan.com/entry/2020/09/28/233549) 115 | 116 | - [bootplug :Syntax check,defcamp](https://github.com/bootplug/writeups/blob/master/2020/defcamp/writeups.md#syntax-check) 117 | 118 | - [ 119 | 120 | ### 2021 121 | 122 | - [SamXML : Special order 2, 0x41414141](https://github.com/sambrow/ctf-writeups-2021/tree/master/0x41414141/special-order-pt2) 123 | 124 | - [Letronghoangminh : Alex Fan Club,LITCTF](https://github.com/letronghoangminh/CTF-Writeups/tree/master/Web/LITCTF%202021%20-%20Alex%20Fan%20Club%20API%20(500)) 125 | 126 | - [Synacktiv : entituber, HTB-Business](https://github.com/synacktiv/CTF-Write-ups/blob/main/HTB-Business-CTF-2021/fullpwn/entituber.md) 127 | 128 | - [Greybtw : Include me, eHaCON](https://github.com/greybtw/writeup-CTF_2021/blob/master/eHaCON%20CTF%202K21/Include%20me.md) 129 | 130 | - [Thalium : Artillery, CyberApocalypse](https://thalium.github.io/blog/posts/apocalypse2021-artillery/) 131 | 132 | - [Szymanski : indead2, Hackpack](https://szymanski.ninja/en/ctfwriteups/2021/hackpack/indead-v2/) 133 | 134 | - [PwnProphecy : Leaky-logs, Cybergames](https://github.com/PwnProphecy/ctf/blob/main/metactf-cybergames2021/Leaky-Logs.md) 135 | 136 | - [Terawiz : special-order-pt2, 0x41414141](https://github.com/terawhiz/CTF-Writeups/blob/main/0x41414141-CTF/web/special-oreder-pt2/README.md#special-order-pt2---490-pts) 137 | 138 | - [News Notifier, TamilCTF](https://www.youtube.com/watch?v=Y7sO2vKV9gw) 139 | 140 | ### 2022 141 | 142 | - [FittyFit, Faust](https://pwnthenope.github.io/writeups/2022/07/10/fittyfit.html) 143 | 144 |
145 | 146 | 147 |
148 | other interesting reads 149 | 150 | ### other interesting reads 151 | 152 | - [Intigriti : XXE](https://blog.intigriti.com/hackademy/xml-external-entity-processing-xxe/) 153 | 154 | - [mohemiv : exploiting xxe with local dtd files](https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/) 155 | 156 | - [hacktricks : XXE ](https://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity) 157 | 158 | - [tohacking : basic ways to exploit xxe](https://tohacking.com/til/the-basic-ways-to-exploit-xxe/) 159 | 160 | - [acunetix : OOB-XXE](https://www.acunetix.com/blog/articles/band-xml-external-entity-oob-xxe/) 161 | 162 | - [wallarm : XXE that Can bypass waf](https://lab.wallarm.com/xxe-that-can-bypass-waf-protection-98f679452ce0/) 163 | 164 | - [r00thunt : blind OOB-XXE ](https://r00thunt.com/2018/10/05/blind-xml-external-entities-out-of-band-channel-vulnerability-paypal-case-study/) 165 | 166 | - [XXE Wiki](https://csea-iitb.github.io/IITBreachers-wiki/2020/07/22/XXE.html) 167 | 168 |
169 | -------------------------------------------------------------------------------- /CTF-BIBLE/Web/InsecureDeserialization/Readme.md: -------------------------------------------------------------------------------- 1 | # Insecure-Deseralization 2 | 3 | ![](serialize.png) 4 | 5 |
6 | What is insecure deserialization? 7 | 8 | ## What is insecure deserialization? 9 | 10 | - Let’s first understand the whole picture here. When you learn a programming language, the first thing you learn is how to define variables, classes and data structures that best suit your needs. Then, you learn how to manipulate them to achieve your needs. So far, they reside in memory, but sometimes, you need to store their states or share them with other systems. That’s where serialization and deserialization come into play. 11 | 12 | ### What is Serialization? 13 | 14 | - Let’s say that you are playing with a character in a game. While you see the character on the screen, the software sees and manipulates an object residing in memory. 15 | 16 | - What if the game wants to store the state of that character in a file or share it with other systems? There should be a way to transform the in-memory object into a stream of bytes which can be easily stored and shared. That is what the process of serialization is all about. When the game performs the serialization of an object, we say that the object is serialized. 17 | 18 | 19 | ### What is Deserialization? 20 | 21 | - Deserialization is the opposite of serialization. In fact, it consists of converting the serialized data into an in-memory representation which the software can then manipulate. Continuing on the previous example, when the game wants to retrieve the state of the serialized character object, it needs to deserialize it first. 22 | What can go wrong here? 23 | 24 | When a software deserializes user-controlled data without verification, we call it insecure deserialization. In our game example, an attacker might store a serialized file representing a malicious payload. If the developer doesn’t perform a verification before deserialization, the insecure deserialization will trigger the attacker’s code. 25 | [Full Article](https://thehackerish.com/insecure-deserialization-explained-with-examples/) 26 | 27 |
28 | 29 | 30 |
31 | CTF-Writeups 32 | 33 | 34 | ## CTF-Writeups 35 | 36 | - [2010](#2010) 37 | 38 | - [2012](#2012) 39 | 40 | - [2013](#2013) 41 | 42 | - [2014](#2014) 43 | 44 | - [2016](#2016) 45 | 46 | - [2018](#2018) 47 | 48 | - [2019](#2019) 49 | 50 | - [2020](#2020) 51 | 52 | - [2021](#2021) 53 | 54 | 55 | ### 2010 56 | 57 | - [hack-lu pigs](https://websec.wordpress.com/2010/10/30/hack-lu-ctf-challenge-21-writeup-pigs/) 58 | 59 | ### 2012 60 | 61 | - [fdfalcon : Zombie Reminder,Hack.lu ](https://sysexit.wordpress.com/2012/10/25/hacklu-ctf-2012-zombie-reminder-200-write-up/) 62 | 63 | ### 2013 64 | 65 | - [scoding : exloit 100,VolgaCTF](https://scoding.de/volgactf-2013-writeup-exploit100) 66 | 67 | ### 2014 68 | 69 | - [Skullsecurity : kpop bad deserialization](https://blog.skullsecurity.org/2014/plaidctf-writeup-for-web-200-kpop-bad-deserialization) 70 | 71 | - [Plaid CTF 2014: "reeekeeeeee" 200 pts](http://security.cs.pub.ro/hexcellents/wiki/writeups/pctf2014_reekee) 72 | 73 | ### 2016 74 | 75 | - [TUCTF LuckyCharms. Exploiting Simple Java Deserialization Vulnerability.](https://breaking.into.systems/read/2016/TUCTF-LuckyCharms-Exploiting-simple-Java-deserialization-vuln) 76 | 77 | - [0daylabs : PHP object Injection via Cookie unserialize() - Nuit du hack CTF Web 100 writeup](https://blog.0daylabs.com/2016/04/03/unserialize-php-object-injection) 78 | 79 | - [hack.more : free_as_as_in_bavarian_beer](https://hack.more.systems/writeup/2016/10/02/tumctf-web50/) 80 | 81 | ### 2017 82 | 83 | - [necst : lamermi,PoliCTF](https://toh.necst.it/polictf/pwnable/Lamermi/) 84 | 85 | - [Apj: TSULOTT,meepwn](https://advancedpersistentjest.com/2017/07/17/writeup-tsulott-meepwn/) 86 | 87 | - [depier " 2nd Secured Portal,AsisCTF"](https://depier.re/asis_2017_2nd_secured_portal/) 88 | 89 | 90 | ### 2018 91 | 92 | - [k3ramas : Challenge 4,Recon Village](https://k3ramas.blogspot.com/2018/08/recon-village-ctf-defcon-26.html) 93 | 94 | - [cyku : Why-so-serials,Hitcon](https://cyku.tw/ctf-hitcon-2018-why-so-serials/) 95 | 96 | - [s0cket7 : Flask Skeleton Cards,PicoCTF](https://s0cket7.com/picoctf-web/) 97 | 98 | - [Balsn : 300-3,TrendMicro](https://balsn.tw/ctf_writeup/20180914-trendmicroctf/#300-3) 99 | 100 | - [Pharisaeus : 300-3,TrendMicro](https://github.com/p4-team/ctf/tree/master/2018-09-15-trendmicro/misc_deserializer) 101 | 102 | - [galdeleon : 35c3_php](https://github.com/galdeleon/35c3_php) 103 | 104 | - [rayoflightz : 35c33_php](https://rayoflightz.github.io/writeup/web/2019/01/03/35c3-php-writeup.html) 105 | 106 | - [Jaimin : PHP object injection in kaspersky CTF](https://medium.com/@jaimin_gohel/ctf-writeup-php-object-injection-in-kaspersky-ctf-28a68805610d) 107 | 108 | - [hackso : im-pickle-rick,bsidestlv](https://hackso.me/bsidestlv-web/#im-pickle-rick) 109 | 110 | - [Terry : My Flask App,Mitre CTF](https://terryvogelsang.tech/MITRECTF2018-my-flask-app/) 111 | 112 | - [alsn : Identify-the-function,Pwn2win](https://balsn.tw/ctf_writeup/20181130-pwn2winctf/#identify-the-function) 113 | 114 | - [securimag : filevault,insomnihack teaser](https://securimag.org/wp/challenges/writeup-insomnihack-teaser-2018-filevault/) 115 | 116 | - [Jbz : 420 Quiz, MatesCTF](https://jbz.team/matesctf2018/420-Quiz) 117 | 118 | 119 | ### 2019 120 | 121 | - [peterjson : ISITDTU Finals ](https://peterjson.medium.com/isitdtu-ctf-final-2019-web-write-ups-c845ce85808e) 122 | 123 | - [bananamafia : Exploiting PHP Deserialization: CCCamp19 CTF PDFCreator Challenge](https://bananamafia.dev/post/php-deserialize-cccamp19/) 124 | 125 | - [haboob : mimeCheckr,nullcon](https://haboob.sa/ctf/nullcon-2019/mimeCheckr.html) 126 | 127 | ### 2020 128 | 129 | - [Super Guesser : Web signin,N1CTF](https://github.com/Super-Guesser/ctf/tree/master/2020/N1CTF%202020/web/signin) 130 | 131 | - [abinpaul1 : Too_Many_Credits,TamuCTF](https://github.com/abinpaul1/CTF-Writeups/blob/master/TAMUCTF%202020%20-%20Too_Many_Credits/README.md) 132 | 133 | 134 | - [r3billions : writeup-defiltrate-part1](https://r3billions.com/writeup-defiltrate-part1/) 135 | 136 | - [sqrtrev : Image uploader,3kCTF]https://vuln.live/blog/11) 137 | 138 | - [harrier : deserializeme,UIUCTF](https://hackmd.io/@harrier/uiuctf20#deserializeme-450-3-solves-solved-by-ozetta-and-harrier) 139 | 140 | - [RB : L5D,Balsn 2020](https://blog.rb363.tw/2020/12/04/Balsn-CTF-2020-L5D/) 141 | 142 | - [eine : Official Business,Nahamcon](https://eine.tistory.com/entry/NahamCON-CTF-2020-Write-ups) 143 | 144 | - [Saudi : CyberTalents Weekend CTF-gu55y writeup](https://trevorsaudi.medium.com/cybertalents-weekend-ctf-gu55y-writeup-php-object-injection-dfe173d9f446) 145 | 146 | ### 2021 147 | 148 | - [f5,Old System,RealWorldCTF](https://f5.pm/go-53869.html) 149 | 150 | 151 |
152 | 153 |
154 | Further-Reading 155 | 156 | ### Further-Reading 157 | 158 | - [Exploiting PHP Phar Deserialization Vulnerabilities](https://blogs.keysight.com/blogs/tech/nwvs.entry.html/2019/06/26/exploiting_php_phar-PRD7.html) 159 | 160 | - [Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit](https://www.redtimmy.com/apache-tomcat-rce-by-deserialization-cve-2020-9484-write-up-and-exploit/) 161 | 162 | - [Exploiting Node.js deserialization bugfor Remote Code Execution(CVE-2017-5941)](https://www.exploit-db.com/docs/english/41289-exploiting-node.js-deserialization-bug-for-remote-code-execution.pdf) 163 | 164 | 165 | - [Hessian deserialization and related gadget chains](https://paper.seebug.org/1137/) 166 | 167 | 168 | - [Practical PHP Object Injection](https://insomniasec.com/cdn-assets/Practical_PHP_Object_Injection.pdf) 169 | 170 | 171 | - [Understanding & practicing java deserialization exploits](https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/) 172 | 173 | - [Automated Discovery of Deserialization Gadget Chains](https://i.blackhat.com/us-18/Thu-August-9/us-18-Haken-Automated-Discovery-of-Deserialization-Gadget-Chains-wp.pdf) 174 | 175 | - [awae preparation](https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/) 176 | 177 | 178 | - [PHP Object Injection Cheatsheet](https://nitesculucian.github.io/2018/10/05/php-object-injection-cheat-sheet/) 179 | 180 |
181 | -------------------------------------------------------------------------------- /CTF-BIBLE/Web/README.md: -------------------------------------------------------------------------------- 1 | # TOC 2 | ## Topics 3 | - [LFI](./LFI) 4 | 5 | - [SSRF](./SSRF) 6 | 7 | - [SSTI](./SSTI) 8 | 9 | - [XXE](./XXE) 10 | 11 | - [SQLi](./SQLi) 12 | 13 | - [XSS](./XSS) 14 | 15 | - [InsecureDeserialization](./InsecureDeserialization) 16 | 17 | 18 |
19 | 20 | 21 | Vulnerabilities in Web Applications 22 | 23 | ### Introduction 24 | 25 | How is private information leaked from social networking sites? How can someone’s bank account get compromised by just clicking on a link in an email? Why are we advised to not use the same password on different sites? What are those annoying “accept cookie banners” that pop up every time? How do characters in movies get into their school’s database to change their grade? 26 | 27 | If you’ve ever encountered any of the above questions and wanted to learn how these things happen, we’ve got you covered. In these tutorials we will be discussing about common vulnerabilities in web applications and how can those be exploited by attackers. But these tutorials cover a lot more than that. They will help you gain a deeper understanding into how stuff works, and if you are a developer, will help you to make more robust applications! 28 | 29 | ### What does a vulnerability mean? 30 | 31 | A website vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server. 32 | 33 | #### What kind of harm does it pose? 34 | 35 | There are different types of vulnerabilities, targetting different functions of a web application like gaining access to the database of a website revealing personal information of users, running a script in the background to access data from your computer, or a script that transfers money from your bank account! 36 | 37 | ##### Types of Vulnerabilities 38 | 39 | Different kinds of attacks are possible on web applications, but here we’ll be listing the top 10 according to the OWASP(Open Web Application Security Project, or OWASP, is an international non-profit organization dedicated to web application security.) report. 40 | Injection 41 | 42 | Injection attacks happen when untrusted data is sent to a code interpreter through a form input or some other data submission to a web application. For example, an attacker could enter SQL database code into a form that expects a plaintext username. If that form input is not properly secured, this would result in that SQL code being executed. This is known as an SQL injection attack. Injection attacks can be prevented by validating and/or sanitizing user-submitted data. (Validation means rejecting suspicious-looking data, while sanitization refers to cleaning up the suspicious-looking parts of the data.) In addition, a database admin can set controls to minimize the amount of information an injection attack can expose. 43 | ### Broken Authentication 44 | 45 | Vulnerabilities in authentication (login) systems can give attackers access to user accounts and even the ability to compromise an entire system using an admin account. For example, an attacker can take a list containing thousands of known username/password combinations obtained during a data breach and use a script to try all those combinations on a login system to see if there are any that work. Not even this, there are potential vulnerabilities in 2 Factor Authentication as well! 46 | 47 | ### Sensitive Data Exposure 48 | 49 | If web applications don’t protect sensitive data such as financial information and passwords, attackers can gain access to that data and sellor utilize it for nefarious purposes. One popular method for stealing sensitive information is using a man-in-the-middle attack. So, the applications generally store this sensitive data in encrypted format. 50 | 51 | ### XML External Entities (XXE) 52 | 53 | XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any backend or external systems that the application itself can access. The best ways to prevent XEE attacks are to have web applications accept a less complex type of data, such as JSON, or at the very least to patch XML parsers and disable the use of external entities (An ‘external entity’ in this context refers to a storage unit, such as a hard drive.) in an XML application. 54 | ### Broken Access Control 55 | 56 | Access control refers a system that controls access to information or functionality. Broken access controls allow attackers to bypass authorization and perform tasks as though they were privileged users such as administrators. For example a web application could allow a user to change which account they are logged in as simply by changing part of a url, without any other verification. 57 | 58 | ### Security Misconfiguration 59 | 60 | Security misconfiguration is the most common vulnerability, and is often the result of using default configurations or displaying excessively verbose errors. For instance, an application could show a user overly-descriptive errors which may reveal vulnerabilities in the application. This can be mitigated by removing any unused features in the code and ensuring that error messages are more general (like Internal Server Error or Bad Request). 61 | 62 | ### Cross-Site Scripting 63 | 64 | Cross-site scripting vulnerabilities occur when web applications allow users to add custom code into a url path or onto a website that will be seen by other users. This vulnerability can be exploited to run malicious JavaScript code on a victim’s browser. For example, an attacker could send an email to a victim that appears to be from a trusted bank, with a link to that bank’s website. This link could have some malicious JavaScript code tagged onto the end of the url. If the bank’s site is not properly protected against cross-site scripting, then that malicious code will be run in the victim’s web browser when they click on the link. Mitigation strategies for cross-site scripting include escaping untrusted HTTP requests as well as validating and/or sanitizing user-generated content. Using modern web development frameworks like ReactJS and Ruby on Rails also provides some built-in cross-site scripting protection. 65 | 66 | ### Insecure Deserialization 67 | 68 | This threat targets the many web applications which frequently serialize and deserialize data. Serialization means taking objects from the application code and converting them into a format that can be used for another purpose, such as storing the data to disk or streaming it. Deserialization is just the opposite: converting serialized data back into objects the application can use. Serialization is sort of like packing furniture away into boxes before a move, and deserialization is like unpacking the boxes and assembling the furniture after the move. An insecure deserialization attack is like having the movers tamper with the contents of the boxes before they are unpacked. 69 | 70 | ### Using Components With Known Vulnerabilities 71 | 72 | Many modern web developers use components such as libraries and frameworks in their web applications. These components are pieces of software that help developers avoid redundant work and provide needed functionality; common example include front-end frameworks like React and smaller libraries that used to add share icons or a/b testing. Some attackers look for vulnerabilities in these components which they can then use to orchestrate attacks. Some of the more popular components are used on hundreds of thousands of websites; an attacker finding a security hole in one of these components could leave hundreds of thousands of sites vulnerable to exploit. 73 | 74 | ### Insufficient Logging And Monitoring 75 | 76 | Many web applications are not taking enough steps to detect data breaches. The average discovery time for a breach is around 200 days after it has happened. This gives attackers a lot of time to cause damage before there is any response. OWASP recommends that web developers should implement logging and monitoring as well as incident response plans to ensure that they are made aware of attacks on their applications. 77 | 78 | Read More 79 |
80 | 81 |
82 | Web-CTF-Cheatsheets 83 | 84 | ## Web-CTF-Cheatsheets 85 | 86 | - [Kaibro : Web-CTF-Cheatsheet](https://github.com/w181496/Web-CTF-Cheatsheet) 87 | 88 | - [p6 :Web-Security-CheatSheet ](https://blog.p6.is/Web-Security-CheatSheet/) 89 | 90 |
91 | -------------------------------------------------------------------------------- /CTF-BIBLE/Web/LFI/Readme.md: -------------------------------------------------------------------------------- 1 | # File Inclusions (LFI/RFI) 2 | 3 | ![](lfi.jpg) 4 | 5 | ## File Inclusion vulnerability 6 | 7 | - A file inclusion vulnerability is a type of web vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. A file include vulnerability is distinct from a generic directory traversal attack, in that directory traversal is a way of gaining unauthorized file system access, and a file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application. An attacker can use remote code execution to create a web shell on the web server, which can be used for website defacement. Wikipedia 8 | 9 |
10 | CTF Writeups 11 | 12 | ## CTF Writeups 13 | 14 | - [2013](#2013) 15 | 16 | - [2014](#2014) 17 | 18 | - [2015](#2015) 19 | 20 | - [2016](#2016) 21 | 22 | - [2017](#2017) 23 | 24 | - [2018](#2018) 25 | 26 | - [2019](#2019) 27 | 28 | - [2020](#2020) 29 | 30 | - [2021](#2021) 31 | 32 | - [further-reading](#other-interesting-reads) 33 | 34 | 35 | ### 2013 36 | 37 | - Hacking Xampp via lfi 38 | 39 | 40 | ### 2014 41 | 42 | - phpwing web400 43 | 44 | - mrt-prodz : defcamp-quals ctf,pigeon 45 | 46 | 47 | ### 2015 48 | 49 | - insomnihack 2015 50 | 51 | - Hacklu 2015 52 | 53 | - 0x1337 : Codegate 2015 54 | 55 | - buer : csaw 2015 weeebdate 56 | 57 | - g0blin : Ekoparty 2015 58 | 59 | ### 2016 60 | 61 | - Megabeets : h4ckit2016, Pentest-mexico 62 | 63 | - Megabeets : TokyoWesterns2016, Global-page 64 | 65 | 66 | ### 2017 67 | 68 | 69 | - bl4de : Asis2017,Golem 70 | 71 | - aadityapurani : csaw2017 72 | 73 | - google-ctf-2017 quals 74 | 75 | 76 | 77 | ### 2018 78 | 79 | - Pwn-Collective : NeverLanCTF What-the-LFI 80 | 81 | - thibaud : santhacklaus-2018 82 | 83 | - flawwan : ritsec,Archivr 84 | 85 | - 0xc0ffee : Archivr 86 | 87 | - boiteaklou : 35C3 junior,flags 88 | 89 | - apb : accenture-ctf-greenland-web 90 | 91 | - mrtaharamine : coingame nuit-du-hack-ctf 92 | 93 | - netsecdaily : crossctf2018, The-Terminal 94 | 95 | - Orange : HITCON 2018,one-line-php 96 | 97 | 98 | ### 2019 99 | 100 | - Rawsec : Securinets2019,Feedback 101 | 102 | - Rawsec : Sunshine2019, Wrestler Name Generator 103 | 104 | - nytrogen : Defcamp 2019,Imgur 105 | 106 | - Aperikube : aperictf,worldmeet 107 | 108 | - harold : harekaze-ctf 2019 109 | 110 | 111 | ### 2020 112 | 113 | - Vietsec : TamuCTF2020 LFI to RCE 114 | 115 | - Sousse.love : Bug POC lfi ctf task 116 | 117 | - Ironhackers : Upsa 2020 118 | 119 | - Wrecktheline : ijctf 2020 120 | 121 | - st98 : ijctf 2020 122 | 123 | - allen : tjctf 2020,file-viewer 124 | 125 | - srikavin : Angstromctf-leettube 126 | 127 | - srikavin : redpwnctf20 tux-fanpage 128 | 129 | - Isopach : redpwnctf2020 tux-fanpage 130 | 131 | - Grini25 : Bsides-SF,had a bad day 132 | 133 | - STE : hacktivitycon 2020 134 | 135 | - rgbsec : UMDctf,sss-p2 136 | 137 | - Faizal : Whitehat Quals 138 | 139 | 140 | 141 | 142 | ### 2021 143 | 144 | - terawhiz : 0x41414141,Waffed 145 | 146 | - [Maple Bacon,Lorem Ipsum.B0ilers CTF](https://ubcctf.github.io/2021/04/bo1lers-loremipsum/) 147 | 148 |
149 | 150 | 151 |
152 | Other Interesting reads 153 | 154 | 155 | #### other interesting reads 156 | 157 | - Aptive : LFI pentesting guide 158 | 159 | - OWASP : LFI Testing Guide 160 | 161 | - Raj Chandel : Comprehensive LFI Guide 162 | 163 | 164 | - Rawsec : LFI 165 | 166 | - Fuzzdb : LFi Winblows 167 | 168 | - D35m0nd142 : LFISuite 169 | 170 | - ddxhunter : lfi-exploitation-techniques 171 | 172 | - insomniasec : LFI with phpinfo assistance 173 | 174 | - dustri : lfi to rce in php 175 | 176 | - xapax : lfi 177 | 178 | - ExploitDb : LFI paper 179 | 180 | - Highon.coffee : LFI cheatsheet 181 | 182 | - Fuzzdb : LFI-FD check 183 | 184 | - Security Idiots : LFI 185 | 186 |
187 | -------------------------------------------------------------------------------- /CTF-BIBLE/Web/SSTI/Readme.md: -------------------------------------------------------------------------------- 1 | # SSTI 2 | ![](ssrf.png) 3 | ## What is SSTI ? 4 | 5 | - Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side. 6 | 7 | Portswigger Detailed explanation 8 | 9 |
10 | CTF-Writeups 11 | 12 | ## CTF-Writeups 13 | 14 | - [2017](#2017) 15 | 16 | - [2018](#2018) 17 | 18 | - [2019](#2019) 19 | 20 | - [2020](#2020) 21 | 22 | - [2021](#2021) 23 | 24 | - [2022](#2022) 25 | 26 | ### 2017 27 | 28 | - Golem is stupid, Asis2017 29 | 30 | - [ktrio3 : Shia Labeouf-off!, CSAW Quals](https://ctftime.org/writeup/7580) 31 | 32 | 33 | 34 | ### 2018 35 | 36 | - Abdelkader Belcaid : AngstromCTF 2018, Madlibs 37 | 38 | 39 | - Abdelkader Belcaid 40 | : Tokyowesterns 2018,Shrine 41 | 42 | - kazkiti : HackIT CTF 2018,Believers Case 43 | 44 | - s0cket7 : picoctf _flask cards_ 45 | 46 | - [kazkiti : TorPy,InCTF](https://ctftime.org/writeup/11519) 47 | 48 | - [flawwn : TorPy,InCTF](https://github.com/flawwan/CTF-Writeups/blob/master/inCTF2018/torpy.md) 49 | 50 | - [HaboobTeam : SimpleVN](https://github.com/HaboobTeam/BCTF-2018-write-up/raw/master/WEB/SimpleVN.pdf) 51 | 52 | 53 | ### 2019 54 | 55 | - Slamat : X-MAS 2019 CTF write-up (Mercenary Hat Factory) SSTI 56 | 57 | - hell38vn : tamuctf2019 Science 58 | 59 | - nytrogen : defcamp quals 2019,Movie Night 60 | 61 | - redpwn : picoctf _empire2_ 62 | 63 | - [Terjanq : Scam Generator, JUSTCTF ](https://hackmd.io/@terjanq/justctf_writeups#Scam-generator-web-2-solves-unfixed-amp-1-solve-fixed) 64 | 65 | - [Dvd848 : Science,TamuCTF](https://github.com/Dvd848/CTFs/blob/master/2019_TAMUctf/Science.md) 66 | 67 | - [noobintheshell : Science, TamuCTF](https://noobintheshell.medium.com/tamuctf2019-writeups-1-360f53008f7a#708a) 68 | 69 | - [kazkiti : repeeaaaat, EncryptCTF](https://ctftime.org/writeup/14342) 70 | 71 | ### 2020 72 | 73 | - team0se7en : csictf2020, Usual suspects 74 | 75 | - [ahmed : the usual suspects, csictf](https://ahmed-belkahla.me/post/csictf2020/#the-usual-suspects-499pts-32-solves-) 76 | 77 | - nirvana_msu : [H1-2006] CTF Writeup 78 | 79 | - noxtal : hacktivitycon,template-shack 80 | 81 | - [bootplug : http for pros,defcamp](https://github.com/bootplug/writeups/blob/master/2020/defcamp/writeups.md#http-for-pros) 82 | 83 | - [st98 : Notes,hexion](https://st98.github.io/diary/posts/2020-04-13-hexion-ctf-2020-online.html#web-881-notes-37-solves) 84 | 85 | - [Arashparsa : SimpleFlask, GACTF](https://www.arashparsa.com/gactf/) 86 | 87 | - [SamXML : Congenial Octo Couscous, TJCTF](https://drive.google.com/file/d/1SMHzyP9jwN3vslfYU2kejVU-crYfnD8P/view) 88 | 89 | - [Kazkiti : Notepad, Zer0pts](https://ctftime.org/writeup/18597) 90 | 91 | - [posix : Notepad, Zer0pts](https://blog.p6.is/zer0pts-CTF-2020/) 92 | 93 | - [hamayanhamayan : Notepad, Zero0pts](https://blog.hamayanhamayan.com/entry/2020/03/09/131651) 94 | 95 | - [v4681d : MicroService, SUSEC](https://ctftime.org/writeup/18951) 96 | 97 | - [Ox12A0F : Memehub, Bsides Algiers quals](https://ctftime.org/writeup/25435) 98 | 99 | - [justjosef : Faraday, EkoParty](https://ctftime.org/writeup/23840) 100 | 101 | - [spotless : Newsletter, VolgaCTF quals](https://spotless.tech/volgactf-2020-qualifier-newsletter.html) 102 | 103 | ### 2021 104 | 105 | - [guyintheshell : maze,0x41414141](https://www.youtube.com/watch?v=YA8wcG1GL8A) 106 | 107 | - [luftenshjaltar : maze,0x41414141](https://luftenshjaltar.info/writeups/0x41414141ctf/web/maze/) 108 | 109 | - [Sqrtrev : DMM,DarkCON](https://vuln.live/blog/12) 110 | 111 | - [beerpwn : Localization is hard(thymeleaf SSTI),AerpCTF](https://beerpwn.github.io/ctf/2021/aero_CTF/web/Localization_is_hard/) 112 | 113 | - [n4sm : Localization is hard,AeroCTF](https://ret2school.github.io/post/localization_is_hard_wu/) 114 | 115 | - [isopach : Injection, DCTF](https://isopach.dev/DCTF-2021/#injection) 116 | 117 | - [luc : Lotion,Foobar](https://szymanski.ninja/en/ctfwriteups/2021/foobar/lotion/) 118 | 119 | - [xxonorg : Injection, DCTF](https://github.com/xxonorg/dCTF2021_Writeup/blob/main/Injection.md) 120 | 121 | - [manhnv : Starfleet, CyberApocalypse](https://manhnv.com/2021/04/cyber-apocalypse-2021-web-starfleet-writeup/) 122 | 123 | - [ryan-cd : ninja name generator, InterIUT](https://github.com/ryan-cd/ctf/tree/master/2020/interIUT/ninja_name_generator) 124 | 125 | - [ianjelot : AgentTester, Nahamcon](https://thegoonies.github.io/2021/03/15/nahamconctf-2021-agent-tester-v2/) 126 | 127 | 128 | ### 2022 129 | 130 | - [hongwei : gotm, LINE CTF](https://hong5489.github.io/2022-03-27-linectf2022/#gotm) 131 | 132 | - [r4f705 : 1 truth,2 lies. 1337UP LIVE CTF](https://ctftime.org/writeup/32473) 133 | 134 | - [LazyTitan : Naughty or Nice,HTB CyberSanta](https://github.com/LazyTitan33/CTF-Writeups/blob/main/HTB%20-%20Cyber%20Santa%20is%20Coming%20to%20Town%202021/Web/Naughty%20or%20Nice.md) 135 | 136 | - [Kashmir54 : Hey-Buddy, VishwaCTF](https://kashmir54.github.io/ctfs/VishwaCTF2022/#hey-buddy) 137 | 138 | - [x-c-3 : Mr 0, PatriotCTF](https://x-c-3.github.io/posts/patriotctf-2022/#mr-o) 139 | 140 | - [SamXML : Deafcon, Nahamcon](https://ctftime.org/writeup/33440) 141 | 142 | 143 |
144 | 145 | 146 |
147 | other interesting reads 148 | 149 | ### other interesting reads 150 | 151 | - we45 : SSTI Crash Course 152 | 153 | - Portswigger : SSTI Research 154 | 155 | - Hacktricks : SSTI 156 | 157 | - Musyoka Ian : SSTI explanation 158 | 159 | - onsecurity SSTI with jinja2 160 | 161 | - SSTI in flask/jinja2 162 | 163 | - cobalt : pentesters guide to SSTI 164 | 165 | - SSTI : cheatsheet 166 | 167 | - 0x1 : SSTI 168 | 169 | - PayloadAllTheThings : SSTI 170 | 171 | - [Jinja2 SSTI Filter bypass](https://medium.com/@nyomanpradipta120/jinja2-ssti-filter-bypasses-a8d3eb7b000f) 172 | 173 | - [0day : JInja2 template injection filter bypasses](https://0day.work/jinja2-template-injection-filter-bypasses/) 174 | 175 | - [acunetix : exploiting ssti in thymeleaf](https://www.acunetix.com/blog/web-security-zone/exploiting-ssti-in-thymeleaf/) 176 | 177 | - [veracode : Spring-view manipulation vulnerability](https://www.veracode.com/blog/secure-development/spring-view-manipulation-vulnerability) 178 | 179 | - [Hacktricks : thymeleaf java SSTI](https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection#thymeleaf-java) 180 | 181 | - [posix :Python-SSTI-exploitable-classes ](https://blog.p6.is/Python-SSTI-exploitable-classes/) 182 | 183 |
184 | 185 | 186 |
187 | Youtube Videos 188 | 189 | ### Youtube Videos 190 | 191 | - Pwnfunction : SSTI Explained 192 | 193 | - Sam : SSTI 194 | 195 | - Cobalt : SSTI all-in-one 196 | 197 |
198 | -------------------------------------------------------------------------------- /CTF-BIBLE/Web/XSS/Readme.md: -------------------------------------------------------------------------------- 1 | # XSS 2 | 3 | ![](xss.png) 4 | 5 | 6 | ## Cross-site Scripting (XSS) 7 | 8 | `Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. The actual attack occurs when the victim visits the web page or web application that executes the malicious code. The web page or web application becomes a vehicle to deliver the malicious script to the user’s browser. Vulnerable vehicles that are commonly used for Cross-site Scripting attacks are forums, message boards, and web pages that allow comments.` 9 | `A web page or web application is vulnerable to XSS if it uses unsanitized user input in the output that it generates. This user input must then be parsed by the victim’s browser. XSS attacks are possible in VBScript, ActiveX, Flash, and even CSS. However, they are most common in JavaScript, primarily because JavaScript is fundamental to most browsing experiences.` 10 | 11 | [Read more](https://www.acunetix.com/websitesecurity/cross-site-scripting/) 12 | 13 |
14 | CTF-Writeups 15 | 16 | ## CTF-Writeups 17 | 18 | 19 | - [2014](#2014) 20 | 21 | 22 | - [2015](#2015) 23 | 24 | 25 | - [2016](#2016) 26 | 27 | 28 | - [2017](#2017) 29 | 30 | 31 | - [2018](#2018) 32 | 33 | 34 | - [2019](#2019) 35 | 36 | 37 | - [2020](#2020) 38 | 39 | 40 | - [2021](#2021) 41 | 42 | 43 | ### 2014 44 | 45 | - [tasteless : Page Builder,31C3](https://www.tasteless.eu/post/2014/12/31c3-ctf-page-builder-writeup/) 46 | 47 | ### 2015 48 | 49 | - [NorthSec](http://holyvier.blogspot.com/2015/05/northsec-xss-challenge-writeups.html) 50 | 51 | ### 2016 52 | 53 | - [ulimateshi : XSS 2,ISITDTU](https://ctftime.org/writeup/3448) 54 | 55 | - [Runesec : Charizard,Pentest Cyprus](https://blog.runesec.com/2016/10/10/charizard/) 56 | 57 | - [gokulkrishna01 : sect-ctf](https://gokulkrishna01.wordpress.com/2016/09/09/admin-i-web-100-xss-sect-ctf-2016/) 58 | 59 | 60 | ### 2017 61 | 62 | - [d90pwn : SimpleXss,0ctf Quals](https://ctftime.org/writeup/5956) 63 | 64 | 65 | - [kyprizel : Complicated Xss,0ctf Quals](https://ctftime.org/writeup/5957) 66 | 67 | 68 | - [dirty_vish : joe,GoogleCTF Quals](https://ctftime.org/writeup/6824) 69 | 70 | - [l4w, The X sanitizer :Google CTF](https://l4w.io/2017/06/google-ctf-the-x-sanitizer-%E2%80%92-writeup/) 71 | 72 | 73 | - [Pharisaeus : The Great Escape part-2, Insomni'hack](https://ctftime.org/writeup/5301) 74 | 75 | - [chq-matteo : Mistune](https://theromanxpl0it.github.io/ctf_hacklu17/2017/10/19/mistune.html) 76 | 77 | - [maniffin : LLC,Defcamp Quals](https://steemit.com/ctf/@maniffin/defcamp-ctf-quals-2017-llc-webchall-writeup) 78 | 79 | 80 | ### 2018 81 | 82 | - [EmpireCTF : Dot-free,Real World CTF quals](https://github.com/EmpireCTF/empirectf/blob/master/writeups/2018-07-28-Real-World-CTF-Quals/README.md#105-web--dot-free) 83 | 84 | - [arminius : Nodepad,Teaser DragonCTF](https://ctftime.org/writeup/11452) 85 | 86 | - [itsZN : bbs,Google Quals](https://ctftime.org/writeup/10369) 87 | 88 | - [DragonSector : bbs,Google Quals](https://blog.dragonsector.pl/2018/07/google-ctf-2018-quals-bbs.html) 89 | 90 | - [Askaholic : Excesss,Security Fest ](https://ctftime.org/writeup/10193) 91 | 92 | 93 | - [kazkiti : rBlog 2018,RCTF](https://ctftime.org/writeup/10100) 94 | 95 | - [kazkiti : idIoT: Action,PlaidCTF](https://ctftime.org/writeup/9987) 96 | 97 | - [Orange : gCalc,Google CTF](https://blog.orange.tw/2018/06/google-ctf-2018-quals-web-gcalc.html) 98 | 99 | 100 | - [LoRexxar : TCTF/OCTF Xss](https://blog.knownsec.com/2018/04/tctf0ctf2018-xss-writeup/) 101 | 102 | - [TCTF/0CTF Quals](https://paper.seebug.org/574/) 103 | 104 | - [i heard you like xss,PlaidCTF](https://dttw.tech/posts/r1wFutMCf) 105 | 106 | ### 2019 107 | 108 | 109 | - [terjanq : Do You Even XSS?,Hack.lu](https://gist.github.com/terjanq/fdb23ae109446b826a4b37df88efae07#file-xss_hard-js) 110 | 111 | - [Alain_K : Numtonce,Hack.lu](https://ctftime.org/writeup/17065) 112 | 113 | - [XeR : hCorem - Real World CTF 2019 Quals](https://ctftime.org/writeup/16642) 114 | 115 | - [ajdumanhug : csaw-babycsp](https://github.com/ajdumanhug/ctf/blob/master/web/xss/csaw-babycsp-web-50.md) 116 | 117 | - [bilith : P0stMan,KipodAfterFree](https://ctftime.org/writeup/17694) 118 | 119 | - [jbz : Bypasses Everywhere,Ins'Hack](https://jbz.team/inshack2019/Bypasses_Everywhere) 120 | 121 | - [hasp0t : Intigriti may challenge](https://0x00sec.org/t/intigriti-xss-challenge-solution/13896) 122 | 123 | - [NaruseJun : TSG CTF](https://hackmd.io/@sekai/HJhnHwTiE?type=view) 124 | 125 | - [L'Amore : My Cats, CONfidence 2019](https://www.gem-love.com/ctf/2019.html) 126 | 127 | - [Renaud : Intigriti April XSS challenge](https://renaudmarti.net/posts/intigriti-xss-challenge/) 128 | 129 | - [0xc0ffee : SecretNote Keeper,Facebook CTF](http://0xc0ffee.io/blog/FacebookCTF-SecretNote) 130 | 131 | - [cybermouflons : nevernotecsp, csaw](https://cybermouflons.com/red-csaw19-nevernotecsp/) 132 | 133 | ### 2020 134 | 135 | - [Kazkiti : MusicBlog,Zer0pts](https://ctftime.org/writeup/18604) 136 | 137 | - [Sigflag : Notes App,ByteBandits](https://www.sigflag.at/blog/2020/writeup-bytebandits2020-notes-app/) 138 | 139 | - [jmg-duarte : Chatt with Bratt,UTCTF](https://jmg-duarte.github.io/posts/ctfs/utctf/chatt/) 140 | 141 | 142 | - [invalid-email-address : User Center,Volga Quals](https://github.com/corax/writeups/blob/master/VolgaCTF2020/Web/User%20Center/README.md) 143 | 144 | - [m417z : StuckOverflow,AppSec-IL](https://ctftime.org/writeup/24403) 145 | 146 | - [m3rc1fulcameron : flag-sharer,redpwn CTF](https://ctftime.org/writeup/21990) 147 | 148 | - [zup : viper,redpwn](https://ctftime.org/writeup/21819) 149 | 150 | - [Challenge writer POV: BSidesSF 2020 CTF](https://medium.com/@itsc0rg1/challenge-writer-pov-bsidessf-2020-ctf-ea84980b8d79) 151 | 152 | - [p6 : CSP, codegate preliminary](https://blog.p6.is/codegate-ctf-2020-preliminary/) 153 | 154 | - [p6 : Bsides SF](https://blog.p6.is/BSidesSF-2020-CTF/) 155 | 156 | - [LiveOverFlow : Pasteurize,Google CTF](https://www.youtube.com/watch?v=Tw7ucd2lKBk) 157 | 158 | - [LiveOverFlow : Tech Support,Google CTF](https://www.youtube.com/watch?v=Tw7ucd2lKBk) 159 | 160 | - [0xparrot : PastaXSS,FwordCTF](https://github.com/parrot409/writeups/tree/master/Fword2020/pastaxss) 161 | 162 | - [Nguyen : Intigriti Dec Xss challenge](https://viblo.asia/p/write-up-intigritis-december-xss-challenge-2020-GrLZDD0gZk0) 163 | 164 | - [klefz : BugPoC November Xss Challenge](https://klefz.se/2020/11/10/bugpoc-xss-ctf-november-2020-write-up/) 165 | 166 | - [Brett : Trash the Cache,Nahamcon](https://buer.haus/2020/06/14/nahamcon-trash-the-cache-write-up-web-1000/) 167 | 168 | - [y4y : Static Pastebin,Redpwn](https://y4y.space/2020/06/27/redpwn-ctf-2020-web-pastebin-challenge-writeup/) 169 | 170 | - [0x90AL : User Center,Volga Quals](https://blog.pwn.al/ctf/web/challenge/xss/jquery/2020/03/29/volgactf-web-challenge.html) 171 | 172 | - [iboynton : Intigriti easter challenge](https://lboynton.com/2020/04/20/intigriti-easter-xss-challenge-2020-write-up/) 173 | 174 | - [kitctf : Xmas Store,AllesCTF](https://kitctf.de/writeups/cscg20/xmas-store) 175 | 176 | - [terjanq : Bfnote,TokyoWesterns](https://kitctf.de/writeups/cscg20/xmas-store) 177 | 178 | ### 2021 179 | 180 | - [tkaixiang : Babier CSP,DiceCTF](https://ctftime.org/writeup/25984) 181 | 182 | - [terjanq : justCTF2020](https://hackmd.io/@terjanq/justCTF2020-writeups) 183 | 184 | - [ptr-yudai :Carmen Sandiego Season 2,PlaidCTF ](https://ptr-yudai.hatenablog.com/entry/2021/04/19/140802) 185 | 186 | - [k0imet : Support Ticket 2,CAT CTF](https://k0imet.github.io/2021/04/27/CAT-CTF.ae-WEB-Writeups.html) 187 | 188 | - [k0imet : Bug report,CyberApocalypse 2021](https://k0imet.github.io/2021/04/26/CyberApocalypse-Writeups.html) 189 | 190 | - [Ryn0K : Notes, RedPwn](https://github.com/Ryn0K/CTF_Writeups/tree/master/redpwn/web/notes/notes) 191 | 192 | - [jokr: Notes, RedPwn](https://jokrhub.github.io/2021/06/13/redpwnCTF-2021-notes.html) 193 | 194 | - [maple3142 : pastebin2, RedPwn](https://blog.maple3142.net/2021/07/13/redpwnctf-2021-writeups/#pastebin-2-social-edition) 195 | 196 | - [maple3142 : pastebin3, RedPwn](https://blog.maple3142.net/2021/07/13/redpwnctf-2021-writeups/#pastebin-3) 197 | 198 | - [Pocas : Original Store,Zh3r0](https://pocas.kr/2021/06/06/2021-06-05-Zh3r0-2021-CTF/#Web-Original-Store-842-pts) 199 | 200 | - [Pocas : Original Store v2,Zh3r0](https://pocas.kr/2021/06/06/2021-06-05-Zh3r0-2021-CTF/#Web-Original-Store-v2-871-pts) 201 | 202 | - [Pocas : bxss,Zh3r0](https://pocas.kr/2021/06/06/2021-06-05-Zh3r0-2021-CTF/#Web-bxss-100pts) 203 | 204 | - [qxxxb : imgfiltrate,CCC](https://github.com/qxxxb/ctf_challenges/tree/master/2021/ccc/web/imgfiltrate/solve) 205 | 206 | - [qxxxb : stickynotes, CCC](https://github.com/qxxxb/ctf_challenges/tree/master/2021/ccc/web/sticky_notes/solve) 207 | 208 |
209 | 210 | 211 | 212 |
213 | further-reading 214 | 215 | 216 | 217 | ## further-reading 218 | 219 | - [hacktricks : CSP Bypass](https://book.hacktricks.xyz/pentesting-web/content-security-policy-csp-bypass) 220 | 221 | - [hackingarticles : comprehensive guide on Xss](https://www.hackingarticles.in/comprehensive-guide-on-cross-site-scripting-xss/) 222 | 223 | 224 | - [xss for beginners](https://medium.com/swlh/xss-for-beginners-6752b1b1487d) 225 | 226 | - [Guidance to Cross-Site Scripting for beginners- I: Reflected XSS](https://medium.com/infosec/guidance-to-cross-site-scripting-for-beginners-i-reflected-xss-591c950b87d7) 227 | 228 | - [What is Cross-Site Scripting](https://chawdamrunal.medium.com/what-is-xss-c91d460375bb) 229 | 230 | - [Learning XSS: Part 1 — Reflected XSS (Brief Concept, Techniques, Challenge Walkthrough)](https://medium.com/@onehackman/learning-xss-part-1-reflected-xss-brief-concept-techniques-challenge-walkthrough-85f6b165541b) 231 | 232 | - [How to Detect Blind XSS Vulnerabilities](https://www.acunetix.com/websitesecurity/detecting-blind-xss-vulnerabilities/) 233 | 234 |
235 | -------------------------------------------------------------------------------- /CTF-BIBLE/Web/SSRF/Readme.md: -------------------------------------------------------------------------------- 1 | # SSRF 2 | 3 | ![](ssrf.jpg) 4 | 5 | ## Intro to SSRFs 6 | >> server-side request forgery 7 | In computer security, server-side request forgery (SSRF) is a type of exploit where an attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker. 8 | 9 | SSRF 10 | 11 | 12 | 13 |
14 | CTF Writeups 15 | 16 | ### CTF Writeups 17 | 18 | - [2018](#2018) 19 | 20 | - [2019](#2019) 21 | 22 | - [2020](#2020) 23 | 24 | - [2021](#2021) 25 | 26 | - [other-reads](#other-interesting-reads) 27 | 28 | - [Bug-Bounty](#Bug-Bounty-and-RVDs) 29 | 30 | 31 | ### 2018 32 | 33 | - noizy_sec : HamaCTF xmlvalidator writeup 34 | 35 | - cal1 : RealWorldCTF 2018 PrintMD 36 | 37 | - fireshell : nonamectf-convert 38 | 39 | - Spyclub : inctf2018 GoSqlv1 40 | 41 | - [1v3m : MMORPG3000, CTFZone](https://anal.school/2018/07/23/MMORPG3000-CTFZone-2018/) 42 | 43 | - [Pharisaeus : MMORPG3000,CTFZone](https://github.com/p4-team/ctf/tree/master/2018-07-21-ctfzone-quals/web_mmorpg) 44 | 45 | - [graneed : hiddenDOM,noxCTF](https://graneed.hatenablog.com/entry/2018/09/09/020809) 46 | 47 | - [stypr : lazyadmin, Volga](https://harold.kim/blog/2018/03/volgactf-2018-lazy-admin-writeup/) 48 | 49 | - [Pharisaeus : Cool Storage Service,Insomni'Hack ](https://github.com/p4-team/ctf/tree/master/2018-01-20-insomnihack/web_css) 50 | 51 | - [XeR : Tet-Shopping,Ace-Bear](https://ctftime.org/writeup/8578) 52 | 53 | - [OpenToAll : CoinGame,nuitduhack](https://abdilahrf.github.io/ctf/writeup-nuitdohack-quals-CoinGame) 54 | 55 | - [sed-baddou Easy PHP,nu1lCTF](https://sed-baddou.medium.com/chaining-bugs-to-get-shell-easy-and-hard-php-nu1lctf-2018-writeup-6369e6a97218) 56 | 57 | ### 2019 58 | 59 | - 10secTW : Baby SSRF ASIS QUALS 2019 60 | 61 | - csi : Baby SSRF ASIS QUALS 2019 62 | 63 | - systemoverlord : bsides-sf cloud2clown 64 | 65 | - movrment : Balsn 2019 Web Warmup 66 | 67 | - fireshell : bytebandits 2019 imgaccess 68 | 69 | - will-lynas: de1ctf-2019/SSRF_me 70 | 71 | - Samirettali: de1ctf-2019 SSRF-ME 72 | 73 | - bi0s: inctf2019 GoSQLv2 74 | 75 | - nytrogen : defcamp quals 2019 imgur 76 | 77 | - De1ta-team : De1CTF2019/SSRF_ME 78 | 79 | - [graneed : Bad Injections,Fireshell](https://graneed.hatenablog.com/entry/2019/01/28/023500) 80 | 81 | - [r00tstici : red-pwn-is, redpwnctf](https://github.com/r00tstici/writeups/blob/master/redpwnCTF/red-pwn-is/writeup.md) 82 | 83 | - [perfect-blue : bigspin, MidnightSunQuals](https://github.com/perfectblue/ctf-writeups/tree/master/2019/midnightsun-ctf-2019-quals/bigspin) 84 | 85 | - [kazkiti : Option-Cmd-U, SECCON](https://ctftime.org/writeup/16925) 86 | 87 | - [balsn : cat-web,CONfidence-Teaser ](https://balsn.tw/ctf_writeup/20200314-confidencectf2020teaser/#cat-web) 88 | 89 | - [XeR : Crawl-Box,RealWorldCTF](https://xer.forgotten-legends.org/writeup/2019/rwctf/crawl%20box.md) 90 | 91 | - [0xsapra : Where's My Cash,ALLELS](https://github.com/Super-Guesser/ctf/tree/master/2020/ALLES%20CTF%202020/web/where_is_my_cash) 92 | 93 | - [kcotsneb : exploitify, ENOFLAG3](https://saarsec.rocks/2019/07/10/explotify.html) 94 | 95 | 96 | ### 2020 97 | 98 | - manoelt : [H1-415 2020] CTF Writeup 99 | 100 | - lbherrera : [H1-415 2020] CTF Writeup 101 | 102 | - r3billions : split-second Nullcon 2020/ 103 | 104 | - zeddyu : Plaid-CTF-2020-Web-1 105 | 106 | - Bookgin : PlaidCTF 2020 contrived web problem 107 | 108 | - ret2jazzy : PlaidCTF 2020 contrived web 109 | 110 | - ahmed : Fword 2020 PastaXSS 111 | 112 | - rmb122 : hxp 2020 reasonator 113 | 114 | - spyclub : inctf 2020 GoSQLv3 115 | 116 | - jackson-t : MetasploitCTF 2020 117 | 118 | - mystiz : urlcheck-v1 TokyoWesterns 2020 119 | 120 | - mystiz : urlcheck-v2 TokyoWesterns 2020 121 | 122 | - [evanj2357 : kvcloud,WeCTF](https://evanj2357.github.io/ctf_writeups/kvcloud/) 123 | 124 | - [ar9ang3 : HackTheC2,Defenit](https://ar9ang3.tistory.com/63) 125 | 126 | - [ptrcnull : haramony chat, DragonCTF](https://github.com/p4-team/ctf/tree/master/2020-11-20-dragonctf/harmony_chat) 127 | 128 | - [zup : tpc, Balsn](https://ctftime.org/writeup/24948) 129 | 130 | - [zup : Discloud, DownUnderCTF](https://github.com/bootplug/writeups/blob/master/2020/downunderctf/misc/discloud/README.md) 131 | 132 | - [beerpwn : sploosh,PbCTF](https://beerpwn.github.io/ctf/2020/pbctf/Sploosh/) 133 | 134 | ### 2021 135 | 136 | - brycec : *CTF 2021 137 | 138 | - sambrow : SSRFrog Bamboofox2021 139 | 140 | - maxdamage : SSRFrog Bamboofox2021 141 | 142 | - Einstrasse : SSRFrog Bamboofox2021 143 | 144 | - [r3curs1v3_pr0xy : Pdf-Generator,TrollCat](https://hackwithproxy.medium.com/pdf-generator-writeup-dns-rebinding-attack-trollcat-ctf-writeup-d8001e5d71bb) 145 | 146 | - [synacktiv : Entituber HTB-Business CTF](https://github.com/synacktiv/CTF-Write-ups/blob/main/HTB-Business-CTF-2021/fullpwn/entituber.md) 147 | 148 | - [abbas : Bithug,PicoCTF](https://docs.abbasmj.com/ctf-writeups/picoctf2021#bithug) 149 | 150 | - [ehhthing : Bithug PicoCTF](https://larry.science/post/picoctf-2021/#bithug) 151 | 152 | - [qxxxb : Waterered down watermark,Angstrom](https://github.com/qxxxb/ctf/tree/master/2021/angstrom_ctf/watered_down_watermark) 153 | 154 | - [Kaiziron : Baby-SSRF,zh3r0-CTF](https://github.com/Kaiziron/zh3r0_ctf_v2/blob/main/Baby_SSRF/README.md) 155 | 156 | - [Amon : Site Shot,Vulncon](https://nandynarwhals.org/vulncon-ctf-2021/#website-shot) 157 | 158 | - [bi0s : Vuln-Drive, InCTF](https://blog.bi0s.in/2021/08/15/Web/Vuln-Drive-InCTF-Internationals-2021/) 159 | 160 | - [p4w : ChainRace, darkCTF](https://beerpwn.github.io/ctf/2020/darkCTF/web/Chain%20Race/) 161 | 162 | - [neptunian : requester and requester strikes back,RedPwn ](https://fireshellsecurity.team/redpwnctf-requester-and-requester-strikes-back/) 163 | 164 | - [parrot : PwnyIDE, UIUCTF](https://hackmd.io/@parrot409/HJJU1B_1t) 165 | 166 | - [k0imet : 0xSSRF](http://k0imet.codes/2021/05/04/HeroCTF-Writeups.html#0xssrf) 167 | 168 | - [zeyu : Raas.InCTF](https://ctf.zeyu2001.com/2021/inctf-2021/raas) 169 | 170 | - [rainbowpigeon : triskel-1-first-contact,norzhctf](https://rainbowpigeon.me/posts/norzhctf-2021/#triskel-1-first-contact) 171 | 172 | - [rainbowpigeon : triskel-3-dead-end,norzhctf](https://rainbowpigeon.me/posts/norzhctf-2021/#triskel-3--dead-end) 173 | 174 | - [ankursundara : wowza,PlaidCTF](https://blog.ankursundara.com/plaidctf-2021-wowza/) 175 | 176 | - [53c0nd-2473](https://ctftime.org/writeup/27733) 177 | 178 | - [debugmen : hacker-toohttps://saarsec.rocks/2019/07/10/explotify.htmlls, Tenable](https://debugmen.dev/ctf-writeup/2021/02/23/hacker_tools.html) 179 | 180 | - [jagetu : m0lefans,m0lecon2021](https://wrecktheline.com/writeups/m0lecon-2021/#m0lefans) 181 | 182 |
183 | 184 |
185 | Other interesting reads 186 | 187 | ### Other interesting reads 188 | 189 | - Orange Tsai : Blackhat Talk 190 | 191 | - netsparker: server-side-request-forgery-vulnerability-ssrf 192 | 193 | - Vicki Li : Intro to SSRFs 194 | 195 | - jdonsec : AllThingsSSRF 196 | 197 | - Tushar Verma : All about SSRF 198 | 199 | - Hacktricks : ssrf-server-side-request-forgery 200 |
201 | 202 |
203 | Bug Bounty and RVDs 204 | 205 | ### Bug Bounty and RVDs 206 | 207 | - Corben : Hackertarget 208 | 209 | - Andre : shopify-ssrf-to-rce 210 | 211 | - $1000-ssrf-in-slack 212 | 213 | - [From SSRF to $4000](https://thehackerish.com/bug-bounty-write-up-from-ssrf-to-4000/) 214 | 215 | - [Escalate SSRF to RCE](https://sanderwind.medium.com/escalating-ssrf-to-rce-7c0147371c40) 216 | 217 | - [Story Behind Sweet SSRF](https://rohit-soni.medium.com/story-behind-sweet-ssrf-40c705f13053) 218 | 219 | - [$10000 Facebook SSRF](https://medium.com/@amineaboud/10000-facebook-ssrf-bug-bounty-402bd21e58e5) 220 | 221 | - [31k$ SSRF in Google Cloud Monitoring led to metadata exposure](https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html) 222 |
223 | -------------------------------------------------------------------------------- /CTF-BIBLE/Web/SQLi/Readme.md: -------------------------------------------------------------------------------- 1 | # SQL Injections 2 | 3 | ![](sql-injection.svg) 4 | 5 | 6 | ## Intro to SQLi 7 | 8 | ``` 9 | SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior. 10 | ``` 11 | [What is SQL injection](https://portswigger.net/web-security/sql-injection) 12 | 13 |
14 | CTF-Writeups 15 | 16 | ## CTF-Writeups 17 | 18 | - [2013](#2013) 19 | 20 | 21 | - [2014](#2014) 22 | 23 | 24 | - [2015](#2015) 25 | 26 | 27 | - [2016](#2016) 28 | 29 | 30 | - [2017](#2017) 31 | 32 | 33 | - [2018](#2018) 34 | 35 | 36 | - [2019](#2019) 37 | 38 | 39 | - [2020](#2020) 40 | 41 | 42 | - [2021](#2021) 43 | 44 | 45 | - [further-reading](#further-reading) 46 | 47 | - [some labs](#some-labs) 48 | 49 | ### 2013 50 | 51 | - [Reiners, Secuinside](https://websec.wordpress.com/2013/05/26/secuinside-ctf-2013-writeup-the-bank-robber/) 52 | 53 | 54 | ### 2014 55 | 56 | - [Dr0ptix : Web50,backdoorCTF 2014](https://ctftime.org/writeup/969) 57 | 58 | - [ctf : injection3,PicoCTF](https://github.com/ctfs/write-ups-2014/tree/master/pico-ctf-2014/web-exploitation/injection-3-130) 59 | 60 | - [skullsec : web 100,plaidCTF](https://blog.skullsecurity.org/2014/plaidctf-writeup-for-web-100-blind-sql-injection) 61 | 62 | - [skullsec : web 100,PolygonShift](https://blog.skullsecurity.org/2014/plaidctf-writeup-for-web-100-blind-sql-injection) 63 | 64 | 65 | 66 | ### 2015 67 | 68 | 69 | - [insomihack: 2015writeups](https://insomnihack.ch/wp-content/uploads/2016/01/Hacking_like_in_the_movies.pdf) 70 | 71 | 72 | - [hacklu 2015](https://en.internetwache.org/hacklu-ctf-2015-writeups-22-10-2015/) 73 | 74 | 75 | - [orange : AIS3](https://blog.orange.tw/2015/09/ais3-final-ctf-web-writeup-race.html) 76 | 77 | - [Brett : Web 500(weebdate)](https://buer.haus/2015/09/20/csaw-2015-web-500-weebdate-writeup/) 78 | 79 | 80 | 81 | ### 2016 82 | 83 | - [corb3nik : Homework,AliCTF](https://ctftime.org/writeup/3518) 84 | 85 | - [0day : Good morning](https://0day.work/boston-key-party-ctf-2016-writeups/) 86 | 87 | - [szurek : SharifCTF 7](https://security.szurek.pl/en/sharifctf-7-web-writeup/) 88 | 89 | - [0daylabs](https://blog.0daylabs.com/2016/09/05/mongo-db-password-extraction-mmactf-100/) 90 | 91 | 92 | ### 2017 93 | 94 | - [HackThisSite : Injection2,EasyCTF](https://github.com/HackThisSite/CTF-Writeups/tree/master/2017/EasyCTF/Injection-2) 95 | 96 | - [ymgve : Baby Sqli,Bctf](https://github.com/ymgve/ctf-writeups/tree/master/bctf2017/web-babysqli-kittyshop) 97 | 98 | - [reznok : TetShopping,AceBear](https://github.com/reznok/CTFWriteUps/blob/master/AceBear_2018/TetShopping/README.md) 99 | 100 | - [justcallmedude : Meetpwn 2017](https://babyphd.net/2017/07/meepwnctf-2017-br0kenmysql1-2-3/) 101 | 102 | 103 | - [w0y : yacs,ucsb-ictf](https://w0y.at/writeup/2017/04/20/ucsb-ictf-2017-yacs.html) 104 | 105 | 106 | - [inshall'hack : SqlSRF,SECCON](https://inshallhack.org/sqlsrf_seccon/) 107 | 108 | - [hxp : Web150,hxp CTF 2017](https://hxp.io/blog/36/hxp-CTF-2017-web150-web_of_ages-writeup/) 109 | 110 | 111 | - [Martin : SquareCTF 2017](https://martinmelhus.com/squarectf-2017-writeup) 112 | 113 | - [securityinsider : nuit-du-hack](https://www.securityinsider-wavestone.com/2017/07/nuit-du-hack-2017-ctf-writeup--p1.html) 114 | 115 | 116 | ### 2018 117 | 118 | - [kazkiti : RuAdmin,HackIT ](https://ctftime.org/writeup/11017) 119 | 120 | - [arminius : Nodepad,Teaser Dragon CTF](https://ctftime.org/writeup/11452) 121 | 122 | - [iodbh: the vault,picoctf](http://blog.iodbh.net/picoctf2018-web-the-vault.html) 123 | 124 | - [argaz: Weird Blog,Jordan & Tunisia](https://ctftime.org/writeup/10374) 125 | 126 | - [kazkiti : Old School,Bsides Delhi 2018](https://ctftime.org/writeup/11953) 127 | 128 | - [iodbh :Irish name repo,PicoCTF](http://blog.iodbh.net/picoctf2018-web-irish-name-repo.html) 129 | 130 | - [Aaditya : Event Registeration](https://ctftime.org/writeup/9712) 131 | 132 | - [tonkatsu : Nodepad,Teaser Dragon ](https://blog.tonkatsu.info/ctf/2018/10/04/dsctf-2018-teaser.html) 133 | 134 | - [mdeditor : PicoCTF 2018](https://www.mdeditor.tw/pl/2OL3) 135 | 136 | - [Spyclub : InCTF-2018](https://spyclub.tech/2018/10/08/2018-10-08-inctf2018-web-challenge-writeup/) 137 | 138 | ### 2019 139 | 140 | 141 | - [Dvd848 : Irish-Name-Repo, picoCTF](https://github.com/Dvd848/CTFs/blob/4f288117c2261b73e125f2338931c86a3641de1c/2019_picoCTF/Irish-Name-Repo_2.md) 142 | 143 | - [Dvd848 : 1337 Security, TamuCTF](https://github.com/Dvd848/CTFs/blob/4f288117c2261b73e125f2338931c86a3641de1c/2019_TAMUctf/1337_Secur1ty.md) 144 | 145 | - [m3ssap0 : SQL Injected,Securinets Prequals](https://github.com/m3ssap0/CTF-Writeups/blob/master/Securinets%20Prequals%20CTF%202019/SQL%20Injected/README.md) 146 | 147 | - [Dvd848 : Not Another SQLi Challenge, TamuCTF](https://github.com/Dvd848/CTFs/blob/4f288117c2261b73e125f2338931c86a3641de1c/2019_TAMUctf/Not_Another_SQLi_Challenge.md) 148 | 149 | - [Xh4H : file magician,hxp 36c3](https://ctftime.org/writeup/17890) 150 | 151 | 152 | - [kazkiti : Vault,EncryptCTF](https://ctftime.org/writeup/14337) 153 | 154 | 155 | - [m3ssap0 : Execute-No-Evil,Xmas](https://github.com/m3ssap0/CTF-Writeups/blob/master/X-MAS%20CTF%202019/Execute%20No%20Evil/README.md) 156 | 157 | 158 | - [h0ffayyy : SQL, TamuCTF](https://github.com/h0ffayyy/CTF/blob/master/TAMU_CTF_2019/SQL/writeup.md) 159 | 160 | 161 | - [PDKT-Team: hr-admin,fbctf](https://github.com/PDKT-Team/ctf/blob/master/fbctf2019/hr-admin-module/README.md) 162 | 163 | 164 | - [alejandro : Bird Box,TamuCTF](https://ctftime.org/writeup/13860) 165 | 166 | 167 | - [viblo : efiens 2019](https://viblo.asia/p/efiens-ctf-2019-write-up-tu-sql-injection-toi-rce-va-get-root-oOVlYom4K8W) 168 | 169 | 170 | - [W0y : Trees For Future,hack.lu](https://w0y.at/writeup/2019/10/28/hacklu-2019-trees-for-future.html) 171 | 172 | 173 | - [Bookgin : Defcon 27 Quals ](https://bookgin.tw/2019/05/17/defcon-27-qual-ctf-web-writeups/) 174 | 175 | 176 | - [Ines : NeverLAN](https://git.fh-campuswien.ac.at/CampusCyberSecurityTeam/ctfs/blob/e6a1fdadfb6832aadb0cb8b3ad4771c203e841eb/writeups/2019/neverlan2019.md) 177 | 178 | 179 | - [graneed : CryptixCTF](https://graneed.hatenablog.com/entry/2019/10/13/214515) 180 | 181 | 182 | ### 2020 183 | 184 | - [mrnoobot : Bobby,TGHack](https://mrnoobot.com/tg20-bobby-web-challenge-sql-injection-sqli/) 185 | 186 | 187 | - [terjanq : Secure System,TetCTF](https://medium.com/@terjanq/blind-sql-injection-without-an-in-1e14ba1d4952) 188 | 189 | 190 | - [ZSECURE : Data Store,CyberYoddha](https://github.com/CTSecUK/CyberYoddha-CTF-2020/blob/main/Write-ups/Data%20Store.md) 191 | 192 | 193 | - [TwentyOneCool : Pandora, PragyanCTF](https://ctftime.org/writeup/18485) 194 | 195 | 196 | - [Kahla : The after-Prequel,Securinets QUals](https://ctftime.org/writeup/19077) 197 | 198 | 199 | - [Aneesh, File Magician,36C3](https://anee.me/file-magician-36c3-ctf-6cb5964c3238) 200 | 201 | 202 | - [itzone : Efiens CTF](https://itzone.com.vn/vi/article/efiens-ctf-2019-write-up-tu-sql-injection-toi-rce-va-get-root/) 203 | 204 | 205 | - [sqrtrev : ASIS CTF 2020 Write up(Author View)](https://vuln.live/blog/10) 206 | 207 | 208 | - [bi0s : XQli,InCTF](https://blog.bi0s.in/2020/08/26/Web/InCTF20%20-%20XQLi/) 209 | 210 | 211 | - [p1 : login page,UIUCTF](https://blog.p1.gs/ctf/2020/07/20/UIUCTF-2020-writeup/) 212 | 213 | 214 | - [dreamhack : Dobby_is_free, 2020 christmas ctf](https://dreamhack.io/ctf/writeups/47) 215 | 216 | - [SanXML :got-stacks ](https://drive.google.com/file/d/1hIcHVX3Pbv_EVpmbWUVctpBv7tsPJ_y5/view?usp=sharing) 217 | 218 | 219 | ## 2021 220 | 221 | - [MrFrey : Cartooner,DCTF](https://mrfey.fr/CTFS//DragonSec%20SI%20CTF%20-%202021/Web/Cartooner) 222 | 223 | - [y011d4 : Sea of Quills 1, angstrom](https://https://y011d4.netlify.app/20210408-angstromctf-writeup/#sea-of-quills) 224 | 225 | - [y011d4 : Sea of Quills 1, angstrom](https://y011d4.netlify.app/20210408-angstromctf-writeup/#sea-of-quills-2) 226 | 227 | - [sqrtrev : DarkCon Challs,VKL_SQL DarkCON](https://vuln.live/blog/12) 228 | 229 | - [SamXML : mysqlimit, TetCTF](https://drive.google.com/file/d/1vZEsnFT37qzlsMkfFqaYioxUPepdEpVY/view) 230 | 231 | - [qxxb : meet the union committee,UnionCTF](https://github.com/qxxxb/ctf/tree/master/2021/union_ctf/meet_the_union_committee) 232 | 233 | - [pwnthenope : Gauntlet2&3, PicoCTF](https://pwnthenope.pythonanywhere.com/writeups/web_gauntlet.html) 234 | 235 | - [th3jackers : Trashbin,Bsides Algiers Quals](https://ctftime.org/writeup/25437) 236 | 237 | - [ianjelot : art-gallery2,shakti](https://thegoonies.github.io/2021/04/04/shakti-ctf-2021-art-gallery-2/) 238 | 239 | - [albertofdr : emoji-voting,CyberApocalypse](https://albertofdr.github.io/ctf/htb/en/2021/04/24/ctf-htb.html#emoji-voting) 240 | 241 | - [kblagoev : emoji-voting, CyberApocalypse](https://kblagoev.com/blog/emoji-voting-cyberapocalypse-2021-ctf/) 242 | 243 | - [noob3xploiter : AlexFanClub](https://noob3xploiter.medium.com/lit-ctf-alex-fan-club-sql-injection-with-strict-blacklist-7abbcd402751) 244 | 245 | - [bi0s : Vuln-Drive, InCTF](https://blog.bi0s.in/2021/08/15/Web/Vuln-Drive-InCTF-Internationals-2021/) :fire: 246 | 247 | 248 | 249 | 250 |
251 | 252 | 253 |
254 | further-reading 255 | 256 | ### further-reading 257 | 258 | - [Faith : Regex-based Blind SQL Injection Attacks](https://faraz.faith/2019-07-28-regex-based-blind-sql-injection-attacks/) 259 | 260 | 261 | - [chivato : Taking SQL Injections Further](https://0x00sec.org/t/taking-sql-injections-further-blind-second-order-sql-injection-tmhc-ctf-shitter-writeup/18122) 262 | 263 | 264 | - [hackingarticles : exploiting form based sqli using sqlmap](https://www.hackingarticles.in/exploiting-form-based-sql-injection-using-sqlmap/) 265 | 266 | - [Beyond SQLi: Obfuscate and Bypass](https://www.exploit-db.com/papers/17934) 267 | 268 | - [Preventing 'SQLi'...](https://blogs.tunelko.com/2013/12/12/preventing-sqli-cheatsheet-during-attack-defense-ctf-basic-approach/) 269 | 270 | - [Sql Injection Payload list](https://ismailtasdelen.medium.com/sql-injection-payload-list-b97656cfd66b) 271 | 272 | - [Identifying & Exploiting SQL Injections: Manual & Automated](https://infosecwriteups.com/identifying-exploiting-sql-injection-manual-automated-79c932f0c9b5) 273 | 274 | - [SQL Injections 😈](https://medium.com/faun/sql-injections-e8bc9a14c95) 275 | 276 | - [Learn About SQL Injection Attacks](https://betterprogramming.pub/learn-about-sql-injection-attacks-ce9f8940a5ab) 277 | 278 | - [exploiting sqli](https://medium.com/dev-genius/exploiting-sql-injection-vulnerabilities-76df9b85dd7) 279 | 280 | - [SQL Injection Attack — it might pain!](https://medium.com/spidernitt/sql-injection-attack-it-might-pain-44ab11056f6c) 281 | 282 |
283 | 284 | 285 |
286 | some-labs 287 | 288 | ### some-labs 289 | 290 | - [beginner sqli](https://github.com/ryotosaito/beginner-sqli) 291 | 292 |
293 | -------------------------------------------------------------------------------- /CTF-BIBLE/Mobile/README.md: -------------------------------------------------------------------------------- 1 | # awesome-mobile-CTF 2 | This is a curated list of mobile based CTFs, write-ups and vulnerable mobile apps. Most of them are android based due to the popularity of the platform. 3 | 4 | 5 | Disclaimer : This Repo is inline with [https://github.com/xtiankisutsa/awesome-mobile-CTF](https://github.com/xtiankisutsa/awesome-mobile-CTF) just added a few more writeups and resources. 6 | feel free to check the original link too 7 | 8 | 9 | Inspired by [android-security-awesome](https://github.com/ashishb/android-security-awesome), [osx-and-ios-security-awesome](https://github.com/ashishb/osx-and-ios-security-awesome) and all the other awesome security lists on [@github](https://github.com/search?utf8=%E2%9C%93&q=awesome+security&type=Repositories&ref=searchresults). 10 | 11 |
12 | Mobile CTF challenges 13 | 14 | ## Mobile CTF challenges 15 | * [KGB Messenger](https://github.com/tlamb96/kgb_messenger) 16 | * [ASIS CTF — ShareL Walkthrough](https://medium.com/bugbountywriteup/asis-ctf-sharel-walkthrough-da32f3533b40?) 17 | * [Android reversing challenges](https://github.com/kiyadesu/android-reversing-challenges) 18 | * [Android app for IOT CTF](https://github.com/atekippe/SecDSM_April_2019_IOT_CTF_Android_APP) 19 | * [CyberTruck Challenge 2019 (Detroit USA)](https://github.com/nowsecure/cybertruckchallenge19) 20 | * [Matryoshka-style Android reversing challenge](https://github.com/o-o-overflow/dc2019q-vitor-public) 21 | * [Cybertruckchallenge19](https://github.com/nowsecure/cybertruckchallenge19) 22 | * [You Shall Not Pass - BSides Canberra 2019](https://gitlab.com/cybears/fall-of-cybeartron/tree/master/challenges/rev/youshallnotpass) 23 | * [Mobile challenges collection](https://drive.google.com/folderview?id=0B7rtSe_PH_fTWDQ0RC1DeWVoVUE&usp=sharing) 24 | * [BSidesSF 2018 CTF](https://github.com/antojoseph/androidCTF) 25 | * [h1-702-2018-ctf-wu](https://github.com/luc10/h1-702-2018-ctf-wu) 26 | * [THC CTF 2018 - Reverse - Android serial](https://github.com/ToulouseHackingConvention/bestpig-reverse-android-serial) 27 | * [Android crack me challenges](https://github.com/reoky/android-crackme-challenge) 28 | * [OWASP crack me](https://github.com/OWASP/owasp-mstg/tree/master/Crackmes) 29 | * [Rednaga Challenges](https://github.com/rednaga/training/tree/master/DEFCON23/challenges) 30 | * [iOS CTF](https://www.ivrodriguez.com/mobile-ctf) 31 | * [Android Hacking Event 2017: AES-Decrypt](https://team-sik.org/wp-content/uploads/2017/06/AES-Decrypt.apk_.zip) 32 | * [Android Hacking Event 2017: Token-Generator](https://team-sik.org/wp-content/uploads/2017/06/Token-Generator.apk_.zip) 33 | * [Android Hacking Event 2017: Flag-Validator](https://team-sik.org/wp-content/uploads/2017/06/FlagValidator.apk_.zip) 34 | * [Android Hacking Event 2017: You Can Hide – But You Cannot Run](https://team-sik.org/wp-content/uploads/2017/06/YouCanHideButYouCannotRun.apk_.zip) 35 | * [Android Hacking Event 2017: Why Should I Pay?](https://team-sik.org/wp-content/uploads/2017/06/WhyShouldIPay.apk_.zip) 36 | * [Android Hacking Event 2017: Esoteric](https://team-sik.org/wp-content/uploads/2017/06/esoteric.apk_.zip) 37 | * [Android Hacking Event 2016: StrangeCalculator](https://team-sik.org/wp-content/uploads/2016/06/strangecalculator.apk_.zip) 38 | * [Android Hacking Event 2016: ReverseMe](https://team-sik.org/wp-content/uploads/2016/06/ReverseMe.apk_.zip) 39 | * [Android Hacking Event 2016: ABunchOfNative](https://team-sik.org/wp-content/uploads/2016/06/aBunchOfNative.apk_.zip) 40 | * [Android Hacking Event 2016: DynChallenge](https://team-sik.org/wp-content/uploads/2016/06/dynChallenge.apk_.zip) 41 | * [PicoCTF-2014: Pickle Jar - 30](http://shell-storm.org/repo/CTF/PicoCTF-2014/Forensics/Pickle%20Jar%20-%2030/) 42 | * [PicoCTF-2014: Revenge of the Bleichenbacher](http://shell-storm.org/repo/CTF/PicoCTF-2014/crypto/Revenge%20of%20the%20Bleichenbacher%20-%20170/) 43 | * [Android MIT LL CTF 2013](https://github.com/huyle333/androidmitllctf2013) 44 | * [Evil Planner Bsides Challenge](https://labs.mwrinfosecurity.com/blog/2013/03/11/bsides-challenge/) 45 | * [Crack-Mes](http://www.droidsec.org/wiki/#crack-mes) 46 | * [GreHack-2012 - GrehAndroidMe](http://shell-storm.org/repo/CTF/GreHack-2012/reverse_engineering/100-GrehAndroidMe.apk/) 47 | * [Hackplayers.com Crackmes (in Spanish so an extra challenge): crackme 1 ](http://www.hackplayers.com/2010/12/reto-android-crackme1.html) 48 | * [Hackplayers.com Crackmes (in Spanish so an extra challenge): crackme 2](http://www.hackplayers.com/2011/12/reto-14-android-crackme2.html) 49 | * [Hack.Lu's CTF 2011 Reverse Engineering 300](http://shell-storm.org/repo/CTF/Hacklu-2011/Reversing/Space%20Station%200xB321054A%20(300)/) 50 | * [Androidcracking.blogspot.com's Crackme’s: cracker 0](http://androidcracking.blogspot.com/2012/01/way-of-android-cracker-0-rewrite.html) 51 | * [Androidcracking.blogspot.com's Crackme’s: cracker 1](http://androidcracking.blogspot.com/2010/10/way-of-android-cracker-1.html) 52 | * [Insomnia'hack-2K11](http://shell-storm.org/repo/CTF/Insomnia'hack-2K11/Reverse/validate.apk) 53 | * [CSAW-2011: Reversing101](http://shell-storm.org/repo/CTF/CSAW-2011/Reversing/Reversing101%20-%20100%20Points/) 54 | * [Defcon-19-quals: Binary_L33tness](http://shell-storm.org/repo/CTF/Defcon-19-quals/Binary_L33tness/b300/) 55 | * [Crack me's](https://github.com/as0ler/Android-Examples) 56 | * [SecuInside: CTF2011](http://big-daddy.fr/repository/CTF2011/SecuInside-CTF/Q7/) 57 | * [EnoWars-CTF2011: broken_droid](http://big-daddy.fr/repository/CTF2011/EnoWars-CTF/broken_droid/) 58 | * [Anonim1133](https://github.com/anonim1133/CTF) 59 | * [Challenge4ctf](https://github.com/CvvT/challenge_for_ctf) 60 | * [Ctfpro](https://github.com/jhong01/ctfpro) 61 | * [CTFDroid](https://github.com/rajasaur/CTFDroid) 62 | * [Android CTF](https://github.com/fathulkirom22/AndroidCTF) 63 | * [Android_ctf](https://github.com/artwyman/android_ctf) 64 | * [Robot CTF Android](https://github.com/KappaEtaKappa/Robot-CTF-android) 65 | * [Cl.ctfk](https://github.com/CTFK/cl.ctfk) 66 | * [Cryptax](https://github.com/cryptax/challenges) 67 | 68 |
69 | 70 |
71 | CTF-Writeups 72 | 73 | ## CTF Writeups 74 | 75 | * [2022](#2022) 76 | 77 | * [2021](#2021) 78 | 79 | * [2020](#2020) 80 | 81 | * [2019](#2019) 82 | 83 | * [2018](#2018) 84 | 85 | * [2017](#2017) 86 | 87 | * [2016](#2016) 88 | 89 | * [2015](#2015) 90 | 91 | * [2014](#2014) 92 | 93 | * [2013](#2013) 94 | 95 | * [2012](#2012) 96 | 97 | * [Vulnerable Mobile apps](#Vulnerable-Mobile-apps) 98 | 99 | 100 | ### 2022 101 | 102 | * [Mobilize, Nahamcon](https://github.com/evyatar9/Writeups/tree/master/CTFs/2022-NahamCon_CTF/Mobile/Mobilize) 103 | * [Click_Me, Nahamcon](https://github.com/evyatar9/Writeups/tree/master/CTFs/2022-NahamCon_CTF/Mobile/Click_Me) 104 | * [OTP_Vault, Nahamcon](https://github.com/evyatar9/Writeups/tree/master/CTFs/2022-NahamCon_CTF/Mobile/OTP_Vault) 105 | * [Secret_Vault, Nahamcon](https://github.com/evyatar9/Writeups/tree/master/CTFs/2022-NahamCon_CTF/Mobile/Secret_vault) 106 | * [Gandalf's Interface, 1337UP Live CTF](https://medium.com/@cxzero/1337up-live-intigriti-ctf-2022-f915bec6773) 107 | * [Herald, Insomni'hack](https://github.com/nikosChalk/ctf-writeups/blob/master/insomnihack2022/herald/README.md) 108 | * [Andronotes, Insomni'hack](https://github.com/p4-team/ctf/tree/master/2022-01-29-insomnihack/andronotes) 109 | * [Identify Yourself, Hacky Holidays](https://github.com/Matilda12390/Hacky-Holidays-CTF-Writeups/blob/main/Identify%20Yourself/Writeup.md) 110 | * [Unlock Train Data, Hacky Holidays](https://ctftime.org/writeup/34762) 111 | 112 | 113 | ### 2021 114 | 115 | * [Water Color, S4CTF](https://github.com/1GN1tE/CTF_Writeups/tree/main/Writeups/S4CTF_2021/Water%20Color) 116 | * [Midnight Flag](https://www.neit.tech/article/2/) 117 | * [Centaurus, Nahamcon](https://ctftime.org/writeup/26439) 118 | * [Play_the_game, RCTF](https://blog.rois.io/en/2020/rctf-2020-official-writeup-2/) 119 | * [HeyIamAB, TamilCTF](https://github.com/goseungduk/CTF_WriteUp/tree/master/Tamil_2021/rev/HeyImAB) 120 | * [Reactor, Hacktivity](https://ctftime.org/writeup/30345) 121 | * [ToDo ,Hacktivity](https://github.com/piyagehi/CTF-Writeups/blob/main/2021-HacktivityCon-CTF/09-ToDo.md) 122 | * [Microscopium, Nahamcon](https://ctftime.org/writeup/26493) 123 | * [Resourceful, Nahamcon](https://github.com/xnomas/Nahamcon-2021-Writeups/tree/main/Resourceful) 124 | * [Andra, Nahamcon](https://ctftime.org/writeup/26360) 125 | * [Inception, CyberSecurityRumble](https://ctftime.org/writeup/24793) 126 | 127 | 128 | ### 2020 129 | 130 | * [Andry,m0lecon teaser](https://bannsecurity.github.io/writeups/2020/05/24/m0leCon-teaser-2020-rev-andry/) 131 | * [Android,GoogleCTF](https://github.com/NicolaiSoeborg/ctf-writeups/tree/master/2020/Google%20CTF%202020/Android) 132 | * [Zulumeats 3, CyberSpace](https://blog.ikuamike.io/posts/2020/cyberspacectf-zulumeats3/) 133 | * Chasing a lock, RaziCTF : [Ikuamike Writeup](https://blog.ikuamike.io/posts/2020/razictf-chasingalock-writeup/), [1GN1T3](https://github.com/t3rmin0x/CTF-Writeups/tree/master/Razi%20CTF/Android/Chasing%20A%20Lock) 134 | * [HacktivityCon,several](https://www.goggleheadedhacker.com/blog/post/19) 135 | * [Flag Getter: downunderCTF](https://jsur.in/posts/2020-09-20-downunderctf-2020-writeups#flag-getter) 136 | * [Mobile 2: TrendMicro Quals](https://github.com/Hong5489/TrendMicroCTF2020/tree/main/mobile2) 137 | * [Play_the_game, RCTF](https://blog.rois.io/en/2020/rctf-2020-official-writeup-2/) 138 | * [Tamarin, Tokyo Westerns](https://github.com/pwning/public-writeup/tree/master/twctf2020/tamarin) 139 | * [Android, GoogleCTF](https://ctftime.org/writeup/23953) 140 | * [Pre-Historic Mario, ALLELS](https://ctftime.org/writeup/23320) 141 | * [Certified APP, BsidesTLV](https://ctftime.org/writeup/22010) 142 | * [Toast Clicker1, BsidesSF](https://ctftime.org/writeup/18523) 143 | * [Toast Clicker2, BsidesSF](https://ctftime.org/writeup/18524) 144 | * [Toast Clicker3, BsidesSF](https://ctftime.org/writeup/18525) 145 | * [GreatSuccess, Appsec-IL](https://ctftime.org/writeup/24406) 146 | * [Pinocchio, Hacktivity](https://ctftime.org/writeup/22754) 147 | 148 | 149 | ### 2019 150 | 151 | * [Local News,TamuCTF](https://blog.raw.pm/en/TamuCTF-2019-write-ups2/#460-Local-News-Android) 152 | * [DroidCon, SEC-T CTF 2019](https://anee.me/droidcon-sec-t-ctf-2019-d796be91bb3f) 153 | * [You Shall Not Pass - BSides Canberra 2019](https://medium.com/tsscyber/ctf-writeup-you-shall-not-pass-2c7a9254549b) 154 | * [CyberTruck Challenge 2019 — Android CTF](https://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530) 155 | * [Bsidessf-ctf-2019-mobile-track](https://aadityapurani.com/2019/03/07/bsidessf-ctf-2019-mobile-track/) 156 | * BsidesSF CTF - Challenge: [Part 1](https://medium.com/@itsc0rg1/bsidessf-ctf-challenge-write-up-part-1-e849bc917d37), [Part 2](https://medium.com/@itsc0rg1/bsidessf-ctf-challenge-write-up-part-2-f8f597be659) 157 | * [Flare-on 6](https://blog.attify.com/flare-on-6-ctf-writeup-part3/) 158 | * [Andex, ASIS Finals](https://medium.com/@ralireza/asis-ctf-2019-andex-write-up-33b91311c3a) 159 | 160 | 161 | ### 2018 162 | * [H1 202 2018 / H1 202 CTF](https://corb3nik.github.io/blog/h1-202-2018/h1-202-ctf) 163 | * [ H1-702 CTF (Capture the Flag)](https://aadityapurani.com/2018/06/25/h1-702-ctf-writeups/#mobile) 164 | * [BSidesSF 2018 CTF — Android Reversing/Forensic Challenge](https://medium.com/@antojoseph_1995/bsidessf-2018-ctf-android-reversing-forensics-challenge-f5522664b6a2) 165 | * [Hack the Android4: Walkthrough (CTF Challenge)](https://www.hackingarticles.in/hack-the-android4-walkthrough-ctf-challenge/) 166 | * [Google CTF Quals 2018](https://w0y.at/writeup/2018/07/02/google-ctf-quals-2018-shall-we-play-a-game.html) 167 | * [Ilam CTF: Android Reverse WriteUp](https://mstajbakhsh.ir/ilam-ctf-android-reverse-writeup/) 168 | * 8st SharifCTF Android WriteUps: [Vol I](https://mstajbakhsh.ir/8st-sharifctf-android-writeups-vol/), [Vol II](https://mstajbakhsh.ir/8st-sharifctf-android-writeups-vol-ii/) 169 | * [ASIS 2018 Finals: Gunshop](https://saarsec.rocks/2018/11/27/Gunshop.html) 170 | * [H1-202 CTF - Writeup](https://pwning.re/2018/02/23/h1-202-writeup/) 171 | * [M1Con CTF Write up](https://blog.manchestergreyhats.co.uk/2018/03/28/m1con-ctf-writeup/) 172 | * [AES decode with Cyberchef](https://blog.manchestergreyhats.co.uk/2018/04/18/aes-decode-with-cyberchef/) 173 | * [block, SECCON](https://ctftime.org/writeup/12004) 174 | * [Magicians Spells, HackIT](https://ctftime.org/writeup/11319) 175 | * [Shall we Play a Game,GoogleCTF](https://ctftime.org/writeup/10336) 176 | * [Shooter, SECCON](https://ctftime.org/writeup/12005) 177 | 178 | 179 | ### 2017 180 | 181 | * [h1-702-2018 : Several](https://blog.hacker.af/h1-702-2018-write-ups) 182 | * [BSides San Francisco CTF 2017 : pinlock-150](https://github.com/ctfs/write-ups-2017/tree/10bad9bd24b3f84c761faa4d78e223a3a29b2959/bsidessf-ctf-2017/reversing/pinlock-150) 183 | * [BSides San Francisco CTF 2017 : flag-receiver-200](https://github.com/ctfs/write-ups-2017/tree/10bad9bd24b3f84c761faa4d78e223a3a29b2959/bsidessf-ctf-2017/reversing/flag-receiver-200) 184 | * [BSidesSF CTF wrap-up](https://blog.skullsecurity.org/2017/bsidessf-ctf-wrap-up) 185 | * [itsC0rg1's mobile challenge and BSides SF CTF](https://medium.com/@itsc0rg1/my-mobile-challenge-and-bsides-sf-ctf-f9fc4dfca60) 186 | * [Insomni'hack Teaser 2017 : mindreader-250](https://github.com/ctfs/write-ups-2017/tree/6a3df5bcece6f952cb60db4a3ae2ce97a189b62d/insomnihack-teaser-2017/mobile/mindreader-250) 187 | * [2017_labyREnth: mob1_ezdroid](https://github.com/gray-panda/grayrepo/tree/1a0c2e033621af9900932252cda31c14a4fbbce8/2017_labyREnth/chal/mob1_ezdroid) 188 | * [2017_labyREnth: mob2_routerlocker](https://github.com/gray-panda/grayrepo/tree/1a0c2e033621af9900932252cda31c14a4fbbce8/2017_labyREnth/chal/mob2_routerlocker) 189 | * [2017_labyREnth: mob3_showmewhatyougot](https://github.com/gray-panda/grayrepo/tree/6a0d2fce53b71135286fac3c323b712af08d6913/2017_labyREnth/chal/mob3_showmewhatyougot) 190 | * [2017_labyREnth: mob4_androidpan](https://github.com/gray-panda/grayrepo/tree/ffbf17ec172f1624ba6607cc7756ed7b99d95b63/2017_labyREnth/chal/mob4_androidpan) 191 | * [2017_labyREnth: mob5_iotctf](https://github.com/gray-panda/grayrepo/tree/1a0c2e033621af9900932252cda31c14a4fbbce8/2017_labyREnth/chal/mob5_iotctf) 192 | * [helpxmen Stage 1-3, PHown](https://duykham.blogspot.com/2017/12/helpxman-stage-1-when-wearing-smart.html) 193 | 194 | ### 2016 195 | * [LabyREnth](http://researchcenter.paloaltonetworks.com/2016/09/unit42-labyrenth-capture-the-flag-ctf-mobile-track-solutions/) 196 | * [2016_labyREnth: mob1_lastchance](https://github.com/gray-panda/grayrepo/tree/f054b5d66af66ff684449dcb8e6c9e146213971b/2016_labyREnth/mob1_lastchance) 197 | * [2016_labyREnth: mob2_cups](https://github.com/gray-panda/grayrepo/tree/f054b5d66af66ff684449dcb8e6c9e146213971b/2016_labyREnth/mob2_cups) 198 | * [2016_labyREnth: mob3_watt](https://github.com/gray-panda/grayrepo/tree/f054b5d66af66ff684449dcb8e6c9e146213971b/2016_labyREnth/mob3_watt) 199 | * [2016_labyREnth: mob4_swip3r](https://github.com/gray-panda/grayrepo/tree/f054b5d66af66ff684449dcb8e6c9e146213971b/2016_labyREnth/mob4_swip3r) 200 | * [2016_labyREnth: mob5_ioga](https://github.com/gray-panda/grayrepo/tree/f054b5d66af66ff684449dcb8e6c9e146213971b/2016_labyREnth/mob5_ioga) 201 | * [2016_labyREnth: mob6_ogmob](https://github.com/gray-panda/grayrepo/tree/f054b5d66af66ff684449dcb8e6c9e146213971b/2016_labyREnth/mob6_ogmob) 202 | * [Holiday hack challenge: Part 01](https://github.com/gray-panda/grayrepo/tree/76925522bb0ce3a9615f0022300d525a958bc260/2016_holidayhackchallenge/01) 203 | * [Holiday hack challenge: Part 02](https://github.com/gray-panda/grayrepo/tree/76925522bb0ce3a9615f0022300d525a958bc260/2016_holidayhackchallenge/02) 204 | * [Holiday hack challenge: Part 04a](https://github.com/gray-panda/grayrepo/tree/76925522bb0ce3a9615f0022300d525a958bc260/2016_holidayhackchallenge/04a) 205 | * [Holiday hack challenge: Part 04b](https://github.com/gray-panda/grayrepo/tree/76925522bb0ce3a9615f0022300d525a958bc260/2016_holidayhackchallenge/04b) 206 | * [Holiday hack challenge: Part 04c](https://github.com/gray-panda/grayrepo/tree/76925522bb0ce3a9615f0022300d525a958bc260/2016_holidayhackchallenge/04c) 207 | * [Holiday hack challenge: Part 04d](https://github.com/gray-panda/grayrepo/tree/76925522bb0ce3a9615f0022300d525a958bc260/2016_holidayhackchallenge/04d) 208 | * [Holiday hack challenge: Part 04e](https://github.com/gray-panda/grayrepo/tree/76925522bb0ce3a9615f0022300d525a958bc260/2016_holidayhackchallenge/04e) 209 | * [Holiday hack challenge: Part 04f](https://github.com/gray-panda/grayrepo/tree/76925522bb0ce3a9615f0022300d525a958bc260/2016_holidayhackchallenge/04f) 210 | * [Holiday hack challenge: Part 5](https://github.com/gray-panda/grayrepo/tree/76925522bb0ce3a9615f0022300d525a958bc260/2016_holidayhackchallenge/05) 211 | * [0ctf-2016](https://github.com/ctfs/write-ups-2016/tree/master/0ctf-2016/mobile) 212 | * [Google-ctf-2016](https://github.com/ctfs/write-ups-2016/tree/39e9a0e2adca3a3d0d39a6ae24fa51196282aae4/google-ctf-2016/mobile) 213 | * [Google-ctf-2016: ill intentions 1](https://security.claudio.pt/post/googlectf/) 214 | * [Google-ctf-2016: ill intentions 2](https://github.com/d3rezz/Google-Capture-The-Flag-2016) 215 | * [Cyber-security-challenge-belgium-2016-qualifiers](https://github.com/ctfs/write-ups-2016/tree/c35549398f88d3755dc31a8fe995f15ef876ee18/cyber-security-challenge-belgium-2016-qualifiers/Mobile%20Security) 216 | * [Su-ctf-2016 - android-app-100](https://github.com/ctfs/write-ups-2016/tree/274307f43140bb4a52e0729ecf1282628fb22f5b/su-ctf-2016/reverse/android-app-100) 217 | * [Hackcon-ctf-2016 - you-cant-see-me-150](https://github.com/ctfs/write-ups-2016/tree/274307f43140bb4a52e0729ecf1282628fb22f5b/hackcon-ctf-2016/reversing/you-cant-see-me-150) 218 | * [RC3 CTF 2016: My Lil Droid](http://aukezwaan.nl/write-ups/rc3-ctf-2016-my-lil-droid-100-points/) 219 | * [Cyber Security Challenge 2016: Dexter](https://github.com/ctfs/write-ups-2016/tree/39e9a0e2adca3a3d0d39a6ae24fa51196282aae4/cyber-security-challenge-belgium-2016-qualifiers/Mobile%20Security/Dexter) 220 | * [Cyber Security Challenge 2016: Phishing is not a crime](https://github.com/ctfs/write-ups-2016/tree/39e9a0e2adca3a3d0d39a6ae24fa51196282aae4/cyber-security-challenge-belgium-2016-qualifiers/Mobile%20Security/Phishing-is-not-a-crime) 221 | * [google-ctf-2016 : little-bobby-application-250](https://github.com/ctfs/write-ups-2016/tree/39e9a0e2adca3a3d0d39a6ae24fa51196282aae4/google-ctf-2016/mobile/little-bobby-application-250) 222 | 223 | ### 2015 224 | * [Rctf-quals-2015](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/rctf-quals-2015/mobile) 225 | * [Insomni-hack-ctf-2015](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/insomni-hack-ctf-2015/mobile) 226 | * [0ctf-2015](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/0ctf-2015/mobile) 227 | * [Cyber-security-challenge-2015](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/cyber-security-challenge-2015/mobile-application-security) 228 | * [Trend-micro-ctf-2015: offensive-200](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/trend-micro-ctf-2015/analysis/offensive-200) 229 | * [codegate-ctf-2015: dodocrackme2](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/codegate-ctf-2015/reversing/dodocrackme2) 230 | * [Seccon-quals-ctf-2015: reverse-engineering-android-apk-1](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/seccon-quals-ctf-2015/binary/reverse-engineering-android-apk-1) 231 | * [Seccon-quals-ctf-2015 - reverse-engineering-android-apk-2](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/seccon-quals-ctf-2015/unknown/reverse-engineering-android-apk-2) 232 | * [Pragyan-ctf-2015](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/pragyan-ctf-2015/android) 233 | * [Volgactf-quals-2015](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/volgactf-quals-2015/web/malware) 234 | * [Opentoall-ctf-2015: android-oh-no](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/opentoall-ctf-2015/misc/android-oh-no) 235 | * [32c3-ctf-2015: libdroid-150](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/32c3-ctf-2015/reversing/libdroid-150) 236 | * [Polictf 2015: crack-me-if-you-can](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/polictf-2015/reversing/crack-me-if-you-can) 237 | * [Icectf-2015: Husavik](https://github.com/ctfs/write-ups-2015/tree/9b3c290275718ff843c409842d738e6ef3e565fd/icectf-2015/forensics/husavik) 238 | 239 | ## 2014 240 | * [Qiwi-ctf-2014: not-so-one-time](https://github.com/ctfs/write-ups-2014/tree/b02bcbb2737907dd0aa39c5d4df1d1e270958f54/qiwi-ctf-2014/not-so-one-time) 241 | * [Fdfpico-ctf-2014: droid-app-80](https://github.com/ctfs/write-ups-2014/tree/b02bcbb2737907dd0aa39c5d4df1d1e270958f54/pico-ctf-2014/forensics/droid-app-80) 242 | * [Su-ctf-quals-2014: commercial_application](https://github.com/ctfs/write-ups-2014/tree/b02bcbb2737907dd0aa39c5d4df1d1e270958f54/su-ctf-quals-2014/commercial_application) 243 | * [defkthon-ctf 2014: web-300](https://github.com/ctfs/write-ups-2014/tree/b02bcbb2737907dd0aa39c5d4df1d1e270958f54/defkthon-ctf/web-300) 244 | * [secuinside-ctf-prequal-2014: wooyatalk](https://github.com/ctfs/write-ups-2014/tree/b02bcbb2737907dd0aa39c5d4df1d1e270958f54/secuinside-ctf-prequal-2014/wooyatalk) 245 | * [Qiwi-ctf-2014: easydroid](https://github.com/ctfs/write-ups-2014/tree/b02bcbb2737907dd0aa39c5d4df1d1e270958f54/qiwi-ctf-2014/easydroid) 246 | * [Qiwi-ctf-2014: stolen-prototype](https://github.com/ctfs/write-ups-2014/tree/b02bcbb2737907dd0aa39c5d4df1d1e270958f54/qiwi-ctf-2014/stolen-prototype) 247 | * [TinyCTF 2014: Ooooooh! What does this button do?](https://github.com/ctfs/write-ups-2014/tree/b02bcbb2737907dd0aa39c5d4df1d1e270958f54/tinyctf-2014/ooooooh-what-does-this-button-do) 248 | * [31c3-ctf-2014: Nokia 1337](https://github.com/ctfs/write-ups-2014/tree/b02bcbb2737907dd0aa39c5d4df1d1e270958f54/31c3-ctf-2014/pwn/nokia-1337) 249 | * [Asis-ctf-finals-2014: numdroid](https://github.com/ctfs/write-ups-2014/tree/b02bcbb2737907dd0aa39c5d4df1d1e270958f54/asis-ctf-finals-2014/numdroid) 250 | * [PicoCTF-2014: Droid App](http://shell-storm.org/repo/CTF/PicoCTF-2014/Forensics/Droid%20App%20-%2080/) 251 | * [NDH2k14-wargames: crackme200-ChunkNorris](http://shell-storm.org/repo/CTF/NDH2k14-wargames/crackme200-ChunkNorris/) 252 | 253 | ## 2013 254 | * [Hack.lu CTF 2013: Robot Plans](https://github.com/ctfs/write-ups-2013/tree/816de23a940856c10987b5047823de48a192c270/hack-lu-ctf-2013/internals/Robot-Plans) 255 | * [CSAW Quals CTF 2015: Herpderper](https://github.com/ctfs/write-ups-2013/tree/816de23a940856c10987b5047823de48a192c270/csaw-quals-2013/web/herpderper-300) 256 | 257 | ## 2012 258 | * [Atast CTF 2012 Bin 300](http://andromedactf.wordpress.com/2013/01/02/atast-ctf-2012-bin300chall5/) 259 | 260 | ## Misc 261 | * [Nuit du Hack's 2k12 & 2k11 (pre-quals and finals) Android Crackme’s 2](http://blog.spiderboy.fr/tag/crackme/) 262 | 263 | ## Vulnerable Mobile apps: 264 | ### Android 265 | * [OWASP: OMTG-Hacking-Playground](https://github.com/OWASP/OMTG-Hacking-Playground) 266 | * [Damn insecure and vulnerable App (DIVA)](http://payatu.com/damn-insecure-and-vulnerable-app/) 267 | * [Damn-Vulnerable-Bank](https://github.com/rewanth1997/Damn-Vulnerable-Bank) 268 | * [InjuredAndroid](https://github.com/B3nac/) 269 | * [Damn Vulnerable Hybrid Mobile App (DVHMA)](https://github.com/logicalhacking/DVHMA) 270 | * [Owasp: Goatdroid Project](https://github.com/jackMannino/OWASP-GoatDroid-Project) 271 | * [InjuredAndroid](https://github.com/B3nac/InjuredAndroid) 272 | * [ExploitMe labs by SecurityCompass](http://securitycompass.github.io/AndroidLabs/setup.html) 273 | * [InsecureBankv2](https://github.com/dineshshetty/Android-InsecureBankv2) 274 | * [Sieve (Vulnerable ‘Password Manager’ app)](https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk) 275 | * [sievePWN](https://github.com/tanprathan/sievePWN) 276 | * [ExploitMe Mobile Android Labs](http://securitycompass.github.io/AndroidLabs/) 277 | * [Hacme Bank](http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx) 278 | * [Android Labs](https://github.com/SecurityCompass/AndroidLabs) 279 | * [Digitalbank](https://github.com/CyberScions/Digitalbank) 280 | * [Dodo vulnerable bank](https://github.com/CSPF-Founder/DodoVulnerableBank) 281 | * [Oracle android app](https://github.com/dan7800/VulnerableAndroidAppOracle) 282 | * [Urdu vulnerable app](http://urdusecurity.blogspot.co.ke/2014/08/Exploiting-debuggable-android-apps.html) 283 | * [MoshZuk](http://imthezuk.blogspot.co.ke/2011/07/creating-vulnerable-android-application.html?m=1) [File](https://dl.dropboxusercontent.com/u/37776965/Work/MoshZuk.apk) 284 | * [Appknox](https://github.com/appknox/vulnerable-application) 285 | * [Vuln app](https://github.com/Lance0312/VulnApp) 286 | * [Damn Vulnerable FirefoxOS Application](https://github.com/arroway/dvfa) 287 | * [Android security sandbox](https://github.com/rafaeltoledo/android-security) 288 | 289 | ### iOS 290 | * [ExploitMe Mobile iPhone Labs](http://securitycompass.github.io/iPhoneLabs/) 291 | * [Owasp: iGoat](https://github.com/hankbao/owasp-igoat) 292 | * [Damn Vulnerable iOS App (DVIA)](https://github.com/prateek147/DVIA) 293 | * [Damn Vulnerable iOS App (DVIA) v2](https://github.com/prateek147/DVIA-v2) 294 | 295 | ## Mobile security resources 296 | * [Mobile app pentest cheatsheet](https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet) 297 | * [Android security awesome](https://github.com/ashishb/android-security-awesome) 298 | * [Android security reference](https://github.com/doridori/Android-Security-Reference) 299 | * [Awesome-linux-android-hacking](https://github.com/pfalcon/awesome-linux-android-hacking) 300 | * [iOS security awesome](https://github.com/ashishb/osx-and-ios-security-awesome) 301 | * [awesome-iOS-resource](https://github.com/aozhimin/awesome-iOS-resource) 302 | * [Mobile security wiki](https://mobilesecuritywiki.com/) 303 | * [iPhone wiki](https://www.theiphonewiki.com/wiki/Main_Page) 304 | * [Nyxbone](http://www.nyxbone.com/malware/android_tools.html) 305 | * [Nowhere](https://n0where.net/best-android-security-resources/) 306 | * [Secmobi](https://github.com/secmobi/wiki.secmobi.com) 307 | 308 |
309 | 310 | ## Mobile security standards 311 | * [OWASP Mobile Security Project](https://www.owasp.org/index.php/OWASP_Mobile_Security_Project) 312 | * [OWASP Top 10 - 2016](https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10) 313 | * [OWASP Mobile Application Security Verification Standard (MASVS)](https://github.com/OWASP/owasp-masvs) 314 | * [OWASP Mobile Security Testing Guide (MSTG)](https://github.com/OWASP/owasp-mstg) 315 | 316 | # Credits 317 | * http://carnal0wnage.attackresearch.com/2013/08/want-to-break-some-android-apps.html 318 | * https://www.owasp.org/index.php 319 | * https://github.com/ctfs 320 | * http://shell-storm.org/repo/ 321 | * https://ctftime.org 322 | 323 | -------------------------------------------------------------------------------- /CTF-BIBLE/Web/SQLi/sql-injection.svg: -------------------------------------------------------------------------------- 1 | sql-injection_1' UNION SELECT username, password FROM users--SELECT name, description FROM products WHERE category = 'Gifts' UNION SELECT username, password FROM users--All passwordsAll usernames -------------------------------------------------------------------------------- /CTF-BIBLE/Web/XXE/xxe-injection.svg: -------------------------------------------------------------------------------- 1 | XXE Injection2-02<?xml version="1"?> <!DOCTYPE stockCheck [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]><stockCheck><productId>&xxe;</productId></stockChecksensitive dataroot:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/sh --------------------------------------------------------------------------------