Posts

MIDNIGHT FLAG CTF 2025 - Operation Silent Hunt

Difficulty: Medium Category: OSINT Author: Chic0s & Papyruss 📝 Description During the theft of a hard drive containing sensitive data, the attacker made a crucial mistake — they left their phone at the scene. Your mission: follow the digital breadcrumbs and uncover the exact address where the hard drive is hidden. ⚠️ But be careful — getting caught could compromise the entire operation. Important: All OSINT must be conducted using the following websites only:

WEB - Breaking Bank

Website Analysis CryptoX is a cryptocurrency management platform that allows users to: Track market prices Manage portfolios Send transactions For added security, transactions can only be conducted between friends. Users can monitor their assets, market changes, and transaction history through an intuitive, dark-themed interface. Features Introduction To perform a transaction, the following conditions must be met: You must be friends with the recipient. You must own cryptocurrency. Friend Request The friend request can be initiated by either the sender or the recipient of the transaction.

Dojo 36 - YesWeHack

Description OS Command Injection is a vulnerability that allows attackers to inject and execute arbitrary commands on the operating system through unsanitized user input. This can lead to unauthorized access, data theft, system compromise, or remote code execution. It typically occurs when applications pass user input directly into OS commands without proper validation. Exploitation We are given a web application that allows us to ping an IP address. We can send two inputs :

Dojo Halloween - YesWeHack

Description Server-Side Request Forgery (SSRF) is a vulnerability that enables attackers to trick a server into making requests to unintended locations, both internal and external, by manipulating URLs in user-supplied input. This can lead to unauthorized access to internal services, sensitive information disclosure, or even full system compromise. SSRF typically occurs when applications fetch external resources or perform HTTP requests based on unvalidated user input, allowing attackers to manipulate these requests and access restricted networks, APIs, or internal systems.

Dojo 35 - YesWeHack

Description Une SSTI (Server-Side Template Injection) est une vulnĂ©rabilitĂ© qui survient lorsqu’une application web permet Ă  un attaquant d’injecter du code malveillant directement dans le modèle (template) utilisĂ© cĂ´tĂ© serveur pour gĂ©nĂ©rer du contenu dynamique. Les moteurs de templates, tels que EJS, Jinja2, Pug, et bien d’autres, sont souvent utilisĂ©s pour sĂ©parer la logique d’application de la prĂ©sentation des donnĂ©es. Cependant, si ces moteurs de templates ne traitent pas correctement les donnĂ©es fournies par l’utilisateur, cela peut offrir aux attaquants une opportunitĂ© d’injecter du code qui sera interprĂ©tĂ© et exĂ©cutĂ© par le serveur

Dojo 34 - YesWeHack

Description En cas de XXE (XML External Entity), une vulnĂ©rabilitĂ© est exploitĂ©e dans le traitement XML pour insĂ©rer des entitĂ©s externes malveillantes dans un document XML. Ce type de faille permet Ă  un attaquant de lire des fichiers arbitraires sur le système, de scanner des ports, voire d’exĂ©cuter du code Ă  distance. Dans le cadre de cette vulnĂ©rabilitĂ©, le point d’entrĂ©e identifiĂ© Ă©tait la fonction promptFromXML(data), oĂą des entrĂ©es XML malveillantes pourraient ĂŞtre utilisĂ©es pour manipuler les paramètres de sĂ©curitĂ© du serveur et potentiellement exĂ©cuter du code non autorisĂ© sur le serveur web.

Proxmark 3 - Mifare 1K

1 - Implementation of the Tool In the first step, I will equip myself with my tool: The Proxmark 3 Easy, you can find this little gadget on AliExpress for around 50€. It has two antennas, one for low frequency and one for high frequency. To use it, you will need a tool called Iceman. YouTube tutorial for updating the firmware and installing Iceman: https://www.youtube.com/watch?v=n1Xt-1ZmjM0&feature=emb_imp_woyt 2 - Identifying the Badge To identify the badge, we will use the ‘auto’ command, which allows scanning across different frequencies (high and low frequencies).

Chic0s

(lambda hex_str: [print(chr(int(hex_str[i:i+2], 16))) for i in range(0, len(hex_str), 2)])(“45534e412053747564656e74”)

Walking