Hi Everyone,

It’s been a while since I posted. Hope you all are safe and sound.

Winja CTF is a Capture the Flag contest , hosted by Nullcon International Conference , where I created several challenges.

One of the challenge that got left unsolved was Blin D rush

Sorry if I put too much rabbit-holes (〒▽〒) . For the people looking for solution you can skip to challenge solution.

It revolved around the CVE-2019–6340 which is Drupal’s REST Module Remote Code Execution vulnerability. …


Writeup for all the Zelda Challenges in Nullcon’s HackIM 2020

Note: Everyone must have solved this differently ,Telling my method here

1. Zelda and the Zombies

The Binary/Game for all the first three challenges was same so we had to find all first three flags in the same game only.

Task : Kill any NPC to get the flag

So initially the game has 5 zombies attacking you whose life is shown at the Top Left corner.Their life gets decreased in two cases

  1. When They come in contact with Zelda
  2. When Zelda Fires using sword.

Solution :

Step 1 :Open Cheat Engine , As soon…


Box Name : Hackerfest 2019

Source : VulnHub

Difficulty : Easy

Recon

First I ran the following command :

nmap -sV -sC -oA -F 192.168.0.110

Here 192.168.0.110 was the ip of the box hosted in the VM.After scanning we get the following result

Fig.1 Nmap Scan

I saw an http service is running on port 80.Tried visiting the page and got a webpage hosted as follows:


Points : 250

Cipher Text : 4-’3evh?’c)7%t#e-r,g6u#.9uv#%tg2v#7g’w6gA

The Pico CTF was held this month with lots of sec challenges in it.One challenge that was really solved from scratch by me was this

Caesar Cipher 2 .

A string was given which was supposed to be a ciphertext …..wait not just a normal cipher text but a cipher text involving special characters as well
The reason I had to solve it from scratch is because I couldnt find any online service to decipher it with ROTation of more than 25 …LEL …

Hint : ASCII

of course the Cipher text contained special characters so ASCII table was used…

Tushar Kulkarni

Security Enthusiast | A Web App Developer Sometimes

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store