rastating.github.io

WP Live Chat Support <= 7.0.06 Reflected XSS

June 17, 2017

Due to a lack of CSRF mitigation and entity encoding in `wp-live-chat-support.php`, it is possible to execute scripts in the context of an admin user by including a script in the `cid` field in a GET request.

Continue reading

Super Mario Host CTF Walkthrough

June 16, 2017

Super Mario Host is an SMB themed CTF created by mr_h4sh. The goal of the CTF is to discover the two hidden flags and to find the passwords of all the characters with accounts on the system.

Continue reading

MaxButtons <= 6.18 Reflected XSS

June 10, 2017

Due to a lack of CSRF mitigation and entity encoding in `includes/admin_header.php`, it is possible to execute scripts in the context of an admin user by including a script in the `page` field in a POST request.

Continue reading

How I Hacked Bobby

June 4, 2017

The Bobby CTF is based on a Windows XP Pro SP3 VM with the objective of retrieving the flag found somewhere within the administrator’s personal folder.

Continue reading

How I Hacked Billu B0x

June 1, 2017

Host & Service DiscoveryTo start my analysis of this CTF, I booted into Kali and started Metasploit [msfconsole] and ran an Nmap SYN scan to locate the VM on the network:

Continue reading
Prev Next