This year I contributed 2 challenges to bi0s CTF (formerly InCTF Internationals).
In this post, we discuss the intended solution to PyCGI challenge. The source code of this challenge can be downloaded from here.
We are provided with 2 attachments for this challenge:
Looking into the Nginx configuration, we can find that there is a potential path traversal in the /static endpoint. You can read more about this here.
In this post, we discuss the solution to EmoLocker challenge from bi0s CTF 2022. The source code of this challenge can be downloaded from here.
Upon opening the challenge link, we are presented with a lockscreen that uses emojis instead of numbers. The page has two features: register and login. Additionally, there is an admin bot, which suggests that the challenge may involve client-side concepts.
Exercism is an online platform that helps people upskill their programming skills through practice and mentoring. They are an open-source organization with over 200 GitHub repositories, thousands of contributors, and a friendly, inclusive community.
I came to know about the platform in 2018 when my mentor - Vipin Pavithran asked me to improve my coding skills by practicing on Exercism.
Exercism is an amazing platform to learn to code. It has got an amazing set of challenges and a huge variety of learning tracks.
tl;dr
sha256('')./api/flag and send it to attacker server.