Code Injection Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. This type of attack exploits poor handling of untrusted data. These types of attacks are usually made possible due to a lack of proper input/output data validation, for example:
Hi there!
This blog contains the write-up for 2 source code and 2 web challenges that I created for Winja CTF for the Nullcon Goa 2022 event.
Source Code Review Challenges Source code repo: https://github.com/p3n7a90n/WinjaCTF_NullconGoa2022
Cache Assisted Satellites Desc This challenge was based on SSRF+CRLF+Deserilisation which leads to RCE
Hi there!
This blog contains the write-up for 4 source code challenges that I created for Winja CTF for the Nullcon Berlin event.
Info common for all the challenges. Source code repo: https://github.com/p3n7a90n/WinjaCTFChalls-2022 Outbound connection was blocked. EL AGUA(EL Expression Blind RCE) Desc One of the endpoints (/userRegistration) was responsible for creating the user account.
Hi there!
This blog contains the write-up for 1 android and 4 web challenges which I created for Winja CTF for the c0c0n 2021 event.
This was my first time creating the CTF challenges.
Hope you had fun/learned something new while solving the challenges.
Hi there!
I have always wondered how the apps like Thoptv, Pikashow give free content/channels which are not free from different providers like Netflix, Amazon Prime, Hotstar, etc to the users. So this time, I decided to reverse the Pikashow app with a beginner level of knowledge in android reversing and try to look into how it is exactly working and can we directly access the content without seeing the ads while streaming in the app.