My challenges

I’ve been writing challenges since 2022, which is not a long time, but all of my challenges have more or less been scattered throughout the wind. This is my attempt to consolidate the ones I wrote.

MAPLECTF

• Honksay

  • XSS with object bypass

• Viene Library

  • Prototype Pollution to leverage PUT request-based header overrides in Ruby

• Art Gallery

  • TLS poison -> FTP -> Redis SSRF chain for deserialization RCE

• JUJUTSU KAISEN

  • POST-based img-tag XSSI -> ESI injection -> img-creation primitive oracle -> XS-leak

PBCTF

• Makima
  • FastCGI PHP and nginx path resolution for PHP RCE combined with X-Accel-Redirect header SSRF

GOOGLE CTF

• Veggie Soda

  • CSRF bypass to TypeScript type-confusion deserialization, causing pop chain-esque effects to pop XSS

• Grand Prix Heaven

  • Loose [A-z] regex check to URL-bypass a jpeg image endpoint with XSS data in the EXIF metadata, rendered unto a custom HTML template with parseInt() quirks to bypass csp

• HEAT

  • V8 1day sandbox escape

HTB

• Redwave
  • Golang -> Ruby JSON parsing differential + SSRF bypass with header parsing differential + Ruby deserialization RCE