Skip to content

munsheulab

  • Home
  • About
  • Research
    • Web hacking
    • Reversing
    • Pwnable
  • CTF Write ups
  • Development
  • Tips

Protected: Exploitable PHP functions

Posted on 2018-11-182019-04-19 by munsiwoo

There is no excerpt because this is a protected post.

Continue reading
Research
Enter your password to view comments.

교내대회 Old school whitebox

Posted on 2018-11-042018-12-12 by munsiwoo

<?php error_reporting(0); require_once ‘config.php’; if(isset($_GET[‘username’], $_GET[‘password’])) { $username = addslashes($_GET[‘username’]); $password = password($_GET[‘password’]); $username = mb_convert_encoding($username ,’utf-8′,’euc-kr’); if(preg_match(‘/union.*select/i’, $username)) {

Continue reading
CTF Write ups, Research, Web hacking
Leave a comment

ArangoDB example

Posted on 2018-10-292018-11-28 by munsiwoo

INSERT document IN collection FOR u IN users FILTER u._key==”admin” RETURN u

Continue reading
Research
Leave a comment

Hack.lu CTF 2018 – Baby PHP

Posted on 2018-10-182018-12-15 by munsiwoo

<?php require_once(‘flag.php’); error_reporting(0); if(!isset($_GET[‘msg’])){ highlight_file(__FILE__); die(); } @$msg = $_GET[‘msg’]; if(@file_get_contents($msg)!==”Hello Challenge!”){ die(‘Wow so rude!!!!1’); } echo “Hello Hacker! Have

Continue reading
CTF Write ups, Research
Leave a comment

mysql jail

Posted on 2018-10-14 by munsiwoo

mysql console jail http://withphp.com:33306/ 원래 문제로 만들 생각은 없었는데 어쩌다보니 만들게 됨 문제가 아니더라도 평소에 online mysql 로 이용하면 좋을

Continue reading
Research
Leave a comment

Protected: Jinja2 SSTI cheat sheet | Command Injection

Posted on 2018-10-062021-01-15 by munsiwoo

There is no excerpt because this is a protected post.

Continue reading
Research, Tips, Web hacking
Enter your password to view comments.

2018 CCE Qual – #9 Write-up (Web)

Posted on 2018-10-012019-09-19 by munsiwoo

Team 야몽클리닉 Cyber Conflict Exercise#9 Write up Step1. SQL Injection 문제 사이트 http://52.79.117.74/admin/로 접속하면 로그인 폼이 하나 나온다. 그냥 이것

Continue reading
CTF Write ups, Research, Web hacking
Leave a comment

open_basedir bypass 정리

Posted on 2018-09-252018-12-15 by munsiwoo

open_basedir 옵션은 PHP에서 접근할 수 있는 디렉토리에 제한을 두는 옵션이다. 이 옵션을 우회할 수 있는 방법이 여러가지 있는데, 일단 해캠에서

Continue reading
Research, Web hacking
Leave a comment

Posts navigation

«Previous Posts 1 2 3 4 Next Posts»

Recent Posts

  • Hello 2021
  • 2019 Christmas CTF Platform
  • SQL Injection Techniques
  • 19Cyberoc – Secret Service(Hidden Service) Write up
  • PHP Template engine : Mun template

Categories

  • Research
    • Web hacking
    • Reversing
    • Pwnable
  • CTF Write ups
  • Development
  • Tips

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
WordPress Theme: Donovan by ThemeZee.