Ctf

PicoCTF Writeup – Forensics Disk Image Challenge: Disk, disk, sleuth! Description: Can you find the flag in this disk image? Download the disk image here. First Thoughts This challenge was tagged forensics, which usually means poking around filesystems, memory dumps, or raw disk images. The goal is to extract hidden information — in this case, the flag. I grabbed the disk image (disko-1.dd) and started experimenting. Initial Attempts My first instinct was to take a look at the raw hex using xxd: ...

PicoCTF Writeup – Server-Side Template Injection (SSTI) Recently, I played around with a PicoCTF challenge 492. The challenge looked like a simple web app that lets you “announce whatever you want.” Naturally, I fired up my terminal and started poking at it with curl. By the way, we can also visit the website and experiment with the form instead. curl -X GET http://rescued-float.picoctf.net:49878/announce -i Response: HTTP/1.1 405 METHOD NOT ALLOWED Allow: POST, OPTIONS Looks like only POST is allowed, so I retried with: ...