WinjaCtf 2021 solutions

Hey everyone! This blog post covers writeups of the challenges that were created by me as part of WinjaCTF 2021. WinjaCTF is an initiative by Nullcon and it organises CTF annually. Read about my experience at first nullcon here The challenges created by me were : pieceofpie, junk, art gallery, find me, binarybits, Redeem me. I will be giving a detailed writeup…

1 Comment

The ultimate guide to HTTP request & response headers

End-users constantly make GET or POST request to the internet to retrieve information. The most common protocol used here is HTTP/S. But this communication is not just about making requests. It needs to be meaningful when sent from client to server or vice-versa. Here’s when HTTP header comes in. With headers, client/server can send additional information with HTTP request. In this blog…

0 Comments

Buff hackthebox walkthrough

Hey there! This is Shreya and today I am gonna show you how to pwn buff from hackthebox. Buff is an easy level windows machine having a straightforward way to obtain initial foothold. Privilege escalation to Administrator requires to abuse a service that has its exploit available on exploit-db, still its tricky to get through. With that being said, let's get started.…

4 Comments

My experience at first Nullcon!

Most often people plan a trip to Goa for its beaches, the exotic cashew wine, the breathtaking sceneries and the elegant casinos. But for me, the reason was quite different. Its Nullcon. It was their 10th anniversary, after missing so many years of exclusive seminars and a bunch of elite sessions at a prime venue, I finally got my first chance to…

0 Comments

Remote Hackthebox walkthrough

Hey fellas!! Its time for remote from hackthebox. This was an easy Windows machine. The initial foothold for the machine was based on CVE of a CMS and has a straight-forward privilege escalation to Administrator.With all that said, let’s get started!! Scan the host for the open ports and services. # nmap -sC -sV -oA remote.nmap 10.10.10.180 The output revealed 3 interesting…

1 Comment