- Published on
Hacking 4 webapps from Break The Syntax CTF 2025. The apps contain a number of different vulnerabilities: ldap injection, command injection, ssti, php type juggling and several privilege escalation techniques on Linux.
Magic-hash
All Posts (59)
- pwn (15)
- rev (10)
- osint (8)
- web (8)
- bitsctf (6)
- bitsctf-2025 (6)
- forensic (5)
- crypto (5)
- swampctf (5)
- swampctf-2025 (5)
- misc (4)
- flagyard (4)
- pwntools (4)
- malware (4)
- 1753ctf (3)
- 1753ctf-2025 (3)
- stego (3)
- nullcon (3)
- nullcon-2025 (3)
- pwnme-2025 (2)
- pwnme (2)
- xss (2)
- ssti (2)
- pingctf (2)
- lactf (2)
- lactf-2025 (2)
- dawgctf (2)
- dawgctf-2025 (2)
- srop (2)
- greyctf-2025 (2)
- grey-cat-the-flag-2025 (2)
- hardware (2)
- nahamcon-ctf (2)
- nahamcon-ctf-2025 (2)
- sqlinjection (2)
- binary (2)
- ctflearncom (2)
- pearl (2)
- utctf-2025 (2)
- utctf (2)
- dompurify (1)
- csp (1)
- unicode-overflow (1)
- btsctf (1)
- btsctf-2025 (1)
- ldap (1)
- ldap-injection (1)
- command-injection (1)
- type-juggling (1)
- magic-hash (1)
- linux-privesc (1)
- games (1)
- 0xl4ugh (1)
- broncoctf (1)
- broncoctf-2025 (1)
- backdoorctf24 (1)
- torrent (1)
- pcap (1)
- elfisyou (1)
- baba-is-you (1)
- bluehensctf (1)
- glacierctf (1)
- cve-2024-34064 (1)
- hackthevotectf (1)
- arduino (1)
- lucky (1)
- rop (1)
- rsa (1)
- ret2libc (1)
- bcrypt (1)
- dns (1)
- dig (1)
- int-overflow (1)
- spookyctf (1)
- ping (1)
- tjctf (1)
- tjctf-2025 (1)
- ehax (1)
- ehax-2025 (1)
- sandbox (1)
- shellcode (1)
- payload (1)
- mobile (1)
- css (1)
- chess (1)
- umdctf (1)
- umdctf-2025 (1)