Thoughts, writeups, and experiments in cybersecurity and coding
Category: Misc Difficulty: Easy 1. Challenge Overview The challenge provides a single README.md file containing what appears to be a solitary emoji: 💯. However, when looking at the file metadata or simply clicking and dragging over the text, it becomes clear that there is a significant amount of “invisible” data trailing the emoji. We are … Read more
Category: DNS / Network Security Difficulty: Medium 1. Challenge Overview The challenge provided a DNS server at 52.59.124.14:5053. The hint stated that “latest and greatest DNS features” now allow internal networks to resolve names without VPNs or Firewalls. This was a clear pointer toward EDNS Client Subnet (ECS) or DNS over QUIC (DoQ). 2. Vulnerability … Read more
Category: DNS / Misc Difficulty: Medium 1. Challenge Overview The challenge provided a custom DNS server (52.59.124.14:5052) with the hint: “Some flag escaped its enclosure. Now it is mixed up with the herd(dinos.nullcon.net).” The goal was to locate the flag hidden within a large number of DNS records. 2. Vulnerability Analysis Step 1: Initial Connectivity … Read more
Category: Web Difficulty: Easy 1. Challenge Overview The challenge presents a web application designed to convert WordPress XML export files into static websites. The interface is simple: The goal is to read the /flag.txt file stored on the server. 2. Vulnerability Analysis My first step was to explore how the “Generate” feature works. I intercepted … Read more
Category: Web Difficulty: Medium 1. Challenge Overview The challenge presents a web service called Virus Analyzer. The UI is sleek and professional, mimicking a security tool. It invites users to upload a .zip archive, which it promises to extract and analyze for malicious content. Upon visiting the site, I noticed there was no source code … Read more