Web exploitation CTF

Nullcon HackIM CTF Goa 2026 – WordPress Static Site Generator

by

Category: Web Difficulty: Easy 1. Challenge Overview The challenge presents a web application designed to convert WordPress XML export files into static websites. The interface is simple: The goal is to read the /flag.txt file stored on the server. 2. Vulnerability Analysis My first step was to explore how the “Generate” feature works. I intercepted … Read more

Nullcon HackIM CTF Goa 2026 – Virus Analyzer

by

Category: Web Difficulty: Medium 1. Challenge Overview The challenge presents a web service called Virus Analyzer. The UI is sleek and professional, mimicking a security tool. It invites users to upload a .zip archive, which it promises to extract and analyze for malicious content. Upon visiting the site, I noticed there was no source code … Read more