Comment Box solving
필터링 되는 것들 : script, ", ', src=, location, on, video, object, expression
hackburger.ee Number to ASCII converter write up
hackburger.ee Number to ASCII converter Write upsuper fun wargame like wargame.kr written by ch4n3 at BoB 6th, team Demon to solve this challenge, go http://burger.laboratorium.ee:8001/ if you requests to that site,you can see this screen. there is PHP code. It convert decimal number to ascii character. BUT,, There is a vulnerabiltiy at assert() function. The assert() function is has code execus..
hackburger.ee File search Write up
hackburger.ee File search Write upby ch4n3 at BoB 6th, Demon fun challenge for meto solve this, go http://burger.laboratorium.ee:8004/ Just searching site?I didn't know what it does. To configure this, i made it. https://github.com/chaneyoon/wargames/blob/master/hackburger.ee/File%20search/test.py #!/usr/bin/python # coding: utf-8 # made by ch4n3 from requests import post import string from bs4 ..
hackburger.ee Warmup write up
hackburger.ee Warmup write upgreat wargame to solve this, go http://burger.laboratorium.ee:8000/ you can see it when you visit this site. we can guess it will use system() function. Using system() function, it sends ping message to target. But, system() function is vulnerable from command injection. If you input ;id , you can see the result when you typed it in bash shell. Like this. By doing th..