NahamCon CTF 2023: Web Challenge Walkthroughs

Показать описание

Video walkthrough for some Web challenges from the NahamCon Capture the Flag (CTF) competition 2023 (organised by @NahamSec ); Star Wars, Stickers, Hidden Figures and Obligatory. Topics covered include XSS, domPDF RCE, hidden data (misc/stego) and SSTI with WAF filter bypass. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #NahamCon #NahamCon2023 #NahamConCTF #CTF #Pentesting #OffSec #WebSec

↢NahamConCTF↣

👷‍♂️Resources🛠

↢Chapters↣
0:00 Start
0:18 Star Wars (XSS)
4:07 Stickers (domPDF RCE via ttf/php polyglot)
11:45 Hidden Figures (Hidden data/embedded files)
17:55 Obligatory (SSTI + WAF)
25:26 End

Рекомендации по теме

Комментарии

idk why ur explanation is easy to understand to me

rilsan

great writeups, for Obligatory i did |{{config}}| and got the flask session secret and changed the id from 2 to 1 (admin) and got the flag in the to do list :)

damnqais

Great videos as always. One of the top content creators in this domain. I hope this is sustainable for you because I know how much work goes into all this while still having a job + keeping up to date with new techniques + personal. Take care of yourself! Best wishes

LargeToboggan

thanks for these videos. really helpful and well explained. keep doing what u're doing! much love <3

frtyeven

Great work - and thanks for the ngrok - never seen that one before!!

kartibok

Damn I was looking for it. Thanks sir.

LearnTermux

Could you please provide walkthroughs for the Video Intigriti CTF 2023? I'm really stuck with those challenges.

BabeRyHellCat

Hey Jonah, great vid!
Will there be another one for the forensic/reverse challs as well:) ...?

astralwanderer

Great video :) I like the Color-Settings of your terminal. Is this a plugin for terminator or how did you costumize it?

c-tch

Great Video! Just wondering, what VM are you using?

tangiispotted

can you explain how to solve blobber and tiny-little-fibers [nahamcon CTF], as i spent so much time on them but unsuccessful in solving them

tazaccking

Great video! I think the intended way of obligatory was to leak the secret key from the flask app and forge a new cookie passing the id to 1. Once you became the admin the flag was there :-). But your way was faster 😅

Daniel-puxh

NahamCon CTF 2023: Web Challenge Walkthroughs

NahamCon CTF 2023: Web Challenge Walkthroughs

NahamCon CTF 2022: Web Challenge Walkthroughs

Nahamcon CTF 2023 Web challenge Fast Hands & Glasses

Nahamcon CTF 2023 Web challenge Online Chatroom

Capture The Flag! NahamCon 2024 CTF Warmups

NahamCon CTF 2023 - Online Chatroom

NahamCon CTF 2023 Fast Hands Warmup CTF

Solving all Web CTF tasks from NahamCon

NahamCon CTF 2023: Open Sisame Walkthroughs | Binary Exploitation Challenge

NahamCon CTF 2023: Glasses Walkthroughs

NahamCon CTF 2023 - Museum (Medium) Walkthrough

Cracking a JWT with MD5_HMAC Algorithm - Marmalade 5 [NahamCon CTF 2023]

NahamCon CTF 2023 - Ninety One

NahamCon CTF 2023 - Glasses

NahamCon CTF 2022 Crypto Walkthrough

NahamCon CTF 2023 Ninety One Warmup

Web Challenges [Space Heroes CTF 2023]

NahamCon EU CTF 2022 - Warmup Challenges

NahamCon 2023 CTF - Hidden figures walkthrough

This 'Realistic' Web CTF Was Impossible!

NahamCon EU CTF 2022 | Byepass Web Challenge

WaniCTF 2023 Web Challenges

ChatUWU - Real World CTF 2023 - Web Challenge Writeup

NahamCon CTF 2023 Glasses warmups CTF