After last challenge we’ll move onto the one that is a continuation of the previous Marcodowno challenge. Once again we have to find a XSS vulnerability in a website that triggers without any user interaction, but this time the vulnerable code has changed.

This challenge I decided to go for a cool challenge, marcodowno, in which we had to find XSS vulnerability that pops alert(1) without the user interaction. After successfuly doing it in our client, we had to paste the working solution in the form of URL into a service that would check it, and upon correct exploitation, grant us a flag.

Another week and another write up, this time from VolgaCTF Qualifiers we have a pwn challenge called warm rated at 100pts. Quite an annoying challenge with big troll at the last part of exploitation. Big kudos to Yodak for firstly reverse engineering the binary.

A little bit late but here’s my write up for Securinets Prequals 2019 challenge called Baby One. Really cool task with simple stack buffer overflow, but requires some ‘universal’ exploitation knowledge. Let’s take a look at it.

Altough I’m not sure if that was part of intended solutions, I’ve decided to write up cool little challenge from Securinets Prequals, called AutomateMe. Let’s take a look at how some tools can speed up your process of reverse engineering.