Posts

Scratching the Web In my last post, I wrote about solving a CTF that required reading C code and learning about Linux file descriptors (FDs). In this one, I’m writing about when I tried OWASP Juice Shop, an intentionally vulnerable web app for training and learning. These early challenges are mostly meant to make you familiar with the basics: HTTP requests, what the browser blocks versus what the server enforces, how client-side and server-side validation differ, and where simple mistakes show up in real apps. ...

fd - pwnable.kr As I’m exploring cybersecurity during my semester break, this is my first write-up on solving a cybersecurity challenge. I tried to solve the first challange in pwnable.kr: fd Below is my thought process from when I solved it. Setup The challenge provides SSH creds to connect to a server: ssh [email protected] -p2222 Let’s SSH into it. Inspection Running ls after SSHing in reveals three files: fd, fd.c, and flag. Clearly we’re expected to read what’s inside that flag file. ...