This article does not have a corresponding language version
2026-01-13335 words 2 mins

BugForge- Tanuki – idor

🩸 First Blood Writeup – Tanuki Scope (Daily Challenge) Challenge Name: Tanuki Scope Difficulty: Easy Points: 10 Category: Web / IDOR Status: ✅ Solved First Blood: moza369 🩸 Challenge Overview Tanuki Scope is a daily web challenge that simulates a small learning platform. The application allows …
2026-01-10301 words 2 mins

BugForge- Ottergram – graphql idor

Ottergram – Web Challenge Writeup Challenge Name: Ottergram Difficulty: Easy Category: Web Hint Provided: GraphQL Challenge Overview The challenge provides a web application called Ottergram. The given hint strongly suggests that the vulnerability lies within a GraphQL endpoint. The application …
2026-01-09285 words 2 mins

BugForge-Shady Oaks Financial – admin jwt

Challenge Overview The Shady Oaks Financial application provides a login and registration page. After registering a normal user account, the application issues a JWT token that is stored in the browser. The goal of this challenge is to escalate privileges and gain admin access. Initial Access We …
2025-08-05572 words 3 mins

Are We Safe When Registering on University Websites?

Every year, thousands of students register for schools and universities through online platforms. These websites often request a lot of personal information, including: Full name National ID number Email address Phone number Home address Photo Grades or academic background But here’s the big …
0001-01-01525 words 3 mins

Master kee root-me

Cracking the MasterKee Challenge: Exploiting CVE-2023-32784 For this challenge, we are provided with two files: MasterKee.DMP Masterkee.kdbx The goal is to extract the password from the .DMP file and use it to unlock the KeePass database (Masterkee.kdbx). After some research, I discovered that a …
0001-01-01232 words 2 mins

N7 CTF CRYPTO

First challenge in this crypto challenge we get two files message.py nad output.py analyse the source code this is the encrypt function: `def encrypt(message, key): encrypted_message = "" key_index = 0 for char in message: key_value = int(key[key_index]) encrypted_char = chr(ord(char) + …
0001-01-0198 words 1 min

N7 CTF REV

rev i use ghidra to analyse the file. we find the hooks. after some research i find this script to decrypt theme `hooks = [0x9D, 0x94, 0xAF, 0xB2, 0xBD, 0xB2, 0xA1, 0xB4, 0xB7, 0xB1, 0xBD, 0xB9, 0xB3, 0xB6, 0xAB, 0xAB, 0xBB, 0xB4, 0xB5, 0x9E, 0x98, 0x8F, 0x98, 0x89, 0x57, 0x66, 0x40, 0x6C, 0x6A, …
0001-01-01220 words 2 mins

N7 CTF STEGO

stego 1 we have this paragraph: `Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully-vulnerable programs or websites. They can be used for both competitive or educational …
0001-01-01133 words 1 min

N7 CTF WEB

web: in the login page when we try admin:admin we see that we cant use this username when we try something like guess:guess show us that the username small so we need a longer one i try username: …
0001-01-01450 words 3 mins

Oh My Grub root-me

Analyzing an OVA File to Retrieve Login Credentials In this challenge, we are given an OVA (Open Virtualization Appliance) file. The goal is to analyze the file and retrieve the login credentials required to access the virtual machine. Here’s how I approached the problem: Step 1: Extracting …