lifeofal3af@home:~$

About Me

My Ko-fi

Archive

RSS Archive

  • Squ1rrelctf 2025 Web Emojicrypt

    Writeup for web/emojicrypt, Hacking Time and Randomization Vulnerability Overview web/emojicrypt Uses random.choice(NUMBERS) for _ in range(32) with the default seed. Normally, in python3, the default seed is the current Unix timestamp. (See https://www.unixtimestamp.com/ for more explanation on the Unix Timestamp format.) Because of this, we can simply find out the...

  • Squ1rrelctf 2025 Web Portrait

    Portrait Gallery XSS Vulnerability Writeup Vulnerability Overview The Portrait Gallery application contains a stored XSS vulnerability that allows attackers to steal the admin bot’s cookie containing the flag. Application Architecture The application consists of: A web frontend that allows users to register, add portraits, and view galleries An admin bot...

  • Picoctf Forbidden Paths (medium) (web)

    Hey There! Today I will be attempting to hack the Picoctf Forbidden Paths (Medium) challenge. Description Can you get the flag? We know that the website files live in /usr/share/nginx/html/ and the flag is at /flag.txt but the website is filtering absolute file paths. Can you get past the filter...