TP-Link TL-WR802N V4(JP) Command Injection Exploit (CVE-2021-4144)
I got some leftover giftcards from coming in second in the Japan Chess Sunday Cup Grand Prix and used all of them to purchase routers; this is one of the CVEs I got! Unlike my previous CVE-2020-35576, this vulnerability is present on the latest hardware of the router so I will not be disclosing the exploit details for now.
Read More
TISC 2021 Writeup
Very short TISC writeup as I only did up to level 2 out of 10. The lower levels were all steganography challenges which discouraged me from continuing. Writeup for level 2 may be added at a later date, but it is basically a DNS exfiltration challenge where you have to decode something in the subdomains to get the flag.
Read More
HTB Busines CTF 2021 Writeup
I solved 3 web challenges alone within 3 hours of starting the CTF. Was the Captain of our company team PwnWithClass, made up of members from Japan, Spain and France. Also worked on the last web challenge and the only misc challenge with a teammate.
Read More
HSCTF 2021 Writeup
I solved all web and the OSINT miscs with CTF.SG. Great easy-intermediate ctf overall, had fun with the high school members on our team.
Read More
Zh3r0 CTF 2021 Writeup
Only managed to jump in for 3 hours as I had to prepare and play in Japan Rapid Chess Grand Prix. I realised I haven't written a deserialization post so here's one! Only solved part of sparta and maniac's game. Took a look at some other webs but the source wasn't included so didn't try.
Read More
DCTF 2021 Writeup
Solved a couple of challenges and was leading in the first place until the admins decided to give out hints for the challenges we solved, while not giving hints for the challenges we did not. They also increased the points of some challenges manually, which happened to be the ones we didn't solve. There was also rampant flag/solution sharing in the official Discord.
Read More