Zer0pts CTF took place last weekend with the participation of over 500 teams, making it a resounding success. As a member of the team, I contributed by developing a web challenge called “Ringtone,” which ended up being solved by 14 teams.| Ahmed Belkahla
Securinets Quals 2022 Infrastructure review and Web challenges writeups.| Ahmed Belkahla
Hello everybody , it has been a long time since I have posted a writeup :( I have been a little busy in the last period with school assignments, exams and some work (Covid has really messed up my life).| Ahmed Belkahla
How to deploy a scalable and robust CTF infrastructure and the different issues we faced in FwordCTF 2020| Ahmed Belkahla
Web RTC (450pts) 39 solves Last weekend,we have been a part of the CSAW CTF 2020 and our team Fword ranked 4th in MENA region. We managed to solve all web challenges with my awesome teammates @Hera and @Noxious and we have particularly enjoyed Web RTC .| Ahmed Belkahla
How i hacked a famous pizza vendor in Tunisia ? Generally i’m not a fan of bug bounty programs but this time i tried to test my skills in some real world scenario and participate to secure some tunisian websites as they lack a lot of things in term of security :D It’s 11h pm and i was sitting on my laptop like always doing an annoying java homework for school when i felt hungry :( and accidentally an X pizza (we will call it X pizza as i was asked to not reveal the company name) ad catche...| Ahmed Belkahla
Detailed binary exploitation writeups from UMD CTF and WPICTF , heap based overflow and format string vulnerability.| Ahmed Belkahla
Empire Total (1000pts) (7 Solves) This task was really so creative and i had so fun solving it , but i can’t deny that it was painful :( after reading the description we can say that we aim to dump the database of the website (maybe SQL injection who knows) and fortunately we have the source code so let’s download it and begin our trip xD| Ahmed Belkahla
Finally after finishing my exams , I had the opportunity to participate in the last 2 days of AngstromCTF with my team Fword and managed to solve all the web challenges except the last 3 tasks, unfortunately I didn’t have the chance to try the last two ones , bad subjects at school are always keeping me from playing CTFs and learning useful stuffs :( !| Ahmed Belkahla
Official writeups for FwordCTF2020 Web/Bash challenges| Ahmed Belkahla
Web exploitation writeups of CSICTF 2k20 - File Library Task and The Unusual Suspects Web tasks| Ahmed Belkahla
pwn1(70pts) It was a ret2libc task , but we had firstly to leak the libc base address using BOF (i leaked it through printf address) than we will return to main and perform our ret2 System :D here is my exploit, if you have any questions you can contact me on twitter @BelkahlaAhmed1| Ahmed Belkahla
B64DECODER (244pts) This is wont be a detailed writeup , however in this task we have a clear format string vulnerability (line 23) and a leak of a64l function address| Ahmed Belkahla
The after-Prequal (971pts) (19 Solves) This task was so fun and i learned new things from it , we are given a website with a search functionality and after testing a single quote injection we had an SQL error , so let’s start the exploitation of the famous SQL injection :D| Ahmed Belkahla
A Peculiar Query (180pts) (73 Solves) I really liked this web task , we are given this web page that have a search functionality And we can read the source code| Ahmed Belkahla
Shinobis World (1000pts) (1 Solves) Hello guys again , in this task we are give the Settings.py of a django Web application , we can notice that the website is using caching with redis that is listening on port 6379 locally !| Ahmed Belkahla
JWT In a new way (1000pts) (0 Solves) And finally i’m writing a writeup for this task xD i published this task in Securinets Mini CTF and NCSC2.0_CTF but unfortunately it had 0 solves (in fact no one managed to pass the first step) , it took me a lot of time to prepare this task so i hope you enjoy it :D However bring your coffee cup and let’s begin the road .| Ahmed Belkahla
2 methods RCE 0-Day in Goahead Webserver: PBCTF 2021 Last weekend I participated with my team Zer0pts in PBCTF 2021 and we got the 5th place, we were really close to secure a spot in the top 3 but an error in Wine while solving a shitty misc challenge prived us from this win :(| Ahmed Belkahla