- Published on
A complete writeup of the BlackHat 2025 crypto CTF challenges, including Hatagawa-II and Whack-A-Scratch. We break custom cryptographic schemes and reverse engineering puzzles to recover flags, with detailed analysis.
All Posts
All Posts
- web (5)
- exploitation (4)
- whack-a-scratch (2)
- ctf (2)
- writeup (2)
- sql-injection (2)
- path-traversal (2)
- ssti (2)
- rce (2)
- hatagawa (1)
- hatagawa-ii (1)
- cryptography (1)
- crypto (1)
- blackhat (1)
- blackhat-2025 (1)
- blackhat2025 (1)
- ctf-writeup (1)
- flagyard (1)
- codecon (1)
- ejs (1)
- ejs-exploit (1)
- blind-sql (1)
- file-upload-vulnerbility (1)
- extract-vulnerbility (1)
- jwt (1)
- graphql (1)
- lfi (1)
- Published on
Exploiting a GraphQL vulnerability through SQL injection to bypass authentication and gain unauthorized access. By manipulating the JWT token, we set flagOwner to true and retrieve the flag.- Published on
Exploiting path traversal in a tar file extraction process to overwrite a rendered template, leading to Server-Side Template Injection (SSTI) and ultimately achieving Remote Code Execution (RCE)- Published on
Exploiting a path traversal vulnerability to upload a malicious file, leveraged local file inclusion (LFI) to execute it, used Server-Side Template Injection (SSTI) to gain Remote Code Execution (RCE), and ultimately located and read the flag from the server.- Published on
Retrieving data from SQLite3 database by exploiting Blind SQl injection in Web Application