CSAW 2021 writeups

Last update: Oct 06, 2021

Related tags

Security related resources CSAW2021

Overview

CSAW 2021 Writeups

Challenge	Category	Solved by
The Magic Modbus	ics	root2thrill
Lazy Leaks	Forensics	root2thrill
Poem Collection	warm-up	root2thrill
Turing	warm-up	root2thrill
Password Checker	warm-up	dancing.pickle
checker	warm-up	root2thrill
Weak Password	misc	root2thrill
Sonicgraphy Fallout	Forensics	root2thrill
a pain in the BAC(net)	ics	root2thrill
Alien Math	pwn	dancing.pickle
mic	forensics	dancing.pickle
Contact Us	forensics	dancing.pickle
Crack Me	warm-up	root2thrill

Notes:

Overall we placed 211th of 1216 teams with 1+ points. We competed as a duo (myself and my friend M-Pepper) and we were strong on forensics and stego, but weak on web, reversing, and pwn. I felt like with more time we could have done better on a couple of the RSA problems. Infrastructure was a bit unstable at times, but we still learned a lot and are grateful to participate in CSAW 2021. Looking forward to next year!

Owner

GitHub Repository

test application for the licence key web app.

licence_software_test_app Make sure you set your database values in a .env file to the folder. Install MYSQL connector: pip install mysql-connector-py

1 Oct 28, 2021

PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

CVE-2021-26855 PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github Why does github remove this exploit because

58 Nov 15, 2022

Yet another web fuzzer

yafuzz Yet another web fuzzer Usage This script can run in two modes of operation. Supplying a wordlist -W argument will initiate a multithreaded fuzz

5 Feb 02, 2022

Simple and easy framework for phishing 🎣

👋 It's in beta, I'm still building How to install Linux and Termux: Clone Rp: git clone https://github.com/J4c5/superfish.git Install the dependencie

4 Jan 27, 2022

一款Web在线自动免杀工具

一款利用加载器以及Python反序列化绕过AV的在线免杀工具因为打包方式的局限性，不能跨平台，若要生成exe格式的只能在Windows下运行本项目打包速度有点慢，提交后稍等一会开发环境及运行前端使用Bootstrap框架，后端使用Django框架。

172 Nov 28, 2022

HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

5 May 10, 2022

Simple yara rule manager

Yara Manager A simple program to manage your yara ruleset in a (sqlite) database. Todos Search rules and descriptions Cluster rules in rulesets Enforc

65 Nov 17, 2022

Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary.

Midas ELF64 Injector Description Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary. All you n

20 Dec 24, 2022

Lite version of my Gatekeeper backdoor for public use.

MayorSec Backdoor Fully functioning bind-type backdoor This backdoor is a fully functioning bind shell and lite version of my full functioning Gatekee

56 Mar 25, 2022

A brute Force tool for Facebook

EliBruter A brute Force tool for Facebook Installing this tool -- $ pkg upgrade && update $ pkg install python $ pkg install python3 $ pkg install gi

3 Mar 29, 2022

A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps

boring-flutter A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps. Currently only supporting

64 Oct 18, 2022

How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'

This bug doesn’t exist on x86: Exploiting an ARM-only race condition How to exploit a double free and get a shell. "Use-After-Free for dummies" In thi

1.2k Dec 25, 2022

Fast and customizable vulnerability scanner For JIRA written in Python

Fast and customizable vulnerability scanner For JIRA. 🤔 What is this? Jira-Lens 🔍 is a Python Based vulnerability Scanner for JIRA. Jira is a propri

185 Dec 25, 2022

CVE-2021-26855 SSRF Exchange Server

CVE-2021-26855 Brute Force EMail Exchange Server Timeline: Monday, March 8, 2021: Update Dumping content...(I'm not done, can u guy help me done this

117 Nov 28, 2022

A curated list of amazingly awesome Cybersecurity datasets

758 Dec 28, 2022

Um keylogger que se disfarça de um app que tira print da tela.

Keylogger_ Um keylogger que se disfarça de um app que tira print da tela. Este programa captura o print da tela e salva ,normalmente, na pasta Picture

1 Dec 03, 2021

POC for detecting the Log4Shell (Log4J RCE) vulnerability

Interactsh An OOB interaction gathering server and client library Features • Usage • Interactsh Client • Interactsh Server • Interactsh Integration •

2.1k Jan 08, 2023

Encrypted Python Password Manager

PyPassKeep Encrypted Python Password Manager About PyPassKeep (PPK for short) is an encrypted python password manager used to secure your passwords fr

1 Nov 17, 2021

An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.

RonnieColemanYARAParser This script is named after Ronnie Coleman, and peforms bulk lifts on arbitary file features using YARA console logging. Requir

20 Dec 13, 2022

an impacket-dependent script exploiting CVE-2019-1040

dcpwn an impacket-dependent script exploiting CVE-2019-1040, with code partly borrowed from those security researchers that I'd like to say thanks to.

71 Nov 30, 2022