@ctflog
Nothing here yet.
Nothing here yet.
Feb 16 · 6 min read · This was another interesting challenge from MHL regarding SQL injection. (Spoiler Alert: there was more than sql injection in this challenge;p) This is more like a walkthrough of the challenge. This was the objective from MHL: Exploit a SQL Injecti...
Join discussionFeb 3 · 7 min read · Objective: Exploit XSS vulnerability in WebView's markdown parser to achieve Remote Code Execution via command injection This was a fascinating challenge from Mobile Hacking Lab that combined web security (XSS) with Android security (command injectio...
Join discussionFeb 3 · 4 min read · Objective: Exploit an exported broadcast receiver to bypass PIN validation and control IoT devices This challenge was part of Mobile Hacking Lab exploiting broadcast receiver, IoT Connect. It was interesting to learn about broadcast receivers, AES en...
Join discussionJan 24 · 6 min read · Objective: Exploit a vulnerability in an Android service to achieve Remote Code Execution (RCE) This CTF challenge taught me about command injection through filenames and how unexported Android services can still be vulnerable. Let me walk you throug...
Join discussion