2 matches found
50m-ctf: Weak credentials, Blind SQLi, Timing attack, that leads to web admin access
Summary: Discovery of the application: The h1Thermostat application was discovered by extracting the bit.do URL from the image at https://pbs.twimg.com/media/D0XoThpW0AE2r8S.png:large. The URL https://bit.do/h1therm then led to a Google Drive where the Android application file h1thermostat.apk...
50m-ctf: Various vulnerabilities ultimately lead to attacker control over FliteThermostat server and access to internal accounting application source code
Step 1: The Entry Point 3:50 PM PST, Tuesday Afternoon F434398 This image is the entrypoint for the 50m-ctf. It doesn't look like much at first, but one can clearly see that there's a lot of binary digits in the background. The immediate obstacle to trying to decode it is we don't know how many...