Posts for: #General

General

About This is a place to park some well-written researches. If I decided to research into any of these topics it will have its own dedicated page. Web Exploitation Techniques DoubleClickjacking: A New Era of UI Redressing: This completely revolutionalise how we look at clickjacking, from iframe with a single click to a double click flow. Pressing Buttons with Popups (on Twitch, LinkedIn and more): Some very neat tricks (like the Double Clickjacking technique above) to generate a click on the OAuth dialog boxes of real targets.
[Read more]

Lemur Xor

Straightforward, and perhaps classic challenge. This takes advantage of the fact that both images are encrypted using the same xor key. We can leak information of the flag by xor the two ciphertext, or the two files given. There are different snippets of code which can do this, which weirdly is not available online. The following is to do xor on RGB values of pixel by pixel. daneallen from Cryptohack:
[Read more]

Transparency

We are given a public RSA key that is used in the X509 certificate for the HTTPS connection to a Cryptohack domain. I solve it in the easy way, and uses a subdomain lookup site. A good one to use is crt.sh, and the query is https://crt.sh/?q=cryptohack.org, or https://subdomains.whoisxmlapi.com/. We can go over the list of subdomains to find the correct subdomain for the solution. We can instead solve this without using this comprehensive list of subdomains.
[Read more]