Check how the challenge was created on @LiveOverflow channel:
https://www.youtube.com/watch?v=v784VBx9w8g

✉️ Sign up for the newsletter ✉️
https://mailing.bugbountyexplained.com/

This video is a solution of Amazing Crypto WAF challenge from ALLES! CTF. The task was created by one of the most popular YouTubers in our industry – LiveOverflow. The solution involved bypassing WAF (Web Application Firewall), exploiting blind SQL injection and decrypting the flag.

Exploit code:
https://gist.github.com/gregxsunday/6025fabfbe3ccc74b6563d77d55a730f


? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215


Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:47 See how the challenge is built
01:40 Detecting the SQL injection
03:20 Bypassing the WAF
05:30 Constructing the SQL query
06:33 Decrypting the flag
08:14 Exfiltrating the data using blind SQL injection

#ctf #writeup

Add comment

Your email address will not be published. Required fields are marked *