An Image Speaks a Thousand RCEs: The Tale of Reversing an ExifTool CVE

A tweet showing an RCE in ExifTool popped up on my feed; it looked interesting — maybe a little scary. But what good is an RCE on a demo video? I wanted more; I wanted it to pop my calculator.exe, to rm -rf my home directory; heck, it could even Rick Roll me. However, like with all things in life, there was no publicly-available proof-of-concept. So I decided to make my own. ...

May 18, 2021 · 15 min · Amal Murali

Solving Intigriti Challenge using… Content Injection!

Intigriti releases cool challenges every once in a while, and this was no exception. I love a good challenge. Every time I solve an Intigriti challenge, I learn something new. Motivated by that, I wanted to crack this one too. As usual, there were many dead-ends, moments of frustration and head-scratches. However, I’ll save your scalp from the scratching and walk you through this challenge. The Challenge Right after the tweet, I opened up the challenge link: ...

April 20, 2020 · 8 min · Amal Murali

h1–702 CTF — Web Challenge Write Up

This writeup has since won the H1–702 challenge. Read HackerOne blog here: https://www.hackerone.com/blog/H1-702-CTF-Winners-Announced When you open the challenge link, you’re presented with this: Instructions can be found on the web challenge site: http://159.203.178.9/ Open the link in your browser and you’re greeted with a normal-looking HTML page: Notes RPC CTF homepage It sounds like there is a secret endpoint somewhere that allows you to store notes. The title indicates that it has something to do with RPC. ...

July 1, 2018 · 13 min · Amal Murali

Solving the Dog Problem — Google CTF 2018 Quals Write Up

Challenge Description Cat Chat app popup Getting familiarized When you open the link, it redirects you to a chat room with a random UUID which is probably the chat room ID. Challenge homepage This looks like a chat application built with NodeJS where anyone can join and chat with each other. If you use /name bob, your display name gets changed to that. If you type /report, an admin will join the room for a few seconds. If anyone mentions dog in the chat while admin is in the room, they will get banned. They won’t be able to send or receive messages in the chat room after that. So much hate for dogs :( ...

June 8, 2018 · 11 min · Amal Murali