CTF on 0xMesbaha

EGCERT-CTF JDBCLeak Exploit

Wed, 28 May 2025 12:49:18 +0200

JDBCLeak Leak was a challenge introducted in EGCERT CTF Finals 2025 under the category R&D , tbh i didn’t even look at the challenge during CTF Time , didn’t expect this category to introduce such good example of a real case code review challenge , however after reading the author’s blog here about the category and challenge i thought of trying it myself and create a POC for it to get rce reading /flag.txt , we got 3rd place btw :“D

CyCTF 2024 Finals OSINT Writeups

Sat, 30 Nov 2024 12:49:18 +0200

CyCTF is organized by Cyshield’s cysec team every year , demonstrating new ideas and techniques in different categories (web exploitation , cryptography ,reverse and malware analysis , pwn , osint , mobile). it was my pleasure to be the author of SMS and vengeance challenges in web exploitation category and for the osint category in qualifcation and finals. this blog post will be about the solutions for the osint category in the finals round. My approach for creating the challenges was to not make it sherlock/yandex style ones and to introduce new ideas/techniques that can be used in real life scenarios.

WizerCTF-May2024

Sun, 05 May 2024 12:49:18 +0200

Wizer CTF is an exciting game designed specifically for developers . It’s all about putting your skills to the test and seeing if you can identify and exploit vulnerabilities while honing your secure coding abilities. The game kicks off with a snappy code snippet that comes with some tricky vulnerabilities. Your goal? Spot those vulnerabilities and figure out how to exploit them. The cool thing is that you don’t have to rely on guesswork to know if you’ve got it right. You can actually execute your payload right there on the game page. If you manage to successfully exploit the vulnerabilities, you’ll earn yourself a flag and a well-deserved spot on leaderboard , The main focus area is web exploitation and the ctf event is held every quarter , this writeup discusses 5 challenges out of 6.

JustCTF Extra Safe Security Layers writeup

Sun, 04 Jun 2023 12:49:18 +0200

This Challenge is about exploiting cross site scripting with a strict CSP in place along with XSS Santizer and other restrictions , the interesting part in this blog is about learning the root cause and idenfiy exploit points. the challenge may seem very easy and it is easy and fun indeed.

meme generator challenge writeup

Sat, 01 Oct 2022 12:49:18 +0200

This challenge was in Blackhat CTF Qualifications 2022 and we have participated under the team 0xCha0s, we have managed to solve multiple challenges. this challenge was ranked medium for 250 pts .

kenzy challenge Writeup

Sat, 06 Aug 2022 12:49:18 +0200

This Challenge is From Arab Security WarGames 2022 qualificatons , we managed to solve it intime and qualify to finals round.

Flushed Emoji challenge Writeup

Mon, 25 Jul 2022 12:49:18 +0200

Lexington Informatics Tournament CTF CTF 2022 was held from the 22nd of July Until the 25th of the month , and we have participated under the team 0xcha0s, we have managed to solve multiple challenges. this challenge was solved less than 50 times in the 3 days and it was really nice.

Kryptos Support challenge Writeup

Thu, 19 May 2022 12:49:18 +0200

HTB Cyber Apocalypse CTF 2022 was held from the 14th of May Until the 19th of the month , and we have participated under the team 0xcha0s, we have managed to solve multiple challenges. this challenge was ranked easy

Hacker Ts challenge writeup

Mon, 02 May 2022 12:49:18 +0200

Nahamcon ctf 2022 was held from the 28th of April Until the 30th of the month , and we have participated under the team 0xcha0s. this challenge idea was pretty new to me so it is helpful to document it in this writeup

SQL Tutor challenge writeup

Sun, 17 Apr 2022 12:49:18 +0200

DCTF 2022 was held from the 15th of April Until the 17th of the month , and we have participated under the team 0xcha0s, we have managed to solve multiple challenges. this challenge was ranked easy.