webhard

Torrent

alfactf

Task: React SPA torrent tracker with search functionality. Solution: UNION-based SQL injection in PostgreSQL to extract session tokens, authentication bypass with stolen admin token, download protected torrent file, extract flag from video frames.

$ ls tags/ techniques/

sql_injection api_abuse react union_based postgresql session_hijacking authentication_bypass bittorrent video_forensics

UNION-based SQL Injection in PostgreSQLSession token extraction via SQLiAuthentication bypass with stolen tokenBitTorrent file download and parsingVideo frame extraction for flag recovery

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]