Mastodawn

CyberGame 2026 – ORMT2 Challenge Writeup

This challenge is the second part of the ORMT (ORM Traversal) series. While the first part (ormt1) was vulnerable to a Django ORM Injection via a flawed recursive clean() function that could be bypassed by triggering a RecursionError, the developers have now replaced the sanitization logic with a seemingly robust iterative sanitize() function that strips all double underscores (__) from parameter keys.

https://kore.one/cybergame-2026-ormt2-challenge-writeup/?utm_source=mastodon&utm_medium=jetpack_social

CyberGame 2026 – ORMT2 Challenge Writeup » kore.one

This challenge is the second part of the ORMT (ORM Traversal) series. While the first part (ormt1) was vulnerable to a Django ORM Injection via a flawed recursive clean() function that could be bypassed by triggering a RecursionError, the developers have now replaced the sanitization logic with a seemingly robust iterative sanitize() function that strips

kore.one

KOREONE 1d ago

CyberGame 2026 – ORMT Challenge Writeup

This challenge presents a Django web application vulnerable to ORM (Object-Relational Mapping) Injection, specifically exploiting Django's powerful QuerySet filter functionality. The application implements a custom sanitization function designed to prevent ORM injection attacks, but contains a critical logic flaw that can be bypassed using circular model relationships. ORM Injection is a lesser-known cousin of SQL Injection that…

https://kore.one/cybergame-2026-ormt-challenge-writeup/?utm_source=mastodon&utm_medium=jetpack_social

CyberGame 2026 – ORMT Challenge Writeup » kore.one

This challenge presents a Django web application vulnerable to ORM (Object-Relational Mapping) Injection, specifically exploiting Django's powerful QuerySet filter functionality. The application implements a custom sanitization function designed to prevent ORM injection attacks, but contains a critical logic flaw that can be bypassed using circular model relationships. ORM Injection is a lesser-known cousin of SQL

kore.one

KOREONE 3d ago

CyberGame 2026 – Flappy Challenge Writeup

This challenge presents a seemingly innocent Flappy Bird browser game, compiled from Rust to WebAssembly. Beneath the nostalgic gameplay lies a fully functional credential-stealing phishing kit. After a "Game Over" event, the game prompts the user with a pixel-perfect fake Google OAuth sign-in dialog, claiming to "save your score to the leaderboard." Any credentials entered are silently XOR-encrypted using a key fetched from a…

https://kore.one/cybergame-2026-flappy-challenge-writeup/?utm_source=mastodon&utm_medium=jetpack_social

CyberGame 2026 – Flappy Challenge Writeup » kore.one

This challenge presents a seemingly innocent Flappy Bird browser game, compiled from Rust to WebAssembly. Beneath the nostalgic gameplay lies a fully functional credential-stealing phishing kit. After a "Game Over" event, the game prompts the user with a pixel-perfect fake Google OAuth sign-in dialog, claiming to "save your score to the leaderboard." Any credentials entered

kore.one

KOREONE 3d ago

Break The Syntax CTF 2026 – bugxxor Challenge Writeup

bugxxor is a small Django (4.2) bug-tracking style web application served behind gunicorn in a Kubernetes pod. Authenticated users can register, log in, write "bug reports" (posts) and view a feed. A protected endpoint /flag/ reveals the flag, but it is locked behind is_superuser. The interesting feature — and the source of the vulnerability — is that posts are not just stored and rendered as plain text: the post…

https://kore.one/break-the-syntax-ctf-2026-bugxxor-challenge-writeup/?utm_source=mastodon&utm_medium=jetpack_social

Break The Syntax CTF 2026 – bugxxor Challenge Writeup » kore.one

bugxxor is a small Django (4.2) bug-tracking style web application served behind gunicorn in a Kubernetes pod. Authenticated users can register, log in, write "bug reports" (posts) and view a feed. A protected endpoint /flag/ reveals the flag, but it is locked behind is_superuser. The interesting feature — and the source of the vulnerability —

kore.one

KOREONE 4d ago

CyberGame 2026 – safeps2 Challenge Writeup

This challenge presents a hardened PowerShell sandbox environment called "SAFEPSv2". Players are given access to a restricted PowerShell shell that implements multiple layers of input filtering and command restrictions. The goal is to bypass these security measures and extract the flag stored in a PowerShell variable $FLAG. The challenge is a continuation of a previous "JailPS" challenge safeps, with significantly enhanced…

https://kore.one/cybergame-2026-safeps2-challenge-writeup/?utm_source=mastodon&utm_medium=jetpack_social

CyberGame 2026 – safeps2 Challenge Writeup » kore.one

This challenge presents a hardened PowerShell sandbox environment called "SAFEPSv2". Players are given access to a restricted PowerShell shell that implements multiple layers of input filtering and command restrictions. The goal is to bypass these security measures and extract the flag stored in a PowerShell variable $FLAG. The challenge is a continuation of a previous

kore.one

KOREONE 4d ago

CyberGame 2026 – safeps Challenge Writeup

This challenge presents a PowerShell Jail Escape scenario, a common category in CTF competitions where participants must break out of a restricted shell environment. The challenge implements a "safe" PowerShell interpreter that attempts to limit user commands to a predefined whitelist while blocking dangerous cmdlets and constructs through blacklist filtering. PowerShell jail escapes typically exploit one or more of the…

https://kore.one/cybergame-2026-safeps-challenge-writeup/?utm_source=mastodon&utm_medium=jetpack_social

CyberGame 2026 – safeps Challenge Writeup » kore.one

This challenge presents a PowerShell Jail Escape scenario, a common category in CTF competitions where participants must break out of a restricted shell environment. The challenge implements a "safe" PowerShell interpreter that attempts to limit user commands to a predefined whitelist while blocking dangerous cmdlets and constructs through blacklist filtering. PowerShell jail escapes typically exploit

kore.one

KOREONE 4d ago

Break The Syntax CTF 2026 – SeaShells Challenge Writeup

SeaShells is a multi-stage web exploitation challenge that chains together a modern framework vulnerability with classic Linux privilege escalation techniques. The target is a Next.js (App Router) web application running on a remote Kubernetes-hosted server, reachable via an SSH tunnel. The intended attack path consists of three distinct phases: Initial foothold — Exploit a critical deserialization vulnerability…

https://kore.one/break-the-syntax-ctf-2026-seashells-challenge-writeup/?utm_source=mastodon&utm_medium=jetpack_social

Break The Syntax CTF 2026 – SeaShells Challenge Writeup » kore.one

SeaShells is a multi-stage web exploitation challenge that chains together a modern framework vulnerability with classic Linux privilege escalation techniques. The target is a Next.js (App Router) web application running on a remote Kubernetes-hosted server, reachable via an SSH tunnel. The intended attack path consists of three distinct phases: Initial foothold — Exploit a critical

kore.one

KOREONE 5d ago

I just solved Plug & Pray on Hack The Box! https://labs.hackthebox.com/achievement/challenge/2026525/1206 #HackTheBox #HTB #CyberSecurity #EthicalHacking #InfoSec #PenTesting

Owned Plug & Pray from Hack The Box!

I have just owned challenge Plug & Pray from Hack The Box

KOREONE 5d ago

I just solved Utterly Broken Shell on Hack The Box! https://labs.hackthebox.com/achievement/challenge/2026525/1215 #HackTheBox #HTB #CyberSecurity #EthicalHacking #InfoSec #PenTesting

Owned Utterly Broken Shell from Hack The Box!

I have just owned challenge Utterly Broken Shell from Hack The Box

KOREONE 5d ago

Break The Syntax CTF 2026 – zabbix Challenge Writeup

The challenge mimics a real-world social-engineering / phishing scenario after a database leak. An "intern" politely shares the SHA-256 hash of the user's existing password and asks them to set a new, different one. The catch is purely operational: the player is the attacker — there is no need to "change" anything. The hash itself is the entry ticket into the application.

https://kore.one/break-the-syntax-ctf-2026-zabbix-challenge-writeup/?utm_source=mastodon&utm_medium=jetpack_social

Break The Syntax CTF 2026 – zabbix Challenge Writeup » kore.one

The challenge mimics a real-world social-engineering / phishing scenario after a database leak. An "intern" politely shares the SHA-256 hash of the user's existing password and asks them to set a new, different one. The catch is purely operational: the player is the attacker — there is no need to "change" anything. The hash itself

kore.one

kore.one	https://kore.one
linktr.ee/koreone	https://linktr.ee/koreone