Hi all!. Last february i have participated on Security BSides Challenges, here: https://www.securitybsides.org.uk/challenge1.html https://www.securitybsides.org.uk/challenge2.html Yesterday @AlecRWaters contacts me to confirm that we get second position on both challenges. So got a ticket to this  infosec conference. "Hi , I’m delighted to announce…

XSS Challenges

Here’s my journal to solve all the XSS Challenges writed  by yamagata21 on http://xss-quiz.int21h.jp/, This is an starter level to people who want to learn some cross-site scripting and its several ways to inject on differents browsers. XSS Challenges http://xss-quiz.int21h.jp Stage1: http://xss-quiz.int21h.jp…

Access to challenge using a proxy like burp or zap and submit data to login. Notice the forwarded to: http://ctf.notsosecure.com/71367217217126217712/checklogin.php that contains: 7365637265745f72656769737465722e68746d6c This could be decoded ‘7365637265745f72656769737465722e68746d6c’.decode(‘hex’) in python to read secret_register.html >>> '7365637265745f72656769737465722e68746d6c'.decode('hex') 'secret_register.html' The registration page offers…