W&M Team

Have Fun ~

記事 · 2 / 7

Sep 23, 2024: ByteCTF 2024 By W&M; WEB ezauth ezobj OnlyBypassMe CrossVue ezoldbuddy PWN ezheap Reverse babyApk ByteKit Bytebuffer Crypto magic_lfsr MISC ByteInTheAir Bash Game Guess Cookie AI What I say Ezai Mobile ······

Sep 11, 2024: WMCTF 2024 WriteUp; WEB PasswdStealer 前言 SpringBoot场景下的利用 step1 触发超时 step2 进入循环 step3 泄露回显最终利用 EzQl 解法一解法二 Jvm-go YourWA 信息收集文件读取利用 Spectre XSS 实现 XSS 之后：原型链污染（非预期） XSS 之后：SharedArrayBuffer 那些事 PW ······

May 28, 2024: N1CTF 2024 By W&M; WEB ezjava LDAP PWN mazecodev1 我一直win MISC flag_video_version Reverse Hot-Soup WEB ezjava admin/admin 正常登录访问source 提示不是jsrc用户，猜了一下 jsrc是 jwt key 就没有然后了暂时无法在飞书文档外展示此内容反序列化黑名单如下 // ······

May 28, 2024: RCTF 2024 By W&M; WEB JAVA Color Proxy PWN Mine Reverse bloker_vm Misc Logo: Signin Logo: 2024 s1ayth3sp1re FindAHacker EzLogin sec-image gogogo Crypto Hello, XCTF! D3 Mersenne WEB JAVA 这一题考的是 new I ······

Apr 29, 2024: D^3CTF 2024 By W&M; WEB MoonBox stack_overflow Doctor d3pythonhttp Misc O!!!SPF!!!!!! Enhanced Baldur's Gate 3 Complete Spell List IOV D3_car 1 D3 car 2 D3 car 3 Pwn PwnShell Exp Write flag where D3BabyEs ······