Challenge Description This challenge, authored by @Ethnical and @fadam, involves exploiting a vulnerability in a blockchain network server that processes incoming network messages. The vulnerability allows an attacker to cause a Denial of Service (DoS) by exhausting the server’s memory.
Vulnerability Overview 🛑 Vulnerability: The vulnerability lies in the unchecked allocation of memory based on user-controlled input length, leading to potential memory exhaustion.
Technical Analysis Vulnerability Details Unchecked Length Parameter:
Challenge Description This challenge, authored by @Elweth, involves exploiting a vulnerability in a SQL Query which lets you abuse the LIKE clause to first bypass authentication and then retrieve the entire API key.
Vulnerability Overview 🛑 Vulnerability: The vulnerability lies in the SQL query, which remains vulnerable despite the use of the prepare statement system in Python.
Conventional SQL injection exploitation methods won’t work here, because the query is correctly prepared with python.
Solution of the recruitment CTF of ComCyber during September 2024
Ever wanted to write (good) solution on Root-Me ? You are in the right place
Gregory Gille @1-vek, co-founder of Hyvilo and CEO of GEOIDE, Sponsor Specialist of Root-Me. Find out more about his career and his story with Root-Me!
Kévin Monfermé, better known on Root-Me under the nickname of Isis, started his reorientation a year and a half ago in cybersecurity