hashkitten (@hash_kitten) / X

hashkitten

24 posts

hashkitten

@hash_kitten

vulnerability research @assetnote // hacking // codegolf // ctf with 🛹🐶

Joined September 2016

hashkitten
@hash_kitten
Aug 28, 2023
I've written another set of challenges this year and I'm really happy with how they turned out. Make sure you check out DUCTF this weekend :)
DownUnderCTF
@DownUnderCTF
Aug 25, 2023
Attention ALL Hackers - We are now ONE WEEK AWAY from DUCTF 4.0! 🔥 Sign-ups are now OPEN! 🔥 play.duc.tf
GIF
4.9K
hashkitten
@hash_kitten
Sep 17, 2022
I've written some challenges this year. Make sure you check DUCTF out! =)
DownUnderCTF
@DownUnderCTF
Sep 16, 2022
You all know the drill by now! What are you waiting for! Registration is open at play.duc.tf and only 1 week till the madness starts 🔥🔥🔥
GIF
hashkitten
@hash_kitten
Sep 23, 2023
Replying to @PortSwiggerRes @avlidienbrunn and @fransrosen
If you additionally don't have {}, you can do "".x=location=name+""
420
hashkitten
@hash_kitten
Mar 21, 2023
Replying to @Synacktiv and @_remsio_
Very neat and clean writeup =)
446
hashkitten
@hash_kitten
Nov 4, 2022
Replying to @intigriti
Base64 encode first using php://filter, then prepend 'GIF89a' using github.com/wupco/PHP_INCL… . PHP always recognizes this as a valid image so the check will pass. Full POC: tio.run/##tVRdb4IwFH33…
hashkitten
@hash_kitten
Dec 8, 2023
Replying to @joaxcar
22 chars for an alert with the empty string :)
362
hashkitten
@hash_kitten
Oct 19, 2022
Replying to @c3l3si4n @marcioalm and 2 others
Unfortunately iconv filter based payloads seem very dependent on the version of the underlying system iconv library