A tweet showing an RCE in ExifTool popped up on my feed; it looked interesting — maybe a little scary. But what good is an RCE on a demo video? I wanted more; I wanted it to pop my calculator.exe, to rm -rf my home directory; heck, it could even…


Intigriti releases cool challenges every once in a while, and this was no exception.

I love a good challenge. Every time I solve an Intigriti challenge, I learn something new. Motivated by that, I wanted to crack this one too.

As usual, there were many dead-ends, moments of frustration and…


Challenge Description

Getting familiarized

When you open the link, it redirects you to a chat room with a random UUID which is probably the chat room ID.


This writeup has since won the H1–702 challenge. Read HackerOne blog here: https://www.hackerone.com/blog/H1-702-CTF-Winners-Announced

When you open the challenge link, you’re presented with this:

Instructions can be found on the web challenge site: http://159.203.178.9/

Open the link in your browser and you’re greeted with a normal-looking HTML page:

It sounds like…

Amal Murali

Interested in technology.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store