Open in app

Sign In

Write

Sign In

FHantke
FHantke

153 Followers

Home

About

Pinned

Hacking the University in a Few Steps

Escalating a Wrong Date to Get Code Execution — A couple of weeks ago, a fresh cup of tea was waiting on my table as I was about to complete my application process to Saarland University. After my initial application was accepted, I was asked to upload some additional documents, such as my passport, to finish the process. Therefore…

Hacking

12 min read

Hacking the University in a Few Steps
Hacking the University in a Few Steps
Hacking

12 min read


Published in InfoSec Write-ups

·May 5, 2022

Cliche Writeup — ångstromCTF 2022

Mutation XSS in DOMPurify and marked — Last weekend, I played the ångstromCTF 2022 with my team FAUST. During the CTF, I came across a relatively simple constructed but clever web challenge that I want to share with you. This is the writeup for cliche. …

Hacking

4 min read

Clique Writeup — ångstromCTF 2022
Clique Writeup — ångstromCTF 2022
Hacking

4 min read


Published in InfoSec Write-ups

·Jun 27, 2021

Intigriti — XSS Challenge 0621

XSS via WebAssembly — The Challenge While scrolling through my Twitter feed, I saw a new post from Intigriti — a fresh XSS Challenge. Since I had some free time, I decided to give it a try. In the following writeup, I go through my thinking process and explain my approach. At the time of…

Bug Bounty

7 min read

Intigriti — XSS Challenge 0621
Intigriti — XSS Challenge 0621
Bug Bounty

7 min read


Published in InfoSec Write-ups

·Mar 28, 2021

Intigriti — XSS Challenge 0321

XSS with CSRF Bypass — It was March and Intigriti published a new XSS challenge. Since good XSS challenges are always a way to learn new interesting methods, I gave it a try. XSS The challenge website (https://challenge-0321.intigriti.io/) contains the general rules and an input field to enter notes.

Bug Bounty

4 min read

Intigriti — XSS Challenge 0321
Intigriti — XSS Challenge 0321
Bug Bounty

4 min read


Published in InfoSec Write-ups

·Mar 14, 2021

Post Office — DaVinciCTF — Writeup

A conversation with a pirate — This weekend, I had the pleasure to play the DaVinci CTF and score first place with my team FAUST. It was great fun and a good quality CTF with some nice and creative challenges. One of the challenges was Forencis Post Office together with a follow-up OSINT challenge All Aboard…

Hacking

5 min read

Post Office — DaVinciCTF — Writeup
Post Office — DaVinciCTF — Writeup
Hacking

5 min read


Published in InfoSec Write-ups

·Mar 14, 2021

DaVinciCTF — Web Challenges — Writeup

This weekend, I had the pleasure to play the DaVinci CTF and score first place with my team FAUST. It was great fun and a good quality CTF with some nice and creative challenges. Since we solved all challenges and web challenges are my favorite category, I decided to create…

Hacking

10 min read

DaVinciCTF — Web Challenges — Writeup
DaVinciCTF — Web Challenges — Writeup
Hacking

10 min read


Published in InfoSec Write-ups

·Jan 12, 2021

DBaaSadge — Writeup

RealWorld CTF 2021 — This year I played the Real World CTF with team Sauercloud and we scored second place. I was involved in solving DBaaSadge, a web challenge, and am happy to share my writeup as a good source of knowledge for other people. If you want to follow the writeup side-by-side with…

Ctf

5 min read

DBaaSadge — Writeup
DBaaSadge — Writeup
Ctf

5 min read


Nov 10, 2020

BugPoC XSS CTF

The Wacky TeXt Generator — A few days ago, BugPoC announced another one of their great CTF challenges on Twitter. Since I have always learned a lot when solving their challenges, it was without questions that I played this one as well. Challenge The challenge rules were simple: You must alert(origin) showing https://wacky.buggywebsite.com You must bypass…

Technology

6 min read

BugPoC XSS CTF
BugPoC XSS CTF
Technology

6 min read


Published in InfoSec Write-ups

·Oct 25, 2020

FluxCloud Frontline

Hack.lu Writeup — The challenge FluxCloud Frontline (web, hard) was part of the amazing Hack.lu CTF. It took a friend and me, both playing for the team FAUST, two evenings to crack the great challenge. In the following, I describe the plain solution and leave out the many rabbit holes we stepped into. The Challenge …

Hacking

4 min read

FluxCloud Frontline — Writeup
FluxCloud Frontline — Writeup
Hacking

4 min read


Published in InfoSec Write-ups

·Aug 7, 2020

How I Got Access to Other People’s Medium Accounts

The magic of GitHub search, API keys, and automation — A few days ago, I discovered that Medium provides an API that everyone can request authentication keys for. While waiting for my key request to be approved, I searched on GitHub whether I could find accidentally uploaded keys. To my surprise, I found hundreds of files available in public repositories…

Technology

4 min read

How I Got Access to Other People’s Medium Accounts
How I Got Access to Other People’s Medium Accounts
Technology

4 min read

FHantke

FHantke

153 Followers

Computer Science Student. Interested in IT security and forensics. https://fhantke.de/

Following
  • Vickie Li

    Vickie Li

  • Lilith Wittmann

    Lilith Wittmann

  • Andrey Nikishaev

    Andrey Nikishaev

  • Ryan Kazanciyan

    Ryan Kazanciyan

  • Elliot Alderson

    Elliot Alderson

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech