## [MSEC-BabyDragonWU](https://) ### [Crypto](https://) * [Bits_Convert](https://) `ct = '10000001010100011010000110010100100000011001100110110001100001011001110010000001101001011100110010000001000110010011000100000101000111011110110110100101110100001101010101111100110011011011100011000001110101001110010110100001011111011010100101010100110101010101000101111101110100010011110101111101110011010010000011000101100110011101000101111101001101001100110111110100100000'` - This string and I decode it using ASCII code BIN 8bit (⥆0) The flag is FLAG{it5_3n0u9h_jU5T_tO_sH1ft_M3} [Flag](https://): MSEC{it5_3n0u9h_jU5T_tO_sH1ft_M3} ### [WEB](https://) * [#](https://) - This article is about basic sqli injection:< -  - Initially, I used errorbase dums to get about 10 names and passwords in users with admin-impossible@password - But the server filters @ in the password, so I tried url encoding twice and it didn't work:< - - in the end it just looks like this: -  [Flag](https://): MSEC{dont_just_use_payload_on_cheatsheet!} - Xin loi vi sự ngudot của mình:3 * [Dưa muối ngày tết](https://) - This article is about basic serialize in python use pickle * [Echo echo echo](https://) - This article is about command injection bypass ### [MISC](https://) * [Crack me again](https://) -  - I'm too lazy to turn on linux so I'm leaving this idea here, not sure if it's right, which is to use john2zip to crack with a list of passwords :< sorry about that