Video Recap of HomCon CTF 2023: "Naughty or Nice" Challenge

The video presents a recap of the CTF (Capture The Flag) event from the HomCon conference, organized by @NahamSec. The 2023 edition features a themed mission ("Naughty or Nice") inspired by real vulnerabilities reported in bug bounty programs. The challenge includes several technical steps: discovering sensitive files via robots.txt (e.g., db.sql, flag.txt), bypassing authentication by modifying HTTP responses (e.g., changing 401 to 200 and injecting admin: true into the JSON), and exploiting a SQL injection in a vulnerable PHP logger (version 1.0) via the X-Forwarded-For header, targeting an SQLite database. Code analysis with Cursor and Sneak reveals the vulnerability. The final step involves Python deserialization via a proxy on port 5000, requiring a valid token. A prize of 100$ is offered for the first solver and the best write-up sent to ctf@nahamsec.com. The video concludes with advice for bug hunters, emphasizing the importance of technical details.