🚩
Anthony Morell's Gitbook
Capture The Flag
CertificationsCapture The FlagBug BountiesHome
Capture The Flag
CertificationsCapture The FlagBug BountiesHome
  • 🖥️CTF Writeups
  • 🟦TryHackMe
    • THM Overview
      • Reverse Engineering
      • Game Server
      • Obscure Web Vulns
      • UltraTech
      • Linux Privilege Escalation
      • The Marketplace
      • RootMe
      • Agent Sudo
      • Startup
      • Lian_Yu
      • Advent of Cyber 2022
        • [Day 1] Frameworks
        • [Day 2] Log Analysis
        • [Day 3] OSINT
        • [Day 4] Scanning
        • [Day 5] Brute-Forcing
        • [Day 6] Email Analysis
        • [Day 7] CyberChef
        • [Day 8] Smart Contracts
        • [Day 9] Pivoting
        • [Day 10] Hack a game
        • [Day 11] Memory Forensics
        • [Day 12] Malware Analysis
        • [Day 13] Packet Analysis
        • [Day 14] Web Applications
        • [Day 15] Secure Coding
        • [Day 16] Secure Coding
        • [Day 17] Secure Coding
        • [Day 18] Sigma
        • [Day 19] Hardware Hacking
        • [Day 20] Firmware
        • [Day 21] MQTT
        • [Day 22] Attack Surface Reduction
        • [Day 23] Defence in Depth
        • [Day 24] The End
  • 🟫PentesterLab
    • PL Overview
      • Recon Badge
        • Badge Solutions
  • 🟩Hack The Box
    • HTB Overview
      • HTB Post
  • 🟧BurpSuite Academy
    • BSA Overview
      • GraphQL API vulnerabilities
        • Accessing private GraphQL posts
        • Accidental exposure of private GraphQL fields
        • Finding a hidden GraphQL endpoint
  • 🏁Competitions
    • Competition Overview
      • GM Bug Bounty Competition
Powered by GitBook
On this page
  1. TryHackMe
  2. THM Overview
  3. Advent of Cyber 2022

[Day 17] Secure Coding

December 17, 2022

For this challenge, The focus remains on secure coding practices as I look at methods to help file validation with user input. THM believes that regex is a tool to be used in helping secure some applications, of couse THM also believes there are other techniques and no one silver bullet.

Flags

Filtering for Usernames: How many usernames fit the syntax above?

8

egrep '^[a-zA-Z0-9]{6,12}$' strings

Filtering for Usernames: One username consists of a readable word concatenated with a number. What is it?

user35

Filtering for Emails: How many emails fit the syntax above?

11

egrep '^.+@.+.com$' strings

Filtering for Emails: How many unique domains are there?

8

Filtering for Emails: What is the domain of the email with the local-part "lewisham44"?

amg.com

Filtering for Emails: What is the domain of the email with the local-part "maxximax"?

fedfull.com

Filtering for Emails: What is the local-part of the email with the domain name "hotmail.com"?

hussain.volt

Filtering for URLs: How many URLs fit the syntax provided?

16

egrep '^http(s)?.{3}.+..+$' strings

Filtering for URLs: How many of these URLs start with "https"?

7

egrep '^https.{3}.+..+$' strings

Previous[Day 16] Secure CodingNext[Day 18] Sigma

Last updated 2 years ago

🟦
  • Flags
  • Filtering for Usernames: How many usernames fit the syntax above?
  • Filtering for Usernames: One username consists of a readable word concatenated with a number. What is it?
  • Filtering for Emails: How many emails fit the syntax above?
  • Filtering for Emails: How many unique domains are there?
  • Filtering for Emails: What is the domain of the email with the local-part "lewisham44"?
  • Filtering for Emails: What is the domain of the email with the local-part "maxximax"?
  • Filtering for Emails: What is the local-part of the email with the domain name "hotmail.com"?
  • Filtering for URLs: How many URLs fit the syntax provided?
  • Filtering for URLs: How many of these URLs start with "https"?