Hi, I’m Asem Eleraky -aka Melotover- and today I will show you how I could leverage an XSS vulnerability using XHR request to make the attacker be a Super Admin on the victim account!

First of all, This was a private program, so I will refer to it with example.com.
Let me tell you how I found the Reflected XSS vulnerability first.

Finding The XSS:

When I do my recon I usually check the out of scope domains and see if it has any relation to the in-scope stuff, so when I start to navigate a subdomain called community.example.com,


In this post, I am going to walk you through a Forensics CTF challenge from Arab Security Cyber Wargames 2020 Qualifications, Hope you enjoy reading!

MeowNetwork | 300 points

First of all, Let’s download the File and check the description of the challenge.

Challenge Description :

A hacker managed to get into meownetwork and leaked sensitive files of their respected baord members. The hacker uses ancient floppy disk technology, however, our security team managed to get a disk image of the files he leaked. Can you find out what really leaked?

The first look, This is a RAR file, Extracting files is Easy, Let’s take a look…


Welcome to my first Writeup ever!

In this post, I am going to walk you through a Forensics CTF challenge from Arab Security Cyber Wargames 2020 Qualifications, Hope you enjoy reading!

The-Impossible-Dream | 600 points

First of all, Let’s download the File and check the description of the challenge.

Challenge Description

At the first look, nothing interesting in the description, So let’s play with the File, After running it with file command it gives me just data.

Asem Eleraky

Computer Engineering Student | Bug Hunter | CTF Player | AKA Melotover

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store