Well, we don’t validate this challenge at time, but few secondes after the end … We just explain a quick way to do because this shitty challenge does not deserve a nice writeup. We were given a .vdi and a file called « lastdump ». This file was supposed to be encrypted (LUKS) but it was not […]
Private 100 was a nice but really easy challenge. Many people found it difficult but it was not. The first thing to do was to read the network capture to see the content. We see many things, like STP, ICMP, ARP, CDP… Well, our first though was to check ICMP data : nothing. After that, […]
For this funny challenge, a .exe was given. In the first place, we check for packers by using Protection iD : Actually we don’t need to unpack it as we’ll just attach Ollydbg to the process. Then we put a memory breapoint at 0x400000, then just move the window to trigger the breakpoint. (Do not […]
Let’s connect to the service : After some tests, Notfound found (*tadam tss*) that the phone field can be used to inject hexa code when you register a new user : After that, when you log as the « po » user and type the « HISTORY » command, the injection happened. So (after many tests…) let’s try to […]
This task is a Crackme/Reverse task worth 500 points from the Nuit du Hack qualifications. We were given an ELF : superman: ELF 32-bit LSB executable, Intel 80386, invalid version (SYSV), for GNU/Linux 2.6.24, dynamically linked, interpreter 04, corrupted section header size This task is very similar to the Clark Kent. Except that there is […]
Description: Romors say that something is buried in treasure.ctf.0ops.sjtu.cn, happy treasure hunting. 🙂 First of all, we do a DNS request : Well, we see that the IPv4 pointing on localhost, but the IPv6 is more interesting. Let’s try a ping6 on it: Well, it works 🙂 We decide to traceroute6 on it : Ok, […]
This task is a web task worth 250 points from the 0CTF 2015. There is an input field, and two buttons : Login and FLAG. FLAG gives us the source code of the task, without the db credentials : At this point, I was a bit sad, because I wanted to get the flag. 😦 […]
