Babyrev is reversing challenge on CSAW «Red team competition» where have to pass 99 rounds of input 4-digits code based on some check function. Main graph on IDA: Disassembly of check(): Dump of assembler code for function check: 0x0000000000400893 <+0>: push rbp 0x0000000000400894 <+1>: mov rbp,rsp 0x0000000000400897 <+4>: mov QWORD
Intro As a frequently player on cybergames and ctf’s this year wanted play on prequal of Cybercamp CTF 2018 organized by INCIBE. This allows me to take a snapshot of the maturity and quality of both platforms and challenges, apart from having a good time solving some problems (not always played
Intro As a frequently player on cybergames and ctf’s this year wanted play on prequal of Cybercamp CTF 2018 organized by INCIBE. This allows me to take a snapshot of the maturity and quality of both platforms and challenges, apart from having a good time solving some problems (not always played
Intro As a frequently player on cybergames and ctf’s this year wanted play on prequal of Cybercamp CTF 2018 organized by INCIBE. This allows me to take a snapshot of the maturity and quality of both platforms and challenges, apart from having a good time solving some problems (not always played
I have a little time to join on BITSCTF with my team defconUA and want to put some writeup on one of the task i was working. They give us a pcapng named ‘Cat.pcapng’. Ok, challenge name is «Tom and Jerry» and all the things we see inside pcap is
Here another edition of n00bs infosec CTF. 13 Levels, i will add as soon as i can complete, so stay tuned and keep visiting this post. Remember first edition ?. Level 2 A simple calculator. Need to inject something that breaks the php code and prints something like phpinfo(). After several
This time InfoSec Institute bring us the opportunity to learn a very basic concepts for n00bs on a CTF with 15 Levels. Level 1 Just browse the source and see the comment. <!– infosec_flagis_welcome –> flag: infosec_flagis_welcome Level 2 Seems we have a broken image here. Just to see binary output
First, happy new year to all. This time we are going to see how to solve ynos task from the last weekend, Insomnihack 2015 teaser. Good work to the people behind the scenes :). This web task presents several vulnerabilites that we must exploit to get the flag. A login
This challenge has a a bit more complicated solution proceess and more fun to learn. We have a login page that stay inmmutable to our several injection attacks. The only weird thing is a comment on the source page, vim editor staff. <!– vim: set ts=2 sw=2: –> So this
This year «No cON Name Capture The Flag» quals had more than three challenges to compete for the final, so big thanks to organizers to extend last year limit. At now ( 09:27 am GMT+2 ), @DefCon-UA (dcua team) have finished all challenges and have left +12 hours for competition’s
Dear fellow Hackers!, thanks for signing up for the 2nd SQLiLab CTF. The CTF is now on!. Before you go all out hacking the CTF, here are some rules of the engagement: 1. Strictly no brute-forcing. There is no need to brute-force anything. If we see any excessive brute-forcing attempt,
Hi all!. Last february i have participated on Security BSides Challenges, here: https://www.securitybsides.org.uk/challenge1.html https://www.securitybsides.org.uk/challenge2.html Yesterday @AlecRWaters contacts me to confirm that we get second position on both challenges. So got a ticket to this infosec conference. "Hi , I’m delighted to announce that you’ve won second prize in both Challenge 1 and
A simple task named spcap (simple pcap). We open it with wireshark and get the Statistics->Conversations. Some SSH, HTTP on it. Apply this filter on HTTP: ip.addr==172.16.133.133 && tcp.port==52694 && ip.addr==172.16.133.149 && tcp.port==80 We notice that if we follow TCP stream there’s a GET request file called «/files/flag.jpg», so we
Mission This zombie apocalypse is a tough thing. Dozens of zombies are following you and looking forward to have a nice snack, when some fat guy appears. You outrun him easily, so eating all of him will keep the zombies busy – for a while. So after you keep running