Author's posts

Hack.lu 2010 CTF #16 (Rattlesnake’s Riddle) writeup

Solve this riddle to impress Captain Rattlesnake! download The .pyc file is a byte-compiled python code, and there is a wonderful tool called uncompyle to deal with it. $ decompyle secret.pyc > secret.py The decompyled file: 1. Takes 3 arguments 2. Checks 2nd to be 1337 3. Calculates ‘token‘ value, which is 11111112671 4. After some …

Continue reading

Leet More 2010 LameHackers writeup

Category: crypto Greetings from LameHackers Inc.! We have hacked into the internal Pentagon computer system and managed to steal their text-file-where-they-keep-the-root-password. But the password doesn’t work :( Can you help us? File Ok, first of all I want to thank everyone participating in Leet More 2010, it was a cool competition, though on wednesday. And …

Continue reading

Leet More 2010 Oh Those Admins! writeup

Category: web-vuln?! http://vos.uz/oh_those_admins/ http://vos.uz/oh_those_admins/index.php.txt The php script takes a ‘password’ as input, calculates its raw (binary) md5, performs SQL query: SELECT login FROM admins WHERE password = ‘$raw_md5′ and if it returns something, gives us full list of admins. Raw md5 can contain any chars, and script puts them in query as is – it’s …

Continue reading

Leet More 2010 Jailbreak writeup

Category: CTB A piece of code is currently up @ ctf.ifmo.ru:4004 BTW, here is what’s inside the jail: vos@ms7:~/private_data$ ls -la total 20K d——r-x 2 alice alice 4.0K Aug 21 00:23 . d——r-x 3 alice alice 4.0K Aug 21 00:29 .. ——-r– 1 alice alice 9.0K Aug 21 00:23 key Ok, we have this binary …

Continue reading

Leet More 2010 brainfffuuuuu writeup

Category: CTB This binary is running at ctf.ifmo.ru Are you able to get the key?! Let’s take a look at what the binary is doing (decompilation of its main function begin_the_fucking() will help us): 1. Prints out some prompt 2. Reads 30 bytes 3. Interprets them as Brainfuck code. and here is what the stack …

Continue reading

Leet More 2010 SHAdow dROP writeup

Category: reverse Generate a license! shadowdrop.exe Lets start with examining the binary. It installs a SEH handler with “bad guy” message, pushes some binary trash on the stack, opens “license.key“, and for each 5 bytes in reads from license, it calculates their SHA-1 and xors another 20 bytes on stack with hash binary. After xoring …

Continue reading