[CodeGate 2017] Write-up (angrybird, babypwn, easycrack101, messenger)

BabyPwn: Biến chuỗi được khai báo 0x28 byte tuy nhiên lại được đọc từ socket đến 0x64 byte. Chương trình có stack-protector, tuy nhiên chương trình lại echo ra chính chuỗi ấy và chạy fork nên cookie đó sẽ không đổi => Leak cookie. Do nhận input là từ socket nên system(“sh”) cũng sẽ ko… Read More »

[AlexCTF 2017] Write-up

Hi! I show how to solve some challenges in AlexCTF 2017 Trivia TR1: Hello there (10):  Why not drop us a few lines and say hi :). The flag is put in the topic of IRC channel #alexctf @freenode.net : ALEXCTF{W3_w15h_y0u_g00d_luck} TR2: SSL 0day (20): It lead to memory leakage between servers and clients rending… Read More »

[Insomni’hack teaser 2017] baby write-up (pwn 50)

I read and solved “baby” challenge after the end of the CTF. I forgot Insomni’hack teaser CTF – the first CTF in 2017!! Poor me! 🙁 I am too busy preparing Tet holiday, the most important celebration in Vietnamese culture. Today, the game is closed. “baby” challenge is easy. Let’s do it.  This challenge has… Read More »

[33C3 CTF] smartfridge2 write-up (Crypto 75)

Introduction This is the second challenge in the smartfridge series. Please read the smartfridge1 write first! Your flatmate told you about this delicious yoghurt that he has put into his shelf. Unfortunately you do not know his pin code. However, you recorded the last time he interacted with the refrigerator. Can you take his yoghurt?… Read More »

[33C3 CTF] smartfridge1 write-up (RE 150)

Introduction This is the first of the smartfridge challenges series. We’ve developed a new smart refrigerator with networking functionality. We have adopted the proven Bluetooth LE 4.0 crypto protocol to secure your food from your flatmates. There are two lockable shelves. Shelf number 1 belongs to you. Find the fridge at The pincode for… Read More »

[33C3 CTF] ESPR write-up (pwn 150)

Description: This challenge is pretty simple but there is no binary. It accepts data from user and replies it. It uses printf() function to make response. There is format string vulnerability. OK! Challenge accepted! After a few tests, I see: if input is %42$16lx, output will be 400490. It looks like an address of binary. I… Read More »

Hack The Vote 2016 write-up: Trump Trump (Crypto 100)

Trump Trump 100 With Trump about to be in office, autographed photos of him are selling like wildfire. The only problem is: Trump makes it a point to never sign a photo of himself. If you could get a signed picture, you could stand to make DOZENS of dollars. nc trumptrump.pwn.republican 3609 trump trumpkey author’s… Read More »

Hack The Vote 2016 write-up: The Best RSA (Crypto 250)

The Best RSA 250 At his last rally, Trump made an interesting statement: I know RSA, I have the best RSA The more bits I have, the more secure my cyber, and my modulus is YUUUUUUUUUUUUUGE We don’t believe his cyber is as secure as he says it is. See if you can break it… Read More »

EKOPARTY 2016 write-up: The Fake Satoshi (Misc 300)

The Fake Satoshi (misc, 300 points) Hello Mr. Giarc, upload again your false PGP key to pgp.mit.edu and send us any file you want with its signature to prove you are the fake Satoshi! The key on the server should look like the following line (case sensitive) Type bits/key ID Date user ID pub 1024R/5EB7CB21… Read More »

EKOPARTY 2016 write-up: Old but gold (Misc 250)

Old but gold These QR codes look weird Hint Flag on UPPERCASE! Attachment misc250_100ff979353dd452.zip First, we opened the folder, which contained a lot of Punched Card. Then we decoded the card using this code, written by PiggyBird’s captain.

Then, we had this sentences, which was seem to be nonsense. OF TIME PUNCHING THOSE NARDS,… Read More »