Machines infected lots of Android smartphones and try to collect information on human behaviour... Have a look to their application and try to steal information on them.
So we have an android application file. Let's decompile its code!
First, we need to translate Dalvik bytecode to equivalent Java bytecode. I used enjarify for this:
This is the Web2 problem
The challenge simply states "Find the key!" and it gives us the challenge URL.
The first thing I usually do with a web challenge is to run dirbuster, spider the target and check the it with Nmap.
Checking with Nmap didn't result in anything interesting. However dirbuster did. I found two interesting folders.
The first one is "SecretAdminPanel" and the second one was "logs"
I visited "SecretAdminPanel" and I saw this.
Task:
You can try to sign messages and send them to the server, 52.0.217.48 port 60231. Sign the right message and you\'ll get the flag! Only problem---you don\'t have the signing key. I will give you this, though: sigs.txt is a file containing a bunch of signatures. I hope it helps. (P.S. Don\'t try and send the exact signatures in that file---that\'s cheating!)
Given archieve attached below.
Solution:
Description of task is pretty small:
52.0.164.37:8888
And link to file (ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, stripped).
Solution
After connecting to the server we receive the following menu:
We have just finished Ghost in the Shell code CTF in 12th place. Though GITS CTF is usually one of the best CTFs, but this year they weren't that good. The web task had a good idea but wan't correctly implemented, some people got the flag right away from others' exploitations. Forensics tasks wasn't really PURE forensic. Yet, I personally enjoyed the CTF and enjoyed cloudfs challenge.
Task description says that "seems like somebody got pwned http://188.40.18.67". When I went to the link I was immediately rickrolled.
This weekend we are going to take part in three on-site final challenges.
First one is D-CTF 2014 Final at DefCamp Conference (http://defcamp.ro/) on information security, Bucharest, Romania.
The second is CSCAMP CTF 2014 Final held at Cairo, Egypt (http://www.cairosecuritycamp.com/).
The description contains ip address and port to connect to and hint: IVs.
When we connect to given ip and port we can find that the server gives us result of encryption and 3 numbers that incrementing sequentially:
Description: Does it sound like a flag? Maybe... I don't know...
File: wiretap.wav
Solution:
Let's quickly analyze the file:
