Skip to content Skip to navigation

SecuInside CTF Quals 2014

writeup
02 Jun

Web 200

Category: 

The sense of this task is to login with user which idx=1. But we don't know, who has this idx

The algoritm for cookie is CRCR32 and this is strange. Because this hash purpose is not for crypto, it's for checksums. But for first try code of server look's good enough. REALY THANK TO ORGS, BECAUSE CODE IS GREAT AND SIMPLE, SO IT'S REALY EASY TO UNDERSTAND THE LOGIC OF SERVER

writeup
01 Jun

yayaya

Category: 

After decompilation of given SWF file we have found that the code can be divided in two parts. First one is responsible for moving sections of ELF file from SWF's resources to virtual memory. The second one draws black font picture and small colored blocks. The most intresting thing is that position and size of these small colored blocks are defined from ELF binary.

So we get SWF using Crossbridge. So the swf generating the pictures every n milliseconds, but n is always different, and we just need to sum the frames, to get flag

writeup
01 Jun

Brain fuzzing

Category: 

This kind of famous task. You have board with buttons, wich have 2 positions. In Russia there is old quest game with brother pilots and there was the same task to open the fridge with board 4x4. And there was solution remember all buttons in first position. And switch all this buttons one by one. Repeating this algoritm from 1 to 3 times, you will win.

Subscribe to RSS - SecuInside CTF Quals 2014