Skip to content Skip to navigation
writeup
23 Sep

Explicit (pwn 500)

Category: 

The task was to find vulnerability in binary service explicit (binary and exploit). Like other tasks at this CTF, this one was easy enouth.

After downloading file and opening it in IDA I'd found that it's x86 ELF which has no imported functions. Unfortunately Hex-Rays FLIRT didn't help me that time, but x86 decompiler works fine and few minutes was enouth to reconstruct main function and identify high level apis. Result I've got is the next:

writeup
02 Jun

Web 200

Category: 

The sense of this task is to login with user which idx=1. But we don't know, who has this idx

The algoritm for cookie is CRCR32 and this is strange. Because this hash purpose is not for crypto, it's for checksums. But for first try code of server look's good enough. REALY THANK TO ORGS, BECAUSE CODE IS GREAT AND SIMPLE, SO IT'S REALY EASY TO UNDERSTAND THE LOGIC OF SERVER

writeup
01 Jun

yayaya

Category: 

After decompilation of given SWF file we have found that the code can be divided in two parts. First one is responsible for moving sections of ELF file from SWF's resources to virtual memory. The second one draws black font picture and small colored blocks. The most intresting thing is that position and size of these small colored blocks are defined from ELF binary.

So we get SWF using Crossbridge. So the swf generating the pictures every n milliseconds, but n is always different, and we just need to sum the frames, to get flag

writeup
01 Jun

Brain fuzzing

Category: 

This kind of famous task. You have board with buttons, wich have 2 positions. In Russia there is old quest game with brother pilots and there was the same task to open the fridge with board 4x4. And there was solution remember all buttons in first position. And switch all this buttons one by one. Repeating this algoritm from 1 to 3 times, you will win.

Pages

Subscribe to BalalaikaCr3w RSS