Дано андроид приложение.
Распаковываем, декомпилим. Видим, что проверяется deviceId -> нет смысла запускать, т.к. будет работать только на одном устройстве.
Анализируем исходники, полученные с помощью декомпилятора:
1) Замечаем формирование ссылки и скачиваение файла с адреса вида:
Task:
Chisa and Arisu are trying to tell each other two halves of a very important secret! They think they're safe, because they know how cryptography works---but can you learn their terrible, terrible secret? They're available as services at 54.186.6.201:12346 and 54.186.6.201:12345 respectively.
http://bostonkeyparty.net/challenges/mitm2-632e4ecc332baba0943a0c6471dec2c6.tar.bz2
Task:
Xorxes is a hash collision challenge. The goal is to find a second preimage for the input string "Klaatubaradanikto". Submit it as the flag. UPDATE: It has been pointed out that there are multiple solutions. The flag is the one with md5sum '7179926e4253a0b405090df67f62c543'. (Use `echo -n FLAG | md5sum'.) UPDATE THE SECOND: The solution is short.
http://bostonkeyparty.net/challenges/xorxes-ad7b52380d3ec704b28954c80119789a.py
Task:
==========================================
OS : Ubuntu 13.10 x86
IP : 58.229.183.18 / TCP 8181
http://58.229.183.26/files/automata_7329666edefb3754ec91b7316e61bb7d
==========================================
Description:
Download Aski.
Solution:
After downloading file we can see that it's x86 ELF. The description tells us nothing, so the best way to understand what is it --- execution:) When we execute it, we will see a newly created conlose with very-very fast changing pictures (every picture is a set of ASCII symbols). Hmm.. maybe something intresting is hidden in those pictures?.. Let's take a look!
Task:
Flags for free!
nc 109.233.61.11 3120
Source code also provided (file mic_server.py)
GitHub запустил программу BugBounty. Вознаграждение за найденные уязвимости от 100 до 5000 $. Подробнее: https://bounty.github.com/
First we see the text on the page: "You must specify a nick". After quick look into source code of the page we understand that our URL must contain GET-parameter 'nick' with random value.
Then server sends us some leet-modified string like
51xty tw0 plu5 0n3
and expecting from us solution of this expression in the same format.
Experimentally found that there is only 4 leet-modified characters: '1' == 'i', '3' == 'e', '5' == 's', '0' == 'o'.
