Skip to content Skip to navigation
writeup
04 Mar

NEOQUEST 2014 Quals - Hasta la vista

Category: 

Дано андроид приложение.

Распаковываем, декомпилим. Видим, что проверяется deviceId -> нет смысла запускать, т.к. будет работать только на одном устройстве.

Анализируем исходники, полученные с помощью декомпилятора:

1) Замечаем формирование ссылки и скачиваение файла с адреса вида:

writeup
02 Mar

MITM II: Electric Boogaloo (Crypto 200)

Category: 

Task:

Chisa and Arisu are trying to tell each other two halves of a very important secret! They think they're safe, because they know how cryptography works---but can you learn their terrible, terrible secret? They're available as services at 54.186.6.201:12346 and 54.186.6.201:12345 respectively.

http://bostonkeyparty.net/challenges/mitm2-632e4ecc332baba0943a0c6471dec2c6.tar.bz2

writeup
01 Mar

Xorxes the Hash (Crypto 200)

Category: 

Task:

Xorxes is a hash collision challenge. The goal is to find a second preimage for the input string "Klaatubaradanikto". Submit it as the flag. UPDATE: It has been pointed out that there are multiple solutions. The flag is the one with md5sum '7179926e4253a0b405090df67f62c543'. (Use `echo -n FLAG | md5sum'.) UPDATE THE SECOND: The solution is short.

http://bostonkeyparty.net/challenges/xorxes-ad7b52380d3ec704b28954c80119789a.py

writeup
24 Feb

Automata

Category: 

Task:

==========================================

OS : Ubuntu 13.10 x86

IP : 58.229.183.18 / TCP 8181

http://58.229.183.26/files/automata_7329666edefb3754ec91b7316e61bb7d

==========================================

writeup
12 Feb

Aski (Binathlon 300)

Category: 

Description:

Download Aski.

Solution:

After downloading file we can see that it's x86 ELF. The description tells us nothing, so the best way to understand what is it --- execution:) When we execute it, we will see a newly created conlose with very-very fast changing pictures (every picture is a set of ASCII symbols). Hmm.. maybe something intresting is hidden in those pictures?.. Let's take a look!

writeup
04 Feb

Challenge 1: Guerilla

Category: 

First we see the text on the page: "You must specify a nick". After quick look into source code of the page we understand that our URL must contain GET-parameter 'nick' with random value.

Then server sends us some leet-modified string like 

51xty tw0 plu5 0n3

and expecting from us solution of this expression in the same format.

Experimentally found that there is only 4 leet-modified characters: '1' == 'i', '3' == 'e', '5' == 's', '0' == 'o'.

Pages

Subscribe to BalalaikaCr3w RSS