Skip to content Skip to navigation

Writeups

writeup
23 Jan

Isomni'hack 2017 teaser mindreader writeup

Category: 

 

Machines infected lots of Android smartphones and try to collect information on human behaviour... Have a look to their application and try to steal information on them.

So we have an android application file. Let's decompile its code!

First, we need to translate Dalvik bytecode to equivalent Java bytecode. I used enjarify for this:

writeup
08 May

Web2 writeup

Category: 

This is the Web2 problem

The challenge simply states "Find the key!" and it gives us the challenge URL.
The first thing I usually do with a web challenge is to run dirbuster, spider the target and check the it with Nmap. 

Checking with Nmap didn't result in anything interesting. However dirbuster did. I found two interesting folders.
The first one is "SecretAdminPanel" and the second one was "logs"

I visited "SecretAdminPanel" and I saw this.

writeup
04 Mar

Wood Island (Crypto - 150)

Category: 

Task:

You can try to sign messages and send them to the server, 52.0.217.48 port 60231. Sign the right message and you\'ll get the flag! Only problem---you don\'t have the signing key. I will give you this, though: sigs.txt is a file containing a bunch of signatures. I hope it helps. (P.S. Don\'t try and send the exact signatures in that file---that\'s cheating!)

Given archieve attached below.

Solution:

writeup
21 Jan

cloudfs forensics(200)

Category: 

We have just finished Ghost in the Shell code CTF in 12th place. Though GITS CTF is usually one of the best CTFs, but this year they weren't that good. The web task had a good idea but wan't correctly implemented, some people got the flag right away from others' exploitations. Forensics tasks wasn't really PURE forensic. Yet, I personally enjoyed the CTF and enjoyed cloudfs challenge. 

Pages