Navegando por
Categoría: Write Up

IceCTF – Modern Picaso

IceCTF – Modern Picaso

This test provides us this GIF file:     For solve this challenge, you have been split this gif for extract all their frames, and then, put black pixels from all frames in the same position, but in new 300×300 image. I maked this with python and PIL:   1- Extract all picasso gif frames in picasso dir: ~/picasso$ convert -coalesce picasso.gif image00%05d.png 2- Execute the script like this: ~/picasso$ python tool_img.py image0000001.png image0000008.png image0000015.png image0000022.png image0000029.png image0000036.png image0000043.png image0000050.png…

Leer más Leer más

IceCTF – Poke a Mango

IceCTF – Poke a Mango

This  test provides us an APK file through this link, called pokeamango.apk.   Analysis This android application is similar to Pokemon GO, it’s about capturing mangoes, to be able to buy the flag once you have 151 captured. Analyzing the apk with jadx-gui, you can see the requests that we need. A first request lists the «mangoes» that we have nearby:   REQUEST: POST /mango/list HTTP/1.1 Host: pokeamango.vuln.icec.tf Content-Length: 51 Accept: */* Origin: file:// User-Agent: Mozilla/5.0 (Linux; Android 7.1.1; Custom Tablet…

Leer más Leer más

Hackim Nullcon CTF – OSINT4

Hackim Nullcon CTF – OSINT4

ID-10-T Team     In this challenge they give us an ip address and we have to exploit a configuration flaw, to return the control to the legitimate owners. The first thing, scan the ports for this IP address:   nmap -sS 54.85.105.103 Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-11 13:08 EST Nmap scan report for ec2-54-85-105-103.compute-1.amazonaws.com (54.85.105.103) Host is up (0.18s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Nmap done:…

Leer más Leer más

Codegate CTF 2018 Preliminary – Welcome to droid

Codegate CTF 2018 Preliminary – Welcome to droid

This  test provides us an APK file through this link, called droid.apk. Analysis The first thing we do is install it on a genymotion android virtual machine, and execute it:   If we click next, pass to following challenge:   At this stage, if we click, it returns an error message. Then, we open it with jadx-gui  and analyze it. We see that there are several classes in the com.example.puing.a2018codegatepackage: These classes give us a hint as to the order in which…

Leer más Leer más

NullCon CTF: Reverse Level 5 (500 points)

NullCon CTF: Reverse Level 5 (500 points)

The first thing I did was making a static analysis. When you open the executable with IDA Pro, the first thing you see is the WinMain function: Analyzing the first function of WinMain (Sub_401250), you can see that it contains anti-debug mechanisms, so when the program is run, it will have put a break point and change EIP value for skip this function: Once I saw what the first function did, I went to the second function of WinMain (sub_401110), the first thing…

Leer más Leer más