Tsu BlogS ٩(^‿^)۶

Security Researcher !

[WarGame] code-breaking.com solution

Posted on December 13, 2018 by Tsu

easy – http://51.158.75.42:8087/

Continue reading →

[SECCON 2018 QUALS] shooter – RE 434

Posted on October 30, 2018 by Tsu

shooter
Enjoy the game!
Download

In every challenge, we first use it to get the overview of the app, so install the apk and open it to see what it does

Shoot game?

End, input name to be ranked!

Uh…oh… why are so many strange names? We can guess the app connect to the server and receive/send the records.

Continue reading →

[Codegate CTF 2018] Impel Down – Misc

Posted on February 4, 2018 by Tsu

#Meepwn CTF Team

Challenge:

nc ch41l3ng3s.codegate.kr 2014

Solved by:

@tinduong & @tsug0d

Writeup:
Another pyjail challenge, its interesting, we nc to the server, the challenge begin:
begin

Continue reading →

[HITB CTF Singapore 2017] Web 434 – Website

Posted on August 25, 2017 by Tsu

Challenge:

No description
http://47.88.218.105:20010/

The login form!, we create an account and login to it, the challenge begin!

Continue reading →

[HITB CTF Singapore 2017] Web 512 – Blog

Posted on August 25, 2017 by Tsu

Challenge:

No description.
http://47.74.147.34:20011

Well, another site :D, after surfing, check burp history and something interesting appear:

Continue reading →

[HITB CTF Singapore 2017] Web 425 – Pasty

Posted on August 25, 2017 by Tsu

Challenge:

Can you find the administrator’s secret message?
http://47.74.147.52:20012

In the first look, it seems like a page which save our text. I decided to create an account, login, and observe in burp-suite. Something interesting appears:
Continue reading →

[SVATTT 2016] simplehttp – web300

Posted on November 7, 2016 by Tsu

Challenge:

Why do I have to use Apache/Nginx when I can build it myself with less than 60 lines of code.
main.rb

Chào các bạn, mình đã trở lại với bài writeup web cuối (giống năm ngoái), tuy nhiên vị trí đã khác đi vì mình hông còn đi thi nữa T_T

Đối với những bài cho source thì mình luôn tôn trọng tác giả làm ra => đọc source trước, fuzzing sau. Continue reading →

[CSAW 2016] I Got Id – Web200

Posted on September 18, 2016 by Tsu

Chall:

Wtf... I literally just setup this website and it's already popped...

http://web.chal.csaw.io:8002/

This challenge is quite interesting, it focuses on perl 5 vulnerable which is presented at blackhat asia 2016. Continue reading →

[IceCTF] So Close – Pwn85

Posted on August 26, 2016 by Tsu

Challenge:

Yet so far :(
/home/so_close on the shell.

I’m starting to study pwn so this challenge took me a lot of time.
To solve this, i’ll talk about two steps: Continue reading →

[IceCTF] ImgBlog – Web130

Posted on August 26, 2016 by Tsu

Chall:

I found this amazing blog about Iceland! Did I ever tell you that I love Iceland? It seems to be made from scratch by a single guy although being impressive, he doesn’t seem too have much experience with web programming. Can you see if you can find any vulnerabilites to pwn his machine?

This is nice website, first we have to login to access some function of it.
This chall is about 2 stage: Continue reading →