[SECCON 2018 QUALS] shooter – RE 434

Enjoy the game!

In every challenge, we first use it to get the overview of the app, so install the apk and open it to see what it does

Shoot game?

End, input name to be ranked!

Uh…oh… why are so many strange names? We can guess the app connect to the server and receive/send the records.

Continue reading

[SVATTT 2016] simplehttp – web300


Why do I have to use Apache/Nginx when I can build it myself with less than 60 lines of code.

Chào các bạn, mình đã trở lại với bài writeup web cuối (giống năm ngoái), tuy nhiên vị trí đã khác đi vì mình hông còn đi thi nữa T_T

Đối với những bài cho source thì mình luôn tôn trọng tác giả làm ra => đọc source trước, fuzzing sau. Continue reading

[IceCTF] ImgBlog – Web130


I found this amazing blog about Iceland! Did I ever tell you that I love Iceland? It seems to be made from scratch by a single guy although being impressive, he doesn’t seem too have much experience with web programming. Can you see if you can find any vulnerabilites to pwn his machine?

This is nice website, first we have to login to access some function of it.
This chall is about 2 stage: Continue reading