[WarGame] code-breaking.com solution

 

easy – http://51.158.75.42:8087/

Continue reading →

[SECCON 2018 QUALS] shooter – RE 434

shooter
Enjoy the game!
Download

In every challenge, we first use it to get the overview of the app, so install the apk and open it to see what it does

Shoot game?

End, input name to be ranked!

Uh…oh… why are so many strange names? We can guess the app connect to the server and receive/send the records.

Continue reading →

[Codegate CTF 2018] Impel Down – Misc

#Meepwn CTF Team

Challenge:

nc ch41l3ng3s.codegate.kr 2014

Solved by:

@tinduong & @tsug0d

Writeup:
Another pyjail challenge, its interesting, we nc to the server, the challenge begin:

Continue reading →

[HITB CTF Singapore 2017] Web 434 – Website

Challenge:

No description
http://47.88.218.105:20010/

The login form!, we create an account and login to it, the challenge begin!

Continue reading →

[HITB CTF Singapore 2017] Web 512 – Blog

Challenge:

No description.
http://47.74.147.34:20011

Well, another site :D, after surfing, check burp history and something interesting appear:

Continue reading →

[HITB CTF Singapore 2017] Web 425 – Pasty

Challenge:

Can you find the administrator’s secret message?
http://47.74.147.52:20012

In the first look, it seems like a page which save our text. I decided to create an account, login, and observe in burp-suite. Something interesting appears:
Continue reading →

[SVATTT 2016] simplehttp – web300

Challenge:

Why do I have to use Apache/Nginx when I can build it myself with less than 60 lines of code.
main.rb

Chào các bạn, mình đã trở lại với bài writeup web cuối (giống năm ngoái), tuy nhiên vị trí đã khác đi vì mình hông còn đi thi nữa T_T

Đối với những bài cho source thì mình luôn tôn trọng tác giả làm ra => đọc source trước, fuzzing sau. Continue reading →