Ouvi no elevador uma conversa do pessoal da empresa ao lado da MapOs e descobri que o sistema principal deles esta passando por uma reformulacao devido a 2 falhas. Uma delas de autenticacao, mas sobre a outra, so sei que pode levar um hacker a ganhar acesso ao servidor principal deles.
Como bom hue_br que voce e , de uma olhada l. Tem um arquivo no servidor deles com a flag.
Vou ser bonzinho: comece pelo email@example.com
– Container desse chall sao reiniciados a cada 3h. Em outras palavras, incluia isso no seu calculo para resolver o chall antes do reboot.
I just overheard a conversation from the company next door to MapOs and found out that their main system is being updated due to 2 bugs. One of them is related to authentication, but I don’t know nothing about the other one besides the fact that it could lead an attacker to gain access to their main server.
Being such a good hacker as you are, take a look over there. There’s a file in their server with the flag.
PROTIP: begin with firstname.lastname@example.org
– Container for this chall is restarted every 3h. In other words, your entire effort should be done in less than 3h from last restart.
Solved by 10 teams
Continue reading [3DS CTF] [Web 200 – MapOs] Write up →
This time the programmer did a better job to hid his flag. But the problem still: It’s vulnerable. Can you obtain the flag?
Send to 126.96.36.199 9003
NOW WITH SECRET BONUS!
Dessa vez o programador caprichou um pouco mais na hora de esconder sua flag. O problema que continua vulneravel. Consegue extrair a flag?
Envie para 188.8.131.52 9003
AGORA COM BONUS SECRETO!
Solved by 32 teams
Bonus solved by 5 teams
Continue reading [3DS CTF] [Exploit 300 – Please, no.] Write up →
In primaries, it is important to get the most attention. With 12 candidates all sharing the stage, it can be hard to pull in voters. Luckily Mr Trump doesn’t have much problem with that, but we have a strategy to secure the vote for good. We have found voters respond very well to name recognition, and which ever candidate is polling the highest. We see a snowball effect if we can tip a few online polls his way, then it will be easier for him to take the real ones, and then eventually the nomination.
We were able to dump some of the source code from FOX’s new online poll service. We couldn’t get everything, but I’m sure that is no problem for you.
nc fox.pwn.republican 9000
author’s irc nick: itszn
Continue reading [Hack The Vote 2016] [Exploit 300 – FOX Voting Simulator] Write up →
Cthulhu is too chaotic and has lost the machine with his files. Cthulhu still has an old fileserver running on it though… Get the flag from /flag in the filesystem.
Connect to cthulhu.fluxfingers.net:1509.
Continue reading [Hack.lu 2016] [EXPLOIT 200 – dataonly] Write up →
238 Teams solved.
Can your brain be a Python VM? (Please use Python 2.7)
Continue reading [Hitcon 2016] [REVERSE 50 – Handcrafted pyc] Write Up →