All posts by laxa

[3DS CTF] [Web 200 – MapOs] Write up

Description

[PT-BR]
Ouvi no elevador uma conversa do pessoal da empresa ao lado da MapOs e descobri que o sistema principal deles esta passando por uma reformulacao devido a 2 falhas. Uma delas de autenticacao, mas sobre a outra, so sei que pode levar um hacker a ganhar acesso ao servidor principal deles.
Como bom hue_br que voce e , de uma olhada l. Tem um arquivo no servidor deles com a flag.
Vou ser bonzinho: comece pelo admin@admin.com
– Container desse chall sao reiniciados a cada 3h. Em outras palavras, incluia isso no seu calculo para resolver o chall antes do reboot.
[EN]
I just overheard a conversation from the company next door to MapOs and found out that their main system is being updated due to 2 bugs. One of them is related to authentication, but I don’t know nothing about the other one besides the fact that it could lead an attacker to gain access to their main server.
Being such a good hacker as you are, take a look over there. There’s a file in their server with the flag.
PROTIP: begin with admin@admin.com
– Container for this chall is restarted every 3h. In other words, your entire effort should be done in less than 3h from last restart.

Solved by 10 teams

Continue reading [3DS CTF] [Web 200 – MapOs] Write up

[3DS CTF] [Exploit 300 – Please, no.] Write up

Description

[EN]
This time the programmer did a better job to hid his flag. But the problem still: It’s vulnerable. Can you obtain the flag?
Send to 209.190.1.131 9003
NOW WITH SECRET BONUS!

[PT-BR]
Dessa vez o programador caprichou um pouco mais na hora de esconder sua flag. O problema que continua vulneravel. Consegue extrair a flag?
Envie para 209.190.1.131 9003
AGORA COM BONUS SECRETO!

Solved by 32 teams
Bonus solved by 5 teams

binary

Continue reading [3DS CTF] [Exploit 300 – Please, no.] Write up

[Hack The Vote 2016] [Exploit 300 – FOX Voting Simulator] Write up

Description

In primaries, it is important to get the most attention. With 12 candidates all sharing the stage, it can be hard to pull in voters. Luckily Mr Trump doesn’t have much problem with that, but we have a strategy to secure the vote for good. We have found voters respond very well to name recognition, and which ever candidate is polling the highest. We see a snowball effect if we can tip a few online polls his way, then it will be easier for him to take the real ones, and then eventually the nomination.

We were able to dump some of the source code from FOX’s new online poll service. We couldn’t get everything, but I’m sure that is no problem for you.

foxSim

nc fox.pwn.republican 9000

author’s irc nick: itszn

26 solves
Continue reading [Hack The Vote 2016] [Exploit 300 – FOX Voting Simulator] Write up