All posts by laxa

English [3DS CTF] [Web 200 – MapOs] Write up


Ouvi no elevador uma conversa do pessoal da empresa ao lado da MapOs e descobri que o sistema principal deles esta passando por uma reformulacao devido a 2 falhas. Uma delas de autenticacao, mas sobre a outra, so sei que pode levar um hacker a ganhar acesso ao servidor principal deles.
Como bom hue_br que voce e , de uma olhada l. Tem um arquivo no servidor deles com a flag.
Vou ser bonzinho: comece pelo
– Container desse chall sao reiniciados a cada 3h. Em outras palavras, incluia isso no seu calculo para resolver o chall antes do reboot.
I just overheard a conversation from the company next door to MapOs and found out that their main system is being updated due to 2 bugs. One of them is related to authentication, but I don’t know nothing about the other one besides the fact that it could lead an attacker to gain access to their main server.
Being such a good hacker as you are, take a look over there. There’s a file in their server with the flag.
PROTIP: begin with
– Container for this chall is restarted every 3h. In other words, your entire effort should be done in less than 3h from last restart.

Solved by 10 teams

Continue reading [3DS CTF] [Web 200 – MapOs] Write up

English [3DS CTF] [Exploit 300 – Please, no.] Write up


This time the programmer did a better job to hid his flag. But the problem still: It’s vulnerable. Can you obtain the flag?
Send to 9003

Dessa vez o programador caprichou um pouco mais na hora de esconder sua flag. O problema que continua vulneravel. Consegue extrair a flag?
Envie para 9003

Solved by 32 teams
Bonus solved by 5 teams


Continue reading [3DS CTF] [Exploit 300 – Please, no.] Write up

English [Hack The Vote 2016] [Exploit 300 – FOX Voting Simulator] Write up


In primaries, it is important to get the most attention. With 12 candidates all sharing the stage, it can be hard to pull in voters. Luckily Mr Trump doesn’t have much problem with that, but we have a strategy to secure the vote for good. We have found voters respond very well to name recognition, and which ever candidate is polling the highest. We see a snowball effect if we can tip a few online polls his way, then it will be easier for him to take the real ones, and then eventually the nomination.

We were able to dump some of the source code from FOX’s new online poll service. We couldn’t get everything, but I’m sure that is no problem for you.


nc 9000

author’s irc nick: itszn

26 solves
Continue reading [Hack The Vote 2016] [Exploit 300 – FOX Voting Simulator] Write up