TPC (web, 310p, 33 solves) Description The challenge implements a simple python application taking an URL as parameter. It allows us to perform SSRF and local file disclosure.
Reading a file on the server is as simple as:
$ curl -s --output - 'http://35.194.175.80:8000/query?site=file:///etc/passwd' root:x:0:0:root:/root:/bin/ash bin:x:1:1:bin:/bin:/sbin/nologin [...] We first needed to be sure what the python code does. To find this out, we tried to find where it was located:
The flag is on the wings of the flying plane. It is possible to get the flag without instrumenting or modifying the binary. Tested on Ubuntu 16.04, Ubuntu 18.04, and Ubuntu 20.04. You should use a system able to run the game at approximately 60 fps. It requires: sudo apt-get install freeglut3
nc babymaze.challenges.ooo 7777 Files: BabyMaze 4d7aabfb62d46ea98379254a62023f178c1922c0908f3ff19634ca8c22f97cef Overview This challenge is about a game binary communication with a classic TCP server.
For this task, a very simple Python application and its source code is provided.
Sources
Analysis The application let us register, login, submit a link and edit a single field “note” that will be displayed on /profile.
The application code is pretty straightforward and allows us to insert markdown on our own profile page.
The python code responsible for markdown rendering (md2html) is the following:
@app.route("/update_notes", methods=["POST"]) @login_required def update_notes(): # markdown support!
Introduction DotNetMe is obviously a Windows reverse task.
Two binaries are provided:
A PE32+ executable file (console) Another PE32+ DLL Both binary are .NET binaries are expected and are heavily obfuscated.
Technical details At first, we could see that both of the binaries are obfuscated and hard to read:
In fact, the symbol names are displayed in some kind of Unicode and all the logic is behind a “state machine”.
States:
nc challenge.uiuc.tf 11347 every day I do 100 push ups 100 sit ups 100 squats 100 crackmes ALL YOUR SOLUTIONS SHOULD BE ASCII https://www.youtube.com/watch?v=ElGLWB5ffGk Hello everyone !
This one was a bit tricky, since the gloal was to break 100 crackmes.
At connection, the TCP service send you a huge base64 string, which is an ELF encoded binary then asking you for a flag .. Like this:
[BASE64] What is the flag ?
This challenge was pretty intresting since I didn’t foud the flag in the first 30 seconds like the 3 previous one. Okay, first things ou can download the sample here : Login.apk.tar.xz
Right, an APK ! an Android Package !
Thirst thing I did i to disassemble it, with dex2jar and jd-gui.
So get a look at the first class ( you can see the ):
package sharif.cert.ctf; import android.view.View; import android.