PwnDiary

Everything about security

Page 2 of 7

[Angstrom CTF 2018] MadLibs Write-up (Web120)

When Ian was a kid, he loved to play goofy Madlibs all day long. Now, he’s decided to write his own website to generate them! When we checked the website, we see that we are expected to choose either┬áThe Tale… Continue Reading →

[Angstrom CTF 2018] Md5 Write-up (Web140)

defund’s a true MD5 fan, and he has a site to prove it. The website says that we need to give two different strings whose md5 hashes after prepended by the server’s secret salt are the same. It also shares… Continue Reading →

[Angstrom CTF 2018] Personal Letter Write-up (Pwn160)

Have you ever gotten tired of writing your name in the header of a letter? Well now there’s a program (source)to do it for you! Navigate to /problems/letter/ on the shell server to try your exploit out! Let’s analyze the… Continue Reading →

[XIOMARA CTF 2018] Slammer Write-up (Reverse200)

Slammer Let’s check the file first.

Let’s analyze it with IDA Pro.

First, it prints the string “password: “. Then, it allocates 0x100 bytes from the stack and reads up to 0x32 bytes from stdin. Since the buffer… Continue Reading →

[XIOMARA CTF 2018] Flag Locker Write-up (Web200)

We keep the flag secure. Secure!?. http://103.5.112.91:1234 Let’s check the website first.

We have two links. Let’s check both.

It looks we have Local File Inclusion (LFI) here. Let’s try to retrieve the source files for these two… Continue Reading →

[XIOMARA CTF 2018] Dig_Deep Write-up (Forensics150)

In reality, those rare few cases with good forensic evidence are the ones that make it to court. private.rar After extracting the file from the archive, I checked its signature first.

It is a DOS/MBR boot sector file. Since… Continue Reading →

« Older posts Newer posts »

Copyright © 2018 PwnDiary