PwnDiary

Everything about security

Category

Write-ups

Capture The Flag write-ups

[Viettel Mates CTF 2018] Viettel Store Write-up (Crypto100)

Thank God It’s Weekend! Let’s go shopping! Source: https://drive.google.com/file/d/167se6uAZ48Bt5k34m37LOK1tD2wt3Tsb/view?usp=sharing nc 13.251.110.215 10001 Let’s connect to the server and see what’s going on before we move on to the source code.

It welcomes us with a shop interface where we… Continue Reading →

[Viettel Mates CTF 2018] Web Token Write-up (Crypto100)

Source code: https://drive.google.com/open?id=1uLeYsqnLNVNMurQ11q2ustvW2o_V7IPl Server: http://ec2-13-229-142-46.ap-southeast-1.compute.amazonaws.com:9999 The website simply asks for our name, then it welcomes us and asks whether we are administrator or not. It decides if we are administrator or not using the cookie created which is named as… Continue Reading →

[Angstrom CTF 2018] Hellcode Write-up (Pwn200)

This program will execute any arbitrary code you give it! Well, almost any — it prohibits syscalls, and only gives you 16 bytes of space. These incredible security features were added at the last minute to ensure nobody can read… Continue Reading →

[Angstrom CTF 2018] File Storer Write-up (Web160)

My friend made a file storage website that he says is super secure. Can you prove him wrong and get the admin password? After we sign up and login, the website allows us to upload files from URLs. At first,… Continue Reading →

[Angstrom CTF 2018] Product Key Write-up (Reverse200)

Artemis wants a copy of Windows, but she doesn’t feel like paying for it. She decided to hack Microsoft’s servers to generate a product key, and found their verification software, which runs on Linux for some reason. Can you get… Continue Reading →

[Angstrom CTF 2018] The Best Website Write-up (Web230)

I have created what I believe to be the best website ever. Or maybe it’s just really boring. I don’t know. After checking the source code of the page, I noticed the following comment:

Then, I decided to check… Continue Reading →

Copyright © 2018 PwnDiary