หน้าเว็บ

วันเสาร์ที่ 21 พฤศจิกายน พ.ศ. 2558

Hack Dat Kiwi 2015: Phone Lock (Web) Write-up

Description:
A friend of mine forgot her phone password. I told her you're the hacker! Go get 'em tiger.
Solution:



          It use Javascript to validate and I just write a python script to solve this below.




Flag: 98635f80048b8abbd71e9bb55958a6c8

วันพุธที่ 4 พฤศจิกายน พ.ศ. 2558

School CTF 2015: Meaningless Text (Stegano) Write-up

Description:
It is absolutely meaningless text, isn't it?
Solution: 

1. View-source in page, I think it just a pattern in <em></em> tag and get some word like "flag is not this line but you think right way"


2. View-source again and look at <e></e> tag, It have <e>one</e> and <e>zero</e>, yeah it is binary!!

3. Write a python script to solve this below.

Good job. :D

Flag: flag_is_this_is_a_simple_stego

School CTF 2015: Cipollino, little onion (Admin) Write-up

Description:
Do you like containers as we do?
Solution: 

1. Rename an extension from jpg to rar.



2. Get a QRCode.



3. Decode QRCode in https://zxing.org/w/decode.jspx, get a c++ code.


4. Compile and run in http://www.tutorialspoint.com/compile_cpp_online.php


5. Replace ", " to space and replace "0x" to space, get a hex and decode it got a base64.

4236342759534139494363334d4341334e6941324e5341334d5341354e5341334d5341304f4341324f4341354e5341324f4341324e5341334e7941334f4341354e5341324e6941344d6941304f4341354e5341344e5341354e5341344d6941354e5341344d7941304f4341354e5341324e7941304f4341304f4341334e6941354e5341324f4341324f5341324e7941344d6941344f5341344d4341344e4341334f5341344d69634b436d3168637a316258516f4b6257467a50574575633342736158516f4a79416e4b516f4b5a6d397949476b6761573467636d46755a32556f624756754b47316863796b704f676f4a596a3170626e516f6257467a57326c644b516f4a597a316f5a58676f59696b4b43584279615735304b474d73494756755a44306e4943637043677077636d6c756443676e4a796b3d27

B64'YSA9ICc3MCA3NiA2NSA3MSA5NSA3MSA0OCA2OCA5NSA2OCA2NSA3NyA3OCA5NSA2NiA4MiA0OCA5NSA4NSA5NSA4MiA5NSA4MyA0OCA5NSA2NyA0OCA0OCA3NiA5NSA2OCA2OSA2NyA4MiA4OSA4MCA4NCA3OSA4MicKCm1hcz1bXQoKbWFzPWEuc3BsaXQoJyAnKQoKZm9yIGkgaW4gcmFuZ2UobGVuKG1hcykpOgoJYj1pbnQobWFzW2ldKQoJYz1oZXgoYikKCXByaW50KGMsIGVuZD0nICcpCgpwcmludCgnJyk='

6. Base64 Decode and get python code and run it.

a = '70 76 65 71 95 71 48 68 95 68 65 77 78 95 66 82 48 95 85 95 82 95 83 48 95 67 48 48 76 95 68 69 67 82 89 80 84 79 82'

mas=[]

mas=a.split(' ')

for i in range(len(mas)):
b=int(mas[i])
c=hex(b)
print(c, end=' ')

print('')

7. Result from python code.

0x46 0x4c 0x41 0x47 0x5f 0x47 0x30 0x44 0x5f 0x44 0x41 0x4d 0x4e 0x5f 0x42 0x52 0x30 0x5f 0x55 0x5f 0x52 0x5f 0x53 0x30 0x5f 0x43 0x30 0x30 0x4c 0x5f 0x44 0x45 0x43 0x52 0x59 0x50 0x54 0x4f 0x52

8. HEX Decoding.

464c41475f4730445f44414d4e5f4252305f555f525f53305f4330304c5f444543525950544f52

Flag: FLAG_G0D_DAMN_BR0_U_R_S0_C00L_DECRYPTOR

School CTF 2015: Hunger games (Web) Write-up

Description:
Oh, that monkey is really annoying, can you feed it please?
Solution: 

1. A monkey want banana, but in a choice not have banana.


2. Send banana to monkey by Burp Suite. :3


Flag: l375_$7ar7_w3b_h4ck5