SunshineCTF 2020 - Lil Chompy's
pwn, custom heap implementation
Overview Featuring custom heap management, this Pwn challenge lets us embark on a quest to hack into a CLI theme park designer to free the alligator Lil Chompys from the clutches of BSides Orlando. We are given the binary together with its c source code, containing the application as well as a custom heap implementation. A theme park planner First off, the program presents us with a password check. Looking at the source code reveals... int main
VolgaCTF Quals - Netcorp
Ghostcat with RCE
Task Another telecom provider. Hope these guys prepared well enough for the network load... netcorp.q.2020.volgactf.ru Analysis The website is just a plain static site without any interesting content. The only action that you can do is click on the Complaint button, but that leads just to a 404 error page. Using a directory fuzzing tool to check if there is anything of interest not linked to be found, we stumble upon the /docs/ path. It contains a standard public documentation...
ENOWARS 3 - scavengepad
Unicode Normalization leads to bad things
Overview scavengepad was a ASP .NET Core 2.2 web service, using Entity Framework Core with PostgreSQL for data storage and a Redis instance for session storage. It allows its users to create shared operations and objectives, collaboratively edit associated markdown documents and upload files. 1st vuln: RNG thread-safety (saarsec) Members of the saarsec CTF team have written an excellent writeup of the service and the vulnerability they found – a problem...
RuCTFE 2019 - Household
hack.lu 2019 - Trees For Future
SSI injection, connect back to local MySQL, second order blind SQLi
Description We are TreesForFuture. We actively work towards getting more trees onto this planet. Recently we hired a contractor to create a website for us. While we still need to fill it with content in some places, you can already look at it http://184.108.40.206:1908. Preface Having scored the first blood and with only 2 teams solving the challenge, I thought it was almost mandatory to publish a write-up. I have to say that I really liked it,...
Tasteless 2019 - Gabbr
Overview gabbr is an online chatroom service. Upon loading the page, one joins a chatroom specified in the anchor part of the URL e.g. https://gabbr.hitme.tasteless.eu/#8f332afe-8f1d-411f-80f3-44bb2302405d. If no name is specified, a random UUID is generated upon join. The main functionality is to send messages in the chatroom. Furthermore, one can change the username to another randomly generated one, join a new random chatroom and report the chatroom to an admin. Upon reporting an admin joins the...
hack.lu 2019 - Car Repair Shop
prototype pollution, URL regex bypass, DOM-XSS
Challenge Description "Your Car broke down?! Come to our shop, we repair all cars! Even very old ones." Enter the Shop Analysis After accessing the URL of the challenge description the following page showed up: Here we can see several buttons which will execute certain functions when clicked. Below there is a message box which gets updated after some function was executed. At the bottom there was another button named Get your cookie! which lead to...
Monthly Meetup Monday
August Monthly Meetup! As always Open-to-All!
Where: @SBA Research (Floragasse 7, 1040 Wien, 5th Floor) When: Monday, 05.08.2018, 18:30 (CEST) What: Plans for upcoming CTFs Reviewing challenges of past CTFs $YOUR_TOPIC_HERE$ and of course Socializing ;)...
We participated in the iCTF 2019 and finished 2nd.
Last Friday we took part in this year's iCTF. The theme was "Race Condition", and like last year, the competition was open to everyone and hosted racing cars, err, vulnbox VMs were provided in the cloud 🌩️. New this year was a combination of Jeopardy challenges and classic Attack/Defense gameplay, "Jeopardy Defense" so to speak. The Jeopardy challenges were demanding by themselves (TI-83+ assembly, anyone?) and could be used to unlock functionality in the AD...
This time we don't have anything planned in particular, but if you're curious about CTFs you can just come and hang out with us. We might work on some OverTheWire Advent Calendar challenges as well. Where: @FH4, TU Wien (Wiedner Hauptstraße 8-10, 1040 Wien, Yellow Area) When: Thursday, 06.12.2018, 18:30 (CET) What: Nothing planned in particular Casual CTF discussion/challenge solving...