Boring

Insomni’Hack Teaser 2020 - Welcome - Writeup

This year we added a Proof of Work to some of our challenges. Just run python pow.py <target>, were target is the value provided by the server and get the flag. pow nc welcome.insomnihack.ch 1337 Run nc welcome.insomnihack.ch 1337, we get ====================================================================== ============ Welcome to the Insomni'Hack Teaser 2020! ============ ====================================================================== Give me an input whose md5sum starts with "1a3a7e" and get the flag ;) I completely forgot that there is a pow.
Read more

OverTheWire Advent 2019 Day24 - Got shell - Writeup

Visit the link, we get the web server’s c++ code. #include "crow_all.h"#include <cstdio>#include <iostream>#include <memory>#include <stdexcept>#include <string>#include <array>#include <sstream> std::string exec(const char* cmd) { std::array<char, 128> buffer; std::string result; std::unique_ptr<FILE, decltype(&pclose)> pipe(popen(cmd, "r"), pclose); if (!pipe) { return std::string("Error"); } while (fgets(buffer.data(), buffer.size(), pipe.get()) != nullptr) { result += buffer.data(); } return result; } int main() { crow::SimpleApp app; app.loglevel(crow::LogLevel::Warning); CROW_ROUTE(app, "/") ([](const crow::request& req) { std::ostringstream os; if(req.url_params.get("cmd") != nullptr){ os << exec(req.
Read more

OverTheWire Advent 2019 Day0 - Challenge Zero - Writeup

On https://advent2019.overthewire.org/challenge-zero we are presented with a fireplace gif. I first thought it’s a forensic challenge with the fireplace gif, but couldn’t find anything abnormal in the image. Then I checked the source code of the page. <html> <head> <title>Fireplace</title> <!-- browser detected: chrome --> </head> <body> <img style="width:400px;" src="/flames.gif"><pre>Fox! Fox! Burning bright! In the forests of the night! Hint: $ break *0x7c00</pre> </body> </html> We see that the server detects our browser and responds accordingly.
Read more