Prologue This is the first time I have won a place in a CTF contest. Following are the score board and my score over time. Web Ave Mujica After some recons, I found the web server is built by gunicorn, and the web looks like having a directory traversal to LFI vulnerability. After I go do some research, I tried some LFI wordlist and finally got the flag by reading the /proc/self/environ. The PoC is as follows. curl 'http://172.31.3.2:168/image?name=../../../../proc/self/environ' --output flag. ...

Easy Crack Open IDA and find the check password function (you can use a string to find it). I will put the decompiled function below. int __cdecl sub_401080(HWND hDlg) { CHAR String[97]; // [esp+4h] [ebp-64h] BYREF __int16 v3; // [esp+65h] [ebp-3h] char v4; // [esp+67h] [ebp-1h] memset(String, 0, sizeof(String)); v3 = 0; v4 = 0; GetDlgItemTextA(hDlg, 1000, String, 100); if ( String[1] != 'a' || strncmp(&String[2], Str2, 2u) || strcmp(&String[4], aR3v ...

0x00 Challenge Info A test! Getting onto the team is one thing, but you must prove your skills to be chosen to represent the best of the best. They have given you the classic - a restricted environment, devoid of functionality, and it is up to you to see what you can do. Can you break open the chest? Do you have what it takes to bring humanity from the brink? 0x01 Reconnaissance This challenge is a Python jail (Pyjail). Let’s check the challenge code first. banner = r""" .____ ...

Prologue Fermat’s Little Theorem is quite often seen in the CTF contests, so let’s dive in to this article to know more about it! Math is powerful! Required Knowledge a≡b(modk)⇔k∣(a−b)a\equiv{b}\pmod{k}\Leftrightarrow{k}\mid(a-b)a≡b(modk)⇔k∣(a−b) a≡b(modk)andc≡d(modk)⇔a+c≡b+c(modk)a\equiv{b}\pmod{k}\quad\text{and}\quad c\equiv{d}\pmod{k}\Leftrightarrow a+c\equiv b+c\pmod{k}a≡b(modk)andc≡d(modk)⇔a+c≡b+c(modk) a≡b(modk)andc≡d(modk)⇔ac≡bd(modk)a\equiv{b}\pmod{k}\quad\text{and}\quad c\equiv{d}\pmod ...

0x00 Challenge Info Gotta collect them all. 0x01 Reconnaissance We have a zip file, and after we unzip the file, we got an executable file called HackTheBox CubeMadness1.exe. First, we can run the file to see what’s going on and what is this game about. In this game, we can use left/right arrow to control the white cube (?) and use space to jump, and it also allows jumping in the air. The challenge description said that we should collect all the cubes, but when we try to get all of them by pl ...

Prologue I decided to write this to help myself to better understand the attacks in RSA or other crypto system. And if this can help you, that would be my honor! Also, all the code in this note will in Python since it’s the most used exploit script language in CTFs. Let’s start! Euclidean Algorithm Intro It’s an algorithm to calculate the GCD (Greatest Common Divisor) between 2 numbers, and in Chinese, it’s called 輾轉相除法 BTW. Principles It’s an recursive algorithm, so every step’s output is the i ...

青雲路：關於我們，明道辯論社 非正文 以下為我們當初卸下幹部的職位時，將三年的經驗寫成的文字。為的是給後續的學弟妹參考，同時也希望更多人能理解辯論的真諦。 至今重新閱讀這些文字依然深感當初那三年對我人生的影響之大，故將其抄寫於此。雖然不知道這篇文章或是這份精神能以這樣的形式存在多久，但至少期待自己能把這份記憶安穩地守護著。 前言：辯論？ 辯論，在大多數人眼裡，就是一群人聚在一起吵架。或許是因為臺灣政壇辯論給人的既定印象，也或許是因為這個詞彙本身賦予的感受，以至於大家於辯論有這樣的刻板印象。但真正的辯論，作為說服的藝術，絕不僅僅於「吵架」如此簡單。其實，只用吵架二字形容這項活動，未免過於暴力而扁平。辯論的世界比起常人想像的更佳的精彩與多變，每一道題都是一場思辨之旅；而每一場比賽，都能看見優雅的感性與理性交織之美。 作為明道辯論社的退休幹部，我們想要讓你知道在明道辯論社，你能得到什麼？並且透過這樣的說明，也描繪了辯論比賽的輪廓。如果想要窺探辯論更全面的樣貌，那就來參加明道的辯論社，並且投入比賽吧！ 資料蒐集與分析拆解能力 首先，比賽前，我們需要針對辯題大量蒐集背景資料以及正、反雙方的資 ...

0x00 Challenge Info As a part of our SDLC process, we’ve got our firmware ready for security testing. Can you help us by performing a security assessment? 0x01 Reconnaissance We will get a file called firmware.bin, and we can use binwak to extract the data from the bin file. binwalk -e firmware.bin And the operation will create a directory called _firmware.bin.extracted. So we can go in there and check what is inside. We will find out it’s actually messy in there, that means we cannot easily g ...

Fundamentals of Logic Statements Statements (or propositions) Declarative sentences that are either true or false but not both Primitive statements There is really no way to break them down into anything simpler New statements can be obtained from existing ones in two ways Negation We do not consider the negation of a primitive statement to be a primitive statement The negation statement of ppp is ¬p\neg{p}¬p NOT Compound statements, using the following logical connectives Conjunc ...