Thoughts, writeups, and experiments in cybersecurity and coding
The challenge involves a network service that encrypts data using a combination of RSA and AES-CBC. It reveals vulnerabilities primarily in the AES layer, allowing for a Padding Oracle Attack. An exploit script successfully decrypts the ciphertext and retrieves the flag: ENO{Y4y_a_f4ctor1ng_0rac13}.
Category: Cryptography Difficulty: Medium 1. Challenge Overview The challenge provides a Python script and a remote service. Upon connecting, the server encrypts a hidden flag using a custom scheme and then acts as an oracle, allowing us to encrypt any hex-encoded message of our choice. The core of the encryption lies in a linear transformation … Read more
Category: Crypto / Reverse Difficulty: Easy/Medium 1. Challenge Overview Upon connecting to the server, I was greeted with two integers. Looking at the provided source code, chall.py, I saw that the program takes a secret flag, converts it into a large integer, and then passes it through a function called reduce(a, f) using a random … Read more
Category: Misc (DNS / Recon) Difficulty: Medium 1. Challenge Overview The challenge provided a DNS server at 52.59.124.14:5054 for the domain flag.ctf.nullcon.net. The author hinted that the flag was hidden and challenged me to “show that I know all about DNS.” 2. Vulnerability Analysis Step 1: Initial Reconnaissance I started by checking for the flag … Read more
Category: Web / Misc Difficulty: Easy/Medium 1. Challenge Overview The challenge presented a “BillSplitter Lite” web application. The application allows users to input names and expense amounts, which it then calculates to settle debts. The prompt mentioned an “administrative fee” of 0.01 that was somehow hidden in the “extremely advanced math” of the calculation. 2. … Read more
Category: Misc Difficulty: Easy 1. Challenge Overview The challenge provides a single README.md file containing what appears to be a solitary emoji: 💯. However, when looking at the file metadata or simply clicking and dragging over the text, it becomes clear that there is a significant amount of “invisible” data trailing the emoji. We are … Read more
Category: Web Difficulty: Medium 1. Challenge Overview The challenge presents a web service called Virus Analyzer. The UI is sleek and professional, mimicking a security tool. It invites users to upload a .zip archive, which it promises to extract and analyze for malicious content. Upon visiting the site, I noticed there was no source code … Read more
Challenge Overview A dice-based gambling game where you start with $800 and need to reach $10,000 to buy the flag. The game allows you to: Key Files The Vulnerability Provably Fair System Gone Wrong The game implements a “provably fair” dice system where: The Critical Flaw Python’s random module uses the Mersenne Twister (MT19937) PRNG, … Read more
1. Introduction We are tasked with analyzing a packet capture (final.pcapng) for Team K\&K. They suspect data is being stolen. Our job is to find out what was taken and retrieve the flag. 2. identifying the Exfiltration (The “What”) The first step is to filter the noise. Since most data theft happens over the web, … Read more
Can you help Han Shangyan win the lottery? We are provided with a Bash script that simulates a lottery game. Here is the source code: The Vulnerabilities There are two distinct vulnerabilities that, when chained together, allow for Remote Code Execution (RCE). A. Regex Bypass The script attempts to validate the input using a Regular … Read more