[Network] Sha2017 – Abuse Mail (300)

August 7, 2017August 9, 2017 kinyabitch Sha2017

Abuse Mail (300) - 62 solves Our abuse desk received an mail that someone from our network has hacked their company. With their help we found some suspected traffic in our network logs, but we can't find what exactly has happened. Can you help us to catch the culprit? abusemail.tgz 233b7cb7f8113baca2f8d29d74105887 we have 3 capture … Continue reading [Network] Sha2017 – Abuse Mail (300)

[Web] Bugs Bunny CTF – LQI_X 140

August 2, 2017August 2, 2017 kinyabitch CTF Trend Micro Online Qualifier 2016

LQI_X 140 Its for your , login and get all you need task : http://34.253.165.46/LQI_X/ Author: TnMch We have login form so lets start by doing some tests with curl at the GET parameter username: Nothing seems to be Changing lets try with password: Wow a custom error message? they must be filtering some characters … Continue reading [Web] Bugs Bunny CTF – LQI_X 140

[Reverse] BugsBunny CTF – Rev75

Image August 1, 2017August 1, 2017 kinyabitch Bugs Bunny CTF

rev100 100 Find me faster ! Author: Aymen Borgi At first by checking the main function we can observe that it leads us to nowhere either gives us the strings "bad password" or "good but no flag for you hihihi xD" if we gave the right password which could be found simply by debugging and … Continue reading [Reverse] BugsBunny CTF – Rev75

[Reverse] Bugs Bunny CTF – Rev100

July 31, 2017July 31, 2017 kinyabitch CTF Trend Micro Online Qualifier 2016

Starting to open our executable file on IDA: There is some weird shit going around but we can see a function i_am_debugged() which leads you to exit the program if you running the program on a debugger like gdb or even IDA, there is alot of calls as you can see in the assembly code … Continue reading [Reverse] Bugs Bunny CTF – Rev100

[Reverse] – Bugs Bunny CTF – Rev 50

July 31, 2017July 31, 2017 kinyabitch CTF Trend Micro Online Qualifier 2016

only guess 50 Reverse Engineering ... ooh no need ! put the right password between Bugs_Bunny{...} Author: Aymen Borgi Starting by Executing the file: Using the ida pro to check all the strings in the program we can see there were alot of them so we can't really guess which one is it without analysing … Continue reading [Reverse] – Bugs Bunny CTF – Rev 50

[Web] Bugs Bunny Ctf – Web 100

July 31, 2017July 31, 2017 kinyabitch Bugs Bunny CTF

Web100 100 My secure system is secure even you have my code http://52.53.151.123/web/web100.html This one was fairly easy the first thing that showed up on the web page was a http auth which was asking for a password my first thought was to bruteforce the password but first I checked up the website executing the … Continue reading [Web] Bugs Bunny Ctf – Web 100

[Web Summit] How I owned the submission discount codes at websummit lisbon

November 21, 2016 kinyabitch Web Vulnerabilities

There was a contest to win discount codes to get access to web summit center stage conferences which I managed to win one and I immediately find something strange about those discount codes: Code example: WSCT17014e You can find some patterns here like the first 4 letters I suspected that they were present in all … Continue reading [Web Summit] How I owned the submission discount codes at websummit lisbon