devel0pment.de – Page 2 – software, offensive security research

1. July 20191. July 2019

Google CTF 2019 (Quals) – Quantum Key Distribution

This years online qualification for the Google Capture The Flag finals (ctftime.org) ran from 22/06/2019, 00:01 UTC to 23/06/2019 23:59 UTC.

As last year, there were plenty of diversified challenges, which were worked out very well.

I tried to take at least a look at as much challenges as possible and solved the challenge Quantum Key Distribution, which was relatively easy based on the amounts of solves. Within this article I want to share my writeup on this challenge.

The writeup is divided into the following sections:

Challenge description
BB84 protocol
Source code
Outlined process
Solution

12. June 201912. June 2019

Hacky Easter 2019 writeup

As every year hacking-lab.com carried out the annual Hacky Easter event with 27 challenges. As usual the variety of the challenges was awesome. I actually got full score this year 🙂 Many thanks to daubsi, who gave me a nudge once in a while on the last challenges (you can find his writeup here).

	Easy
01 Twisted 02 Just Watch 03 Sloppy Encryption 04 Disco 2 05 Call for Papers 06 Dots 07 Shell we Argument 08 Modern Art 09 rorriM rorriM
	Medium
10 Stackunderflow 11 Memeory 2.0 12 Decrypt0r 13 Symphony in HEX 14 White Box 15 Seen in Steem 16 Every-Thing 17 New Egg Design 18 Egg Storage
	Hard
19 CoUmpact DiAsc 20 Scrambled Egg 21 The Hunt: Misty Jungle 22 The Hunt: Muddy Quagmire 23 The Maze 24 CAPTEG
	Hidden
25 Hidden Egg #1 26 Hidden Egg #2 27 Hidden Egg #3

31. March 201931. March 2019

VolgaCTF 2019 Qualifier – Blind

The VolgaCTF 2019 Qualifier (ctftime.org) took place from 29/03/2019, 15:00 UTC to 31/03/2019 15:00 UTC.

There has been a really interesting RSA crypto challenge called Blind, which I would like to share with you in this writeup.

The article is divided into the following sections:

→ Challenge description
→ What does the script do?
→ Blind RSA Signature
→ Retrieving the Flag

Continue reading “VolgaCTF 2019 Qualifier – Blind”

3. February 20193. February 2019

nullcon HackIM 2019 – babypwn

The nullcon HackIM 2019 CTF (ctftime.org) ran from 01/02/2019, 16:30 UTC to 03/02/2019 04:30 UTC.

I did the pwn challenge babypwn, which was really fun to do. The following article contains my writeup being divided into the following sections:

→ Challenge description
→ Security mechanisms and disassembly
→ Signedness vulnerabilitiy
→ Format string vulnerabilitiy
→ Final exploit

Continue reading “nullcon HackIM 2019 – babypwn”

2. February 20192. February 2019

Hack The Box – Dab

This article contains my first writeup on a machine from Hack The Box. If you have not checked out Hack The Box yet, I really suggest you do. Aside from providing classical CTF-style challenges, the plattform hosts plenty of vulnerable machines (boxes), which are supposed to be exploited. The boxes tend to be geared to realistic scenarios and are thus an awesome opportunity to increase your own pen testing skills.

In order to prove the exploitation of a machine, there are two different flag files stored on each machine. The first one to acquire is a file called user.txt, which can be read by a low privileged user. The next step after initially exploiting the machine is to escalate privileges gaining access to an administrative user (root access). With this high privileged user a second file called root.txt can be read. Both files contain a flag (an md5sum), which is supposed to be submitted on the Hack The Box website rewarding you with the corresponding points for this machine.

According to those two steps/files the article is divided into the following sections:

→ User
    – Port Scan
    – FTP (Port 21)
    – SSH (Port 22)
    – HTTP nginx (Port 80)
    – HTTP nginx (Port 8080)
    – Back to SSH

→ Root
    – Initial Enumeration
    – SUID binaries
    – myexec
    – libseclogin.so
    – myexec’s password
    – ldconfig
    – Compile own shared Library

Continue reading “Hack The Box – Dab”

27. January 201927. January 2019

Codegate CTF 2019 Preliminary – KingMaker

The Codegate CTF 2019 Preliminary (ctftime.org) ran from 26/01/2019, 00:00 UTC to 27/01/2019 00:00 UTC.

Within this article I want to share my quick writeup on the challenge KingMaker.

Continue reading “Codegate CTF 2019 Preliminary – KingMaker”

1. January 20194. January 2019

HACKvent18 writeup

For the sixth time in a row now hacking-lab.com carried out the annual HACKvent. Each day from the 1st of december until the 24th a new challenge is published. I would have loved to spend more time on it, but time is a rare resource especially on the days before christmas 😉 After all I managed to solve 21 of 24 tasks:

	Easy
Day 01: Just Another Bar Code Day 02: Me Day 03: Catch me Day 04: pirating like in the 90ies Day 05: OSINT 1 Day 06: Mondrian Day 07: flappy.pl
	Medium
Day 08: Advent Snail Day 09: fake xmass balls Day 10: >_ Run, Node, Run Day 11: Crypt-o-Math 3.0 Day 12: SmartWishList Day 13: flappy’s revenge Day 14: power in the shell
	Hard
Day 15: Watch Me Day 16: Pay 100 Bitcoins Day 17: Faster KEy Exchange Day 18: Be Evil Day 19: PromoCode Day 20: I want to play a game Day 21: muffinCTF (Day 1) Day 22: muffinCTF (Day 2) Day 23: muffinCTF (Day 3)
	Final
Day 24: Take the red pill, take the blue pill

Continue reading “HACKvent18 writeup”

14. August 201814. August 2018

Heap Exploitation: Off-By-One / Poison Null Byte

The goal of this article is to explain in detail how an off-by-one vulnerability on the heap also known as poison null byte can be exploited. Although this technique does not work with the latest libc, I think it can be used very good in order to demonstrate how exploits based on heap-metadata corruption work (also check out shellphish’s how2heap).

In order to do this I created a vulnerable program, which we will use as an example to create such an exploit. If you like to, you can start by analyzing and exploiting the program on your own (at least check out Environment):

–> heap.zip

Though it is not required to the exploit the program, the source-code might be helpful:

–> heap.c

The article is divided into the following sections:

–> Environment
–> Vulnerable Program
–> Heap Basics
–> Libc-Leak
–> Control Instruction Pointer
–> One Gadget
–> Final Exploit

Continue reading “Heap Exploitation: Off-By-One / Poison Null Byte”

15. July 2018

Meepwn CTF Quals 2018 – babysandbox

The Meepwn CTF Quals 2018 (ctftime.org) ran from 13/07/2018, 19:00 UTC to 15/07/2018 19:00 UTC.

There were a lot of interesting-looking challenges. As always, time was the limiting factor 😉 I managed to spend 2 hours on saturday morning solving the pwn challenge babysandbox.

Continue reading “Meepwn CTF Quals 2018 – babysandbox”

1. July 2018

Google CTF 2018 (Quals) – writeup JS safe 2.0

The qualifications for the Google Capture The Flag 2018 (ctftime.org) ran from 23/06/2018, 00:00 UTC to 24/06/2018 23:59 UTC.

The CTF was worked out very well. There have been plenty of interesting and creative challenges.

This time I decided to focus on the category web and managed to solve the challenge JS safe 2.0, which was the easiest one of the web-challenges based on the amount of solves. Nevertheless it really took my some time to dodge all the pitfalls I stumbled upon while solving the challenge.

Continue reading “Google CTF 2018 (Quals) – writeup JS safe 2.0”