The "Whatta Man" challenge under the "Reverse Engineering" category of the ZeroDays Capture the Flag 2018 event got me quite confused probably because I got intimidated by those system calls presented in the debugger. So to start with, the challenge description went as follows:
OK ladies lets hear it for Khal Drogo
First was the need to check what the file was:
Another 64-bit ELF here which means the debugger has to be 64-bit too! Apart from doing the initial investigation on the file format, doing the "strings" command to extract strings in the executable gave an output of:
Looking at the above picture doesn't give us any flag so the next step would be running the program to get an idea of how it works before using a debugger to do some assembly language review:
Getting another opportunity to become part of a hall of fame for security related contributions is pretty cool and this was because of a very simple bug which was not noticed during the development of the system. Last time I saw this kind of issue was a few months ago when I was working on a back-end system for a client and finding this again on another website basically means that it's probably common out there.
During my initial non-intrusive information gathering, I found a lot of API links which made me test them for some basic responses and they seemed pretty secure until I opened the console of Chrome. After noticing that the APIs were throwing console logs, I visited a few pages and guess what popped up? It was the password hash!
This happened when the page "Account Se...
This client-side script had pretty interesting information that led me to read each block until I found a function that was possibly deprecated due to its function name having the word "old". When I extracted the URL and visited it manually, it was actually responsive leading me to some kind of a job order https://recycle.ext.hp.com/index.php?process=print&type=order&target=20 (This obviously won't work now because it has been fixed...
The "JonSnow" challenge under the “Reverse Engineering” category of the ZeroDays Capture the Flag 2018 event was pretty interesting as it took me some time to realize what was obvious. So to start with, the challenge description went as follows:
You know the flag?
Tell me what you know Jon Snow?
The first thing to see was what the file was by using the command "file":
When I saw that this was a 64-bit ELF, I knew that I won't be able to play around because I was using a 32-bit Kali during the event! Talk about not being prepared. So, here I am, not being able to sleep soundly just like my OSCP days because an unsolved challenge gave me nightmares. The only thing that I was able to do apart from the "file" command was using "strings" but it honestly did not make sense: