May 2018 – NandTech

May232018 by Nathu1 Comment

ZeroDays CTF 2018 – “Whatta Man” Challenge

The "Whatta Man" challenge under the "Reverse Engineering" category of the ZeroDays Capture the Flag 2018 event got me quite confused probably because I got intimidated by those system calls presented in the debugger. So to start with, the challenge description went as follows: OK ladies lets hear it for Khal Drogo First was the need to check what the file was: Another 64-bit ELF here which means the debugger has to be 64-bit too! Apart from doing the initial investigation on the file format, doing the "strings" command to extract strings in the executable gave an output of: Looking at the above picture doesn't give us any flag so the next step would be running the program to get an idea of how it works before using a debugger to do some assembly language review: ...

May152018 by NathuNo Comments

Trovisio Responsible Disclosure – Password Hash Leakage

Security, Vulnerabilities

Getting another opportunity to become part of a hall of fame for security related contributions is pretty cool and this was because of a very simple bug which was not noticed during the development of the system. Last time I saw this kind of issue was a few months ago when I was working on a back-end system for a client and finding this again on another website basically means that it's probably common out there. During my initial non-intrusive information gathering, I found a lot of API links which made me test them for some basic responses and they seemed pretty secure until I opened the console of Chrome. After noticing that the APIs were throwing console logs, I visited a few pages and guess what popped up? It was the password hash! This happened when the page "Account Se...

May22018 by NathuNo Comments

HP Responsible Disclosure – Information Leakage

Security, Vulnerabilities

After finding a security issue from the website of Asus, I started wandering through a list of tech giants and I ended up seeing information that wasn't meant to be seen by the public eyes. Hewlett-Packard or popularly known as "HP" had some information leakage on their website "recycle.ext.hp.com" which I discovered by reading a Javascript file. This client-side script had pretty interesting information that led me to read each block until I found a function that was possibly deprecated due to its function name having the word "old". When I extracted the URL and visited it manually, it was actually responsive leading me to some kind of a job order https://recycle.ext.hp.com/index.php?process=print&type=order&target=20 (This obviously won't work now because it has been fixed...

May12018 by NathuNo Comments

ZeroDays CTF 2018 – “JonSnow” Challenge

Capture The Flag, Security

The "JonSnow" challenge under the “Reverse Engineering” category of the ZeroDays Capture the Flag 2018 event was pretty interesting as it took me some time to realize what was obvious. So to start with, the challenge description went as follows: You know the flag? Tell me what you know Jon Snow? The first thing to see was what the file was by using the command "file": When I saw that this was a 64-bit ELF, I knew that I won't be able to play around because I was using a 32-bit Kali during the event! Talk about not being prepared. So, here I am, not being able to sleep soundly just like my OSCP days because an unsolved challenge gave me nightmares. The only thing that I was able to do apart from the "file" command was using "strings" but it honestly did not make sense: