Posts

Dragon CTF 2021 Rev - `Run of the Mill` write-up

Image
This is a write-up for Reverse engg chall -> `Run of the Mill` in DragonCTF 2021 [*]-challenges     [+] (Rev - 202 pts/42 solves) Run of the Mill Our Team Water Paddler got 7 th position in `DragonCTF 2021`. Run of the Mill Given a executable, seems to be constructed directly from the assembly (Only entry0 function). Takes an input (flag), make operations on that input bytes and finally compare those input bytes with the stored 64 bytes, if equal -> prints "Well Done" Goal is to recover the flag based on operations (encryption), and final bytes. But manual analysis on those operations is very difficult (nearly 7.5k+ instructions for those operations) Analyzing the problem One of my teammate mentioned that, even though instructions are many, opcodes used are very less `['ror', 'xor', 'mov', &#

K3RN3L CTF 2021 Rev - `Recurso & Rasm ` writeups

Image
This is a write-up for Reverse engineering challenges in K3RN3LCTF 2021 based on VM Concept using Recurso Language [*]-challenges     [+] (Rev - 500 pts) Recurso ( First Blood )     [+] (Rev - 500 pts) Rasm (After CTF) Our Team zh3ro ended up at 9 th position in `K3RN3LCTF - 2021`. These Reverse engineering challs are interesting -> Both are based on one vm only (Recurso), different compiled scripts . (leFlag.recc , rasm.recc) Recurso Given a Recurso Execuatable which can compile, run recurso sccrips. And a leFlag.recc (a recurso compiled file) containing a flag checking logic, can be run by given Recurso executable. The Goal of the challenge is to get the flag checking logic in leFlag.recc and steal flag Decompile and Analyse -> Recurso First we have to get to know about how the Recurso is running this byte code in order to get the logic of le

BugPoC's LFI challenge writeup

Image
This is a write-up for an LFI Challenge by `BugPoC`, Buggy Social Media sharer (social.buggywebsite.com) that popped out on Twitter recently ( link ) This is a website for writing a text (post), for which website generates several links to post it in different social media platforms. As common it supports the URL card generating using API server. Which then leads to SSRF, then to LFI. Buggy Social Media sharer Given a website : http://social.buggywebsite.com/ The Goal of the challenge is to achieve LFI and steal /etc/passwd It's a striaght forwarding challenge, by going through the Js, we can see URL card generating functionality function processUrl(e) { requestTime = Date.now(), url = "https://api.buggywebsite.com/website-preview"; var t = new XMLHttpRequest; t.onreadystatechange = function() { 4 == t.readyState && 200 == t.status ? (response = JSON.parse(