Monthly Archives May 2016

According to the challenge text this was a re-implemented challenge first seen at the AISA 2015 CTF. Since that was an onsite event I had not seen or heard of it before. So I approached it as a new challenge. The challenge consists of a file called unbreakable-2.0.tar.gz which when we download, unpacks to three files: [shell] root@kali:~/auscert/unbreakable# tar xvf…

Guest post by team member 0pc0d3 today, thanks Opc0d3 damn that name is hard to type. Firstly, we check the firewall. However, the URL does not resolve to an address. So let's have a look at the documents and manuals that the angry admin backed up. Unpacking it, we can see that the document allows us to identify the firewall…

Cool challenge this one based on an interesting article published recently. We're given the following clue The link takes us to a ordinary looking "File Upload Challenge" website but this one has a difference under the hood. A brief recon gives us the following links in robots.txt: User-Agent: * Disallow: / Disallow: /debug.php Disallow: /cache Disallow: /uploads Visiting debug.php we…

Really quick writeup while I remember. The clue consists of a pcap only. The pcap contains USB packet captures. We identify the type of USB device by using the vendor ID and the product ID which are announced in one of the types of USB packets. root@kali:~/google/for/for2# tshark -r usb.pcap -T fields -e usb.bus_id -e usb.device_address -e usb.idVendor -e usb.idProduct…

Here's something new for my blog. I finally tackled a mobile challenge. In the past I basically ignored them or at most, decompiled them to Java source and did a little fiddling. No way, not anymore, time to tackle one! There is no clue really, just the APK named illintentions.apk. We download and do all the normal APK style things…

Close