マクニカさん主催のMacnica Security Forum2022内で、5/16~5/18の3日間にわたり開催されていたMNCTF Lightに参加しておりました。 ここ数年、開催されてもなかなか参加の時間が取れていなかったんですが、今回は無理やり都合着つけて頑張ってみました。出題…
こんにちは。もうすぐクリスマスですが、みなさまサンタさんへの取次業務(プレゼント発注)は順調に遂行できましたか? 本日の記事は、「オトンとオカンの自分時間捻出術 Advent Calendar 2019」の21日目の記事として書かせていただきます。 adventar.org …
https://redpwn.net I participated in this competition. I solved 2 challenges, and earned 438pts. ■Rot26 (Pwn 50pts) ■Dedication (Forensics 388) ■Rot26 (Pwn 50pts) First of all, I looked the attached file , rot26.c. There is an obvious FSB …
勉強も兼ねて、初めてGitHub上にツールをリリースしました。 Extract-PSImage https://github.com/imurasheen/Extract-PSImage Invoke-PSImage(https://github.com/peewpw/Invoke-PSImage)によってスクリプトが埋め込まれてしまった画像からスクリプトを抽出…
色々と事情があり、最近angrをいじる機会が多いです。 UbuntuとKali上にangrの解析環境を組んでるのですが、CTFの際はメインでWindowsを使うため、Windows上でもangrを使える方が色々と取り回しが楽だな、と考えていました。 ということでTry!! angrの公式…
最近CTFでGhidraやCyberchefを利用します。私はこれらをWindows環境で利用しており、どちらもとても便利なツールなのですが、起動方法に問題が。 Ghidra:インストーラに同梱されているghidraRun.batを叩くCyberchef:ローカルにダウンロードしたCyberchefのHT…
昨年に引き続き、MNCTF 2019@Macnica Networks DAY(@東京コンファレンスセンター・品川)に参加してまいりました 結果としては11問中6問を解き、321ptsで12位でした。 昨年は14位だったので、順位は2つUP⤴⤴ このままいくと6年後には優勝できます。 昨年は14…
It is a continuation of this article. https://imurasheen.hatenablog.com/entry/2019/05/23/000259 Hash [MD5] - 2pts [Rivest Head] - 2pts [NTLM] - 3pt [MD2] - 3pts Potpourri [Brillig] - 3pts [SPQR] - 3pts [No Secrecy Afforded] - 3pts [Swaying…
I solved 21 issues at this competition, but I got only 91 points. Each issues had low score... Encryption&Encoding [Not Encryption] - 3pts [Adapt] - 3pts [Lucky Number] - 3pts [Phonemes] - 3pts [BOTW] - 3pts [A Long-Expected Party] - 3pts …
https://archive.org/web/Search "http://saturn.mn" at WaybackMachine, I got the archive of this site. And I found the archive which saved at February 21st , 2015. I found 3 archives on this day(15:27:16, 17:11:06, 18:42:42). I refered the m…
Our team got 8th place of this competition. We were annoyed by the slowness of the response of the server... According to the title of the issue, I guess it relates to robots.txt.I accessed http://chall.all.mn/robot/robots.txt, then I got …
The attached file is pcap file, and it is the packets of any suspicious communication. I focused about , there are lots of DNS queries. So I suspected DNS tunneling. By using wireshark, filter the packets by this criteria : dns && ip.dst==…
Our team solved all issues of this competition, and we got 3rd place!! The attached file is pcap file. It seems USB capture data. So I processed the capture data by the following procedure. (1)Open the pcap file by Wireshark, and filtered …
After I connect to the server, it requires base64-encoded data. So I send "Bz==" to observe the behavior. The result is following. ****************root@kali:~# nc chal.420blaze.in 42004Give me a file (base64 encoded, followed by a newline)…
I found the broken?? QR codes, but it can't read by my iPhone. Maybe it should be repaired. http://qr.biz/articles/the_structure_of_qr_code/ I reffered the structure of QR code , and I think ->Timing patterns, Alignment patterns are correc…
The attacked image is just a black... I use the Stegsolve.jar to analyze it. So I found the flag image in the lower bit of each color byte. flag is: radar{reverse_color_give_flag}
Open the flag.txt by Text-editor, it seems described only with blanks. Open the flag.txt by Binary-editor.(I like Stirling.) There are two character-code pattern. 0x20 and 0x90. So I replace the character-code as followings. 0x20 -> 0x31(1…
cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRmRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRFRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRkRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRYRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRXRRRRRRRRRRRRRRRRRR…
The attached file is .NET Executable. So analyze this file by using dnspy. I found "flag()" function. It builds two strings like flag format. radar{flagino_flago_flago}radar{flaginoflago} I tried to submit both of them, and the 1st one is …
Maybe the problem is replaced ham-me-baby -> ham-me-baby2 The result is an error despite the execution of the ham-me-baby script. Maybe sometime the CODE which sent from the server is wrong. So I should detect it and it is necessary to sub…
First of all, I decoded it by using GHIDRA!! - main() function has the BoF vulnerability (There are no length check, and it uses gets/puts) - shell() function calls "/bin/sh". So the tactic is, overwrite the return-address by the address o…
The attached file contains Disk Image file (.img). So I open it by using "FTK Imager Lite". And I search the deleted file on the image,,,, finally I found the PNG file which contains the flag. flag is: encryptCTF{alw4ys_d3lete_y0ur_f1les_c…
There is no description, maybe I should check the information from organizer. So I access to the official Discord channel of this CTF. I found the flag in the pinned post. flag is: encryptCTF{L3t5_H4CK}
CTFでは32bit ELFを解析する機会も多く、32bitの解析環境を準備せねば、 と思っていたので、Kaliのi386版を準備することにしました。 https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ ここから Kali Linux Vm 32 Bit 7…
(1)First of all, extract the blink.apk by using 7zip.(2)Check the extracted files. I found classes.dex. (3)Get the dex2jar from following site. https://jaist.dl.sourceforge.net/project/dex2jar/dex2jar-2.0.zip (4)Convert classes.dex to jar …
Open thekey.pcapng by WireShark, I found the capture of USB inputs. Maybe it contains the capture data of USB device when make the flag.txt. Little guessing,,,the "most frequent input source" would be the input device which used to make th…
VMWare Workstation Proは高いです。定価だと30877円(税込み)。 安く買うためにはキャンペーンを利用するしかないです。 Black Fridayでメール会員限定で45%オフというのが最大の割引率のようです。 その時に迷った挙句買わなかったのが今になって悔やまれ…
Lenovoのクリスマスセールで注文してたThinkpad X1 Carbon 6th gen。 年末に到着していたものの帰省中で受け取れず、年明けにようやく我が家にやってきました。 ■Thinkpad X1 Carbonにした理由 まず購入を決断した原点は、今のラップトップ(NEC Lavie LS350…
一応時間の許す限りPCに向かうようにはしていたんですが、なかなかフラグを取れない日々が続いていました。今回、久々に自力でフラグゲットできてスッキリ。 We manage to collect a dump from Batou's computer. Try to find info/notes that can help us …
MNCTF 2018@Macnica Networks DAY(@東京コンファレンスセンター・品川)に参加してまいりました 結果としては14問中10問を解いて14位でした。 LibreOfficeがウントモスントモ言わなくなるトラブルさえなければもうちょい行けたと思ってます(←言い訳) とい…
