2019-04-05から1日間の記事一覧
I found the broken?? QR codes, but it can't read by my iPhone. Maybe it should be repaired. http://qr.biz/articles/the_structure_of_qr_code/ I reffered the structure of QR code , and I think ->Timing patterns, Alignment patterns are correc…
The attacked image is just a black... I use the Stegsolve.jar to analyze it. So I found the flag image in the lower bit of each color byte. flag is: radar{reverse_color_give_flag}
Open the flag.txt by Text-editor, it seems described only with blanks. Open the flag.txt by Binary-editor.(I like Stirling.) There are two character-code pattern. 0x20 and 0x90. So I replace the character-code as followings. 0x20 -> 0x31(1…
cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRmRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRFRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRkRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRYRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRXRRRRRRRRRRRRRRRRRR…
The attached file is .NET Executable. So analyze this file by using dnspy. I found "flag()" function. It builds two strings like flag format. radar{flagino_flago_flago}radar{flaginoflago} I tried to submit both of them, and the 1st one is …
Maybe the problem is replaced ham-me-baby -> ham-me-baby2 The result is an error despite the execution of the ham-me-baby script. Maybe sometime the CODE which sent from the server is wrong. So I should detect it and it is necessary to sub…
First of all, I decoded it by using GHIDRA!! - main() function has the BoF vulnerability (There are no length check, and it uses gets/puts) - shell() function calls "/bin/sh". So the tactic is, overwrite the return-address by the address o…
The attached file contains Disk Image file (.img). So I open it by using "FTK Imager Lite". And I search the deleted file on the image,,,, finally I found the PNG file which contains the flag. flag is: encryptCTF{alw4ys_d3lete_y0ur_f1les_c…
There is no description, maybe I should check the information from organizer. So I access to the official Discord channel of this CTF. I found the flag in the pinned post. flag is: encryptCTF{L3t5_H4CK}
