SHA2017 CTF – web 300 write-up

Another challenge written by me was the Web 300 – Eindbazen Election challenge running on https://vote.stillhackinganyway.nl/. This page contains a ranking of all Eindbazen members, a link to the Android voting software and a QR code.

I wrote this challenge, because we had all those cool images created by Thice and because Dutch election software is apparently broken. So I decided to create my own safe election software.

The goal of the challenge is to figure out how the Android application is talking to the website and to see if we can use that to get more information from the database or gain access to the website.

(more…)

SHA2017 CTF – web400 write-up

I created several challenges for SHA2017 CTF. One of them was the web400 ‘A View of Holland‘ challenge, a web challenge featuring an image gallery with some nice images from Holland. I always try to create challenges which give a clear idea of what you should do. The challenge may be challenging, but it shouldn’t be a needle in a haystack. There were 2 solves of this challenge, so I succeeded in the challenging part and reading the write-up of ESPR I see that they followed the intended solution till the brute-forcing of the mt_rand seed.

This post will contain the write-up of the intended solution of this challenge.

(more…)

Solving the Cyberlympic Pwnable WGZLiveLabsTrivia

This year I competed for the first time in the Cyberlympics contest. This year it was created by warl0ckgam3z. Our 4-man team managed to get to the third round in Europe, but we wasted too much time on some challenges and were beaten by two of last years finalists. One of the challenges in round3 was a pwnable named WGZLiveLabsTrivia. I didn’t solve it during the contest, but the day after and still wanted to write about it. So sorry about the delay. but here finally is the write up. (Also the team, that did solve this during the contest, used the same principle).

(more…)

Cybercrime Challenge 2014

Dit jaar heb ik meegedaan aan de Cybercrime Challenge: Operation High Impact van Team High Tech Crime van de Nationale Politie (ontwikkeld in samenwerking met Tweakers en QCSEC). Mijn dank voor de leuke uitdaging!

Dit deed ik niet onverdienstelijk, was als 4e klaar met het digitale pad (waar Dmitry als eerste klaar was), en als 1e die het tactische pad had opgelost en dus ook beide paden.

2e plek Cybercrime Challenge
2e plek Cybercrime Challenge

Ik was de tweede in snelste tijd, moest alleen Crypto Sjon voor me dulden. (Screenshot is ten tijde van het schrijven van deze blogpost. Inmiddels zijn de antwoorden online te vinden en worden mensen dusdanig gehint dat een snelle tijd halen erg makkelijk is).

Hieronder een omschrijving van alle challenges en hoe ik het opgelost heb. (Sommige challenges maken gebruik van social media, kan zijn dat deze niet meer beschikbaar zijn, alle downloadbare content heb ik gemirrored).
(more…)