Another challenge written by me was the Web 300 – Eindbazen Election challenge running on https://vote.stillhackinganyway.nl/. This page contains a ranking of all Eindbazen members, a link to the Android voting software and a QR code.
I wrote this challenge, because we had all those cool images created by Thice and because Dutch election software is apparently broken. So I decided to create my own safe election software.
The goal of the challenge is to figure out how the Android application is talking to the website and to see if we can use that to get more information from the database or gain access to the website.
I created several challenges for SHA2017 CTF. One of them was the web400 ‘A View of Holland‘ challenge, a web challenge featuring an image gallery with some nice images from Holland. I always try to create challenges which give a clear idea of what you should do. The challenge may be challenging, but it shouldn’t be a needle in a haystack. There were 2 solves of this challenge, so I succeeded in the challenging part and reading the write-up of ESPR I see that they followed the intended solution till the brute-forcing of the mt_rand seed.
This post will contain the write-up of the intended solution of this challenge.