SHA2017 CTF – web 300 write-up

Another challenge written by me was the Web 300 – Eindbazen Election challenge running on https://vote.stillhackinganyway.nl/. This page contains a ranking of all Eindbazen members, a link to the Android voting software and a QR code.

I wrote this challenge, because we had all those cool images created by Thice and because Dutch election software is apparently broken. So I decided to create my own safe election software.

The goal of the challenge is to figure out how the Android application is talking to the website and to see if we can use that to get more information from the database or gain access to the website.

(more…)