This very secure locking mechanism encloses files and only gives them to you when you know the passphrase. Find it and you will have the flag. Ok, let’s see. It’s a 64bit ELF binary, which means no easy “Press F5 in IDA”. Let’s run it Ok, let’s see what it does in strace if we enter [...]
Get access to the system of the communication buoy (pwned feds, international waters) and steal the private key that is located in /home/buoy/private.key It might help you that our intelligence has found the source code. Looking at the source, we see that there should be a way to register using /?m=register – it is however disabled. So, we [...]
The description states The kraken is an evil creature that needs to be put down. So, we found that there is a user called kraken in Spark. Killing the kraken probably means deleting the account. How can we delete an account? Yes, we can generate the recovery token if we know the e-mail address. But [...]
The description to the challenge was given as: Find something the developer forgot about. So, we are looking for something that was not meant to be on the website. As we know from experience, typically things aren’t removed from the HTML source but just commented out. So, let’s look at the website’s source – oh [...]
One of the challenges in MozillaCTF was to determine the way of how the Password Recovery Token was generated. There’s something fishy about the generation of recovery token. Find out how to generate them for other accounts! The token could be viewed directly after logging in and looking at the user details. To gather some [...]
/ 
/ 