MozillaCTF Write-Up SecureFileLock (250)

January 27, 2012

This very secure locking mechanism encloses files and only gives them to you when you know the passphrase. Find it and you will have the flag. Ok, let’s see. It’s a 64bit ELF binary, which means no easy “Press F5 in IDA”. Let’s run it Ok, let’s see what it does in strace if we enter […]

0

MozillaCTF Write-Up Buoy (250)

January 27, 2012

Get access to the system of the communication buoy (pwned feds, international waters) and steal the private key that is located in /home/buoy/private.key It might help you that our intelligence has found the source code. Looking at the source, we see that there should be a way to register using /?m=register – it is however disabled. So, we […]

0

MozillaCTF Write-Up Kill the Kraken (200)

January 27, 2012

The description states The kraken is an evil creature that needs to be put down. So, we found that there is a user called kraken in Spark. Killing the kraken probably means deleting the account. How can we delete an account? Yes, we can generate the recovery token if we know the e-mail address. But […]

0

MozillaCTF Write-Up Things long forgotten (200)

January 27, 2012

The description to the challenge was given as: Find something the developer forgot about. So, we are looking for something that was not meant to be on the website. As we know from experience, typically things aren’t removed from the HTML source but just commented out. So, let’s look at the website’s source – oh […]

0

MozillaCTF Write-Up Underwater Camouflage (250)

January 27, 2012

One of the challenges in MozillaCTF was to determine the way of how the Password Recovery Token was generated. There’s something fishy about the generation of recovery token. Find out how to generate them for other accounts! The token could be viewed directly after logging in and looking at the user details. To gather some […]

0
Get Adobe Flash player