Categories
hexionCTF 2020 Reverse Engineering

“PIL”

A BMP image and C# bytecode file are provided. One of my teammates used a decompiler from JetBrains to recover the original C# program. See here: https://pastebin.com/aHMP04xj I wrote a python program to emulate what the C# program does, since I don’t know C# and didn’t want to have to keep checking the docs to […]

Categories
hexionCTF 2020 Reverse Engineering

“Nameless”

Challenge Problem : “Strip my statically linked clothes off” The given executable is statically linked and stripped which means reversing will be a bit tougher. However, “main” isn’t too complicated and so we’ll be able to guess what functions are used. Unique disassembled functions from top to bottom: syscall with eax=0xc9 (time syscall) – time. […]

Categories
hexionCTF 2020 Miscellaneous

“T&J”

We are given jerry.pcapng, which is a pcap of USB mouse movement. (This took my team and I way longer to figure out than it should have, given that Jerry from Tom and Jerry is a mouse.) My team found a script at https://github.com/WangYihang/UsbMiceDataHacker which I used. The script had to be ported from python2 […]

Categories
hexionCTF 2020 Miscellaneous

“Hmmm”

Problem Description : 🤔Note: anime girl isn’t the flag In this problem, we are given a file called “hmmm”. First, lets try to execute it. As you can see on the left, this is the image that the file prints. Lets take a closer look into the actual file. You can open it up in […]

Categories
hexionCTF 2020 Miscellaneous

“Mirage”

In the website, we are given some nonsense text and a text area to type into. Typing into the text area, you can quickly realize what you type in is not what is displayed. Inspecting the source, you realize that this is due to a .ttf font file. From there, just convert the displayed font […]

Categories
hexionCTF 2020 Reverse Engineering

“Serial Killer”

In the Serial Killer challenge, you are given a GameBoy ROM and need to extract the flag from it. To make debugging this ROM easier, we will use the gameboy emulator BGB which has great debugging abilities and runs well under wine. Here’s what we’re greeted with upon starting the ROM: If you’re familiar with […]

Categories
hexionCTF 2020 Reverse Engineering

“Wannasmile 1”

For the first part of Wannasmile, we need to get the ./wannasmile program on hexionCTF’s shell server to give us a flag. We are given a version of this executable with the flag stripped out, and are not given read permissions to the real version of the program. Looking at radare2’s graph-view disassembly for this […]

Categories
hexionCTF 2020 Web Exploitation

“Notes”

Taking a look at the website, it seems simple enough. You type in text, hit the “Create” button, and it renders the text below. Let’s probe for Flask injection: Interesting. At first glance it may look as if Flask injection won’t get anywhere. But as with any web challenge, we should look at the source, […]

Categories
hexionCTF 2020 Web Exploitation

“Well Known”

Problem Description : Well… it’s known (: https://wk.hexionteam.com As you can see, we are given a 404 page. The first thing that I did when solving this problem was checking the web page for any additional hidden elements. I saw that there was a xml file, so I added “/sitemp.xml” after the original “wk.hexionteam.com” url. […]

Categories
Cryptography hexionCTF 2020

“Really Smart Acronym”

Really Smart Acronym, of course, is RSA. Looking at the code, it uses PyCrypto to generate a RSA key to encrypt the flag. You also get one encryption and 1024 decrypts, but you only get the last bit of the decrypts. At first I thought it could be Franklin-Reiter related-message attack, but there is not […]