Eric's Thoughts

As I haven't posted for a long time and now participated in the Insomni'hack 2024 CTF, I thought I write about the challenge "award", which I thought was quite interesting. After solving another easy challenge, I spent pretty much the entire night of the CTF on it, but only finished the next day, when the CTF was already over. Given was a binary. If you want to follow-along, you can find the binary here  (encoded as base64 with added line breaks). Additionally, there was given an nc command to run that remote, so the binary was only for analysis of what runs on the remote side. So the analysis and decompilation of the binary could be easily done in any of the usual tools. I used Binary Ninja , as I have a license for it and it's not that expensive. I spent quite some time in setting the right variable names etc. The decompiled code looks like this: Decompiled Code Note: There were also stack cookies in the main function added by the compiler, but that code has be...

I participated at the Insomni'hack CTF 2019 with some colleagues. One of the challenges that we solved was the phpain challenge. I'd like to give a description here and explain how I solved it. This was one of the easiest challenges that most teams solved. Given was a network IP address and the source code of the page. With this information you can also try to solve it. So I downloaded the source code, which was PHP and I just found this obfuscated code, when opening it in Notepad: View of source code in Notepad So as you can see, this is nicely obfuscated code. As I was working on Windows, I suspected that the file endings were note working, so I opened it in Visual Studio: Opening the obfuscated file in Visual Studio My first idea was to manually de-obfuscate this. But given the size of the file, that idea was quickly discarded. Also, I wanted to try out how this works, because I was not used to PHP. The first statement probably takes the uninitialized variable ...

I saw that the Insomni'hack Teaser 2018 CTF was announced and I thought that would be an opportunity to progress and learn something new. As we already participated in a CTF with a group from our company, I thought we could use the same group and participate here. Unfortunately, of all the ~10 team members, only two thought this had enough priority in their calendar. The challenge started at Saturday 11am local time and ended Sunday night 11pm. I started with 90 minutes delay and my colleague told me that the first and easy challenge is a trap, where it says something like "wall of shame" if you copy something. I didn't want to hear much before it started, so I tried myself. There were 12 challenges and the site was broken in IE, but Chrome works fine: overview screen, solved challenge in green Welcome Challenge The first (welcome) challenge presented itself like this: warmup challenge So it says there to " nc welcome.teaser.insomnihack.ch 42315 ...