HackerOne CTF with gdb

Recently my friend Colin started the HackerOne CTF and encouraged me to participate as well. I know nothing about web hacking and most of the CTF is web based. I’ve installed Burp Suite and messed around with it a little bit. I have only found two of the web based flags so far and have... » read more

CTF Challenge – Stage 5

Continuing from Stage4, now onto the final stage, Stage5! Right away Stage5 had me a bit baffled. Up until this point I had been relying entirely on comparisons, tests, and jumps to determine the steps necessary for completing the previous stages. Without any of these I was lost as to where I should begin. There... » read more

Packet Biter [Alpha] Demo

This a short demonstration of some software I’ve been developing that I call Packet Biter. This software is heavily influenced by Manfred’s “Proxy” software which he showed in this video with Vice’s Motherboard. Packet Biter is still in the very early stages of development. The front-end is garish and due for a complete overhaul, it... » read more

CTF Challenge – Stage 4

Continuing from Stage3, now onto Stage4. First there’s a call to RegOpenKeyExA which opens a specified register key. This call is returning with a value of 0x2 which is the error code for FILE_NOT_FOUND. The first parameter of RegOpenKeyExA is a handle to a key, or it can be a predefined key. This call is... » read more

CTF Challenge – Stage 3

Continuing from Stage2, now I’m on Stage3. It’s getting user input with a call to fgets and then passing that user input to a call to vsscanf using the format-control string "%d %d %d %d %d". Right after the call to vsscanf there’s a cmp eax,5. vsscanf returns the number of fields that are successfully... » read more

CTF Challenge – Stage 2

This is a continuation from this post. Stage2 is different in that it’s waiting on user input with a call to fgets. I started with just a simple string to observe the functionality. You’ll notice it’s executing a xor on the first byte of our input string with the lowest byte in ecx. This part... » read more