JIS-CTF: VulnUpload Vulnhub Writeup

My first boot2root beginners challenge taken from here: JIS-CTF: VulnUpload from vulnhub.com.
First we start with a nmap scan:

Flag 1

The nmap scan already reveals a lot of information. The first flag can be found under the url http://[jordan vm]/flag:

The 1st flag is : {8734509128730458630012095}

Continue reading

An overcomplicated solution for cmd2 ctf at Pwnable.kr

When I got some free time I try to solve some beginners hacker ctfs. Recently I stumbled over cmd2 at Pwnable.kr and it took me some time to solve it. Later I realized that my earlier attempts would have been successful if I knew the difference between calling arguments with "..." or '...'. 🙂
For starters, when calling a binary with "$(...)" the code inside $(…) will be executed first and then the result will be the arg for the binary.
When a binary is called with '$(...)' the whole parameter will be seen as argument. With some help from youtube I used the following solution for cmd2:

./cmd2 '$(cs() { printf ${@}; }; cs "\57bin\57cat\40fl"; cs "ag";)'

An easier solution as seen here would be:

./cmd2 '$(echo "\57bin\57cat \57home\57cmd2\57f")lag'

wsoltys in the media …

… not really but my repository at github was seen in the recent retrorgb podcast:

Watch this video on YouTube.

Looks like to totally forgot to insert a readme with the link to the original sources. Shame on me. I’ll do that later but meanwhile here the link where I got all the stuff: https://svn.pacedev.net/repos/pace/
Kudos to tcdev for all the work!

I’ve updated my repo https://github.com/wsoltys/pacedev with the latest sources from Mark’s svn and a readme to his repository.

“Retr0bright” my SNES

After watching several videos about brighten up your old retro gear I tried the method on my SNES (see 8-Bit Guy cleaning an old computer). Unfortunately with mixed results.
Instead of mixing the retr0bright mixture I’ve bought cream oxide with 12% hydrogen peroxide. Since its a cream it sticks fine on the SNES case. To prevent it from drying I wrapped it in transparent polythene foil and left it a few hours in direct sunlight.

Continue reading