[13 Apr 2014 | No Comment | ]
The blog’s heart’s beating is normal now

So yeah the ZOMGWTFAPOCALYPTIC bug affected this blog too.

I had a very busy couple of weeks and traveled to Cairo to attend OWASP cairo chapter launch meeting. so i had no time or brains to fix it that time but i disabled SSL.
Today i updated the openssl and libssl to the latest version in the repo and BAZINGA! i am no longer affected.

Reissued the (self-signed) certificates and put the VirtualHost back to apache’s config and restarted. and no more leaking (I hope)

Read the full story »

CTF »

[25 Jul 2015 | No Comment | ]

Hello, world.
So I was in this CTF competition and my teammate (@aboul3la) found a command injection vulnerability in one of web application challenges.
If you input `>file.txt` the server creates a file called file.txt.
We wanted to write a PHP shell to the server (echo “<?PHP CODE>” > file.php)
But the thing is, the challenge had a filter that won’t allow you to have a space in the input (Error: Not valid URL)
So we tried around and my first thought was to use some decoding mechanism to decrypt “space” from it’s hex equivalent …

Tutorials »

[14 Mar 2015 | No Comment | ]

On Linux Mint XFCE.
Rarely when i double click the VLC video playing, it won’t go fully fullscreen – it occupies the whole screen except of the task bar menu.
The solution is a no-brainer actually. The VLC windows is maxmized. So simple click the maximize button again and you can now go full screen.

CTF »

[24 Jan 2015 | No Comment | ]

The last word (crypto200)
Description: Decrypt this
And attachment is supplied: challenge.txt
It looks hex’ish? so i try hex decoding with no luck.
Then i noticed it had too many zeros? so i tried to change every character that’s not 0 to 1 to try for binary.
So as usual i run to python: cry200.py
0110001001110101011010010010000001111000011001000110100101110100001000000
1101101011010110010000001101100011100000111001000100000011100100111001101
1001010110110100100000011000100110101000100000011101110111011001110001011
0011101110011011010100010110101100001011101100010110101110000011011000110
0001011101110110111000100000011000100110101000100000010011110110000101110
0110111011001110000011101110111001101110011011001100010000001100001011101
1101110100011000010111011001111000011101110010000001001001010011100100010
10101001101010011
That decodes to:
bui xdit mk lpr rsem bj wvqgsj-av-plawn bj Oasvpwssf awtavxw INESS
And from the look of it it looks like some kind of substitution cipher:
I tried rot-n, with no luck.
Also i tried simple Caesar without luck.
Then i tried Vigenère cipher …

CTF »

[24 Jan 2015 | No Comment | ]

OHSHIT (crypto100)
Description: Decrypt the cipher using the encryption program
And attachment is supplied: challenge.7z
It contains an encryption program and crypto.txt containing

Name: Automated Crypter
Description:
Decrypt this:
019t-0-080-3-1b-19t-25z-080-03f-8j-1b-12n-12n
Using this program.
(Note: the – is just a separator)
Hint: Not all letters chars are crypted

I didn’t have to solve this using a python script as usual.
I tried it manually:
./crypto abcdefghijklmnopqrstuvwxyz
Crypted text: 1b3f4g5i8j12n13o16q19t22u25z
./crypto ABCDEFGHIJKLMNOPQRSTUVWXYZ
Crypted text: 01b03f04g05i08j012n013o016q019t022u025z
I notice something, the character is encrypted to number+character after it
The encryption of “s” is “19t”
So just manually i know “019t” is 0+s.
And with trial and error i get:
0s-0-080-3-a-s-y-080-0c-h-a-l-l
But the 0’s don’t feel right.
So …

CTF »

[24 Jan 2015 | No Comment | ]

Weird Text (misc100)
Description: Giv m th flg plz !
Part of the supplied file was:

______
____________
_
_______
{
_______
1
______________________
3

_____________
3

____________________
________
4

______
____________
_
_______
}
And it looked like it could be flag{STUFF_HERE}
So if you guess that “______ ____________ _ _______” was flag.
It’s easy to know the obfuscation used.
6 = f
12= l
1 = a
7 = g
It’s obvious it’s using charset of abcdefghijklmnopqrstuvwxyz
So i wrote a little script to parse it and give the solution.
misc100.py
Although doing it by hand would have been feasible too, it’s not long.
flag{g1v3-m3-th4-flag}