[19 Jan 2015 | No Comment | ]

Hello, Internet!
In this challenge, You are given a cloudfs file it was an xz archive
Extract it and you get cloudfs-31c938df3531611b82fddf0685784a2b67373305ec689015f193a555b756beb21 a network capture dump
I opened it with wireshark and search for the word “key”
I get an ICMP packet with the content: key.tbz
That’s a hint telling us to search for bzip2 = content in the dump
I searched in the packets for hex value “42 5a” which is ascii “BZ” and it’s the start of the bzip2 file header.
I found that repeated too much times towards the end of the capture packets.
So …


[19 Jan 2015 | No Comment | ]

Hello, world.
MTGO was a great, i loved that challenge.
And i haven’t solved anything like that before.
You are supplied with a file mtgo.py and you are supposed to exploit it’s crypto.
It uses current time as a seed, then uses random to get random numbers to shuffle the cards.
If you supply the same seed it will always get the same numbers, and order of the card.
So when you run mtgo.py it will give you the first seven cards of a shuffled deck. And you are supposed to give it back the following …


[1 Dec 2014 | No Comment | ]

Challenge name: 7amamaBook v2
Source code: https://github.com/0xAli/CTF-Challenges/tree/master/7amamabook%20v2
Vulnerability: Known Weak PRNG in PHP.
If you know elements like (IP/PID/Seconds/Millisec/PID) you can calculate the session ID.
Challenge solution:
First use bruteforce to find the “logs” directory (dirbuster should find it quick).
Open sessions.txt
Find the IP, seconds, millisec and partial session id (Used to verify the programatic bruteforce result).
Write a bruteforce script to guess the apache proccess ID.
Then using Cookie manager+ or any other tool to set the PHPSESSID cookie to the session id you got.
Then browse to the index (Or click 7amamberg in FAQ) to see …

Miscellaneous, Tutorials »

[6 Nov 2014 | No Comment | ]
[Solution] Steam linux client fails to Verify Integrity of Game Cache

Hello Internet!
If I ever try the “Verify Integrity of Game Cache” option of steam to check my local games for corruption it doesn’t see my files and re-downloads the game, and my connection speed is slow 😀
I am using Linux Mint, and this affect Ubuntu as well.
Turns out it’s a known issue https://github.com/ValveSoftware/steam-for-linux/issues/2515
It’s because your distro is encrypting /home and thus steam can’t recognize the files for some reason..
The Solution:
Create a new library directory
Settings -> Download -> Steam library folders
Then create a new folder

And to keep your old games, copy …

Miscellaneous »

[12 Aug 2014 | No Comment | ]

I was cross compiling a program that required libcurl, so i had to cross compile curl first then compile the other program and pointing it towards that libcurl.
“./configure” was normal, but it failed “make” there was an error while linking
Here is a snippet from config.log

configure:5856: checking whether libcurl is usable
configure:5890: i686-w64-mingw32-gcc -std=gnu99 -o file.exe -g -O2 file.c -L/usr/lib/x86_64-linux-gnu -lcurl >&5
/tmp/ccPPDrjc.o: In function `main’:
/root/program/file.c:17: undefined reference to `_imp__curl_easy_setopt’
collect2: error: ld returned 1 exit status

The solution is simple adding mingw bin directory to the $PATH of operating system.
In …