Hack.LU 2012 :: 5 Tux Bomb

Posted by and filed under Hack.LU 2012.

At the beginning of this problem, we’re given a Windows binary(.exe). Running it gives some inane output about a username and product key. This is a clue that it could be a keygenme or something more difficult(but it isn’t, yay!) So, we open the executable up in IDA. Taking a quick look at the string… Read more »

Hack.LU 2012 :: 23 Spambots

Posted by and filed under Hack.LU 2012.

The trick here was to spot the vulnerability. The scripts loads html from a controlled webpage with @file_get_contents(). It then parses the html for forms with regex to solves a basic math problem, with unescaped eval(). Finally the page submits a post request to the controlled webpage with file_get_contents(). With that information determined from the… Read more »