Tuesday, March 4, 2014

DEFKTHON CTF 2014 - we love it! - Web 300 Write-up

For this challenge we had an apk file! Well it was exciting at the beggining i was expecting something much more about android but... in the it was a web quest what else could it be :D

To start i get android-sdk so that i can use the emulator to run program and while it was being downloaded, I decompiled the apk package and get a code like this. It was checking if the text entered was "paswd" and sending a web request if it is with some phone data and a random pwd value -which is between [0, 300]. The problem was site kept us telling
You missed something.
Keep trying.
so i thought it must be something about pwd data i get the exact header's for the post request via wireshark and simulate it on computer -of course i got the same response :D- but this time i iterate through all possible pwd values[0, 300] and in the end i got the flag!

Flag is: w00tkitk@t

Python script and request headers:

1 comment :

  1. Note, however, that increasing decision is sort of like increasing a digital digicam's megapixel count—although greater decision typically helps, it does not guarantee good print quality. Easy to arrange and operate, the LulzBot Mini 2 is an open-frame 3D printer capable of printing with a variety of|quite so much of|a wide selection of} filament types. The Mini 2 supports direct USB connection with a pc, and provides SD-card connectivity. It makes use of “thick” filament (2.85mm, typically rounded to 3mm in Shower Caps descriptions), obtainable on the LulzBot website and elsewhere. Easy to arrange and use, the Mini 2 employs the commonly used open-source Cura printing software program.