https://blog.noxale.com/tags/noxctf/ Recent content in Noxctf on noxale Hugo -- gohugo.io teamnoxale@gmail.com (noxale) teamnoxale@gmail.com (noxale) Tue, 18 Sep 2018 12:48:00 +0500 https://blog.noxale.com/post/noxctf-psrf/ Tue, 18 Sep 2018 12:48:00 +0500 teamnoxale@gmail.com (noxale) https://blog.noxale.com/post/noxctf-psrf/ PSRF Challenge description: > Swisslock is a new company in the Kubernetes security business. Are they worth it? First time in the website, we don’t see anything special aside from a textbox and some images. side note: there is an open text box, but you won’t get very far by trying web-related vulnerabilities ;) After viewing the page source we see that the file is really long, after scrolling to the bottom we see the first hint! https://blog.noxale.com/post/noxctf-raphic/ Tue, 18 Sep 2018 12:48:00 +0500 teamnoxale@gmail.com (noxale) https://blog.noxale.com/post/noxctf-raphic/ Writeup for Rap(h)ic; Reversing 966 Intro This is a hard Reversing challenge from noxCTF. The solver only gets an ELF file. Description: There is nothing like overly designed design The original file is attached at the bottom of the document. Summary We get an ELF file. Upon execution, it will load another ELF file from its memory into “/tmp/…” and execute it. The processes use a socket to communicate with each other - The parent process sends addresses which the child process later executes and sends its return value back to the parent. https://blog.noxale.com/post/noxctf-noxcomputers/ Tue, 18 Sep 2018 12:48:00 +0500 teamnoxale@gmail.com (noxale) https://blog.noxale.com/post/noxctf-noxcomputers/ The Challenge The challenge is basically a computers store service- the user can buy premium user (or multiple users and be eligible for a future discount), buy a computer, return a computer, and show/edit the account details. The Vulnerability The vulnerability exists in buy_multiple_premium_users(), in the following functionality void buy_multiple_premium_users() { ... ... if((unsigned short)(user_count + premiums_amount) > ARRAY_MAX) { puts_wrapper("You can't create more than 1024 users :("); return; } . https://blog.noxale.com/post/noxctf-muhamadali/ Tue, 18 Sep 2018 10:48:00 +0500 teamnoxale@gmail.com (noxale) https://blog.noxale.com/post/noxctf-muhamadali/ Challenge description: Muhammad Ali: “I’ve Ceen Many Pictures of Knocking-out in my career” special idea: 1)The main idea of the challenge is ICMP Knocking. 2)This is not a Stego challenge, this is a Networking challenge! 3)solving without understanding(frame contains “flag”/“noxctf”,follow each tcp stream) will lead you to stego dead end. Writeup: At the beginning of the challenge we get a description: Muhammad Ali: “I’ve Ceen Many Pictures of Knocking-out in my career” ok, it seems like we need to search picture files of knockouts inside the pcap file. https://blog.noxale.com/post/noxctf-reverse/ Tue, 18 Sep 2018 10:48:00 +0500 teamnoxale@gmail.com (noxale) https://blog.noxale.com/post/noxctf-reverse/ Note: this is not a Reverse challenge Note: change the flag format from noxctf{X-X-X} to noxCTF{X_X_X} Writeup At the beginning of the challenge we get an executable file, that looks like cmd. Lets start running commands and look if we see something suspicious But so far it seems like normal limited cmd. When we call the ‘netstat’ command we get a constant output: Netstat- Displays protocol statistics and current TCP/IP network connections. https://blog.noxale.com/post/noxctf-subliminal/ Tue, 18 Sep 2018 10:48:00 +0500 teamnoxale@gmail.com (noxale) https://blog.noxale.com/post/noxctf-subliminal/ Challenge description: “SUBliminal is an Israeli rapper that eschew from Illegal things. (don’t smoke weed everyday)“. goo.gl/pSGubK special idea: 1. To understand that we interested in the data of the packet that has been sent from illegal subnet ip. 2. To understand that illegal subnet address is an address that belong to subnet(start with 10 or 192) and don’t implement the rest of the mask: 10.0.0.? Writeup: So, at the beginning of the challenge we get a note: “SUBliminal is an Israeli rapper that eschew from Illegal things. https://blog.noxale.com/post/noxctf-sublime/ Tue, 18 Sep 2018 10:48:00 +0500 teamnoxale@gmail.com (noxale) https://blog.noxale.com/post/noxctf-sublime/ Sublime is a medium difficulty cryptography challenge about the substitution cipher. I made this challenge more difficult by setting the substitution range of values to the whole ASCII table. To solve this challenge, you first need to perform a frequency analysis on the given ciphertext, omitting the variety of punctuation marks from the analysis but spaces (e.g. dots, exclamation marks, question marks etc..) and sort the frequencies from the highest to the lowest.