Showing posts with label nullCON. Show all posts
Showing posts with label nullCON. Show all posts

Monday, January 27, 2014

HackIM Web 500

Given the address: http://54.237.107.251/web5/index.php?page=home, find a key.

Immediately we think that it's directory traversal given the page=X in the URL. We attempt various combinations of /etc/passwd, /flag.txt, /key.txt and so on. We look around for a little while and found


on the index.php page. So we try that e.g. ?page=etc/flag and still get an error. Maybe they're checking for single forward slashes? Seems weird but we'll try to double up on the slashes


Pretty easy for a 500 point challenge considering that many people had a ton of issues with the 100 (we never finished it).

Flag: 2f0f7c516d268843341b3d2577ca744a

Posted by at No comments:
Tags: , , , ,

HackIM Misc. 300

Given an MP3 we are asked to find a key. Normally I just assume that the challenge with MP3 either has multiple tracks or that something that has hidden text.

So I took the track and drop it in Audacity:
We notice immediately that there's a second track...

So we change to spectrogram:

Scroll in...

And we have Morse code. We know that it's morse code given that the longer lines are 3x that of the shorter. So that seems pretty easy for a challenge.. What did we miss? We translate the morse code from left to right and end up with garbage.

We sit around for a little while and figure we just missed something. Maybe it's binary somehow, maybe it's some other representation. After about 15 minutes, someone notices that the actual sound-track (track 1) sounds like it could be backwards. So we read the code from right to left and we get..
.. .-.. --- ...- . --. --- .- -.-.-- -. ..- .-.. .-.. -.-. --- -. ..--- ----- .---- ....- .. ... .- .-- . ...  --- -- . -.-.-- -.-.--

Translated..


We get: ILOVEGOA?NULLCON2014ISAWESOME??
Assuming "?" are "!", we submit the key and finish the challenge.


Key: ILOVEGOA!NULLCON2014ISAWESOME!!


Posted by at No comments:
Tags: , , , , ,

HackIM - Trivia [ALL]

Trivia 1:

This esoteric programming language uses AWSUM THX and O NOES as error handling?
Key: LOLCODE


Trivia 2:
What software is used to hack into ENCOM's computer system?
Key: CLU

Trivia 3: Outcome of Stealth Project to make coffee.
Key: Java


Trivia 4: Successor of the DEAD persistent object format?
Key: RMI


Trivia 5: Oheebhtuf O6700 "havavgvnyvmrq" zrzbel (48-ovg)

Turns out to be a Caesar shift of 13
Which turns out to be "Burroughs B6700 "uninitialized" memory (48-bit)"
Key: 0xBADBADBADBAD
Posted by at No comments:
Tags: , , ,
Subscribe to: Posts (Atom)