Level1 should be pretty straightforward. Looking at the assenbly, you can see that it prints the current working directory by using system(“pwd”) and then strcpy user controlled data to a fixed size buffer.
Continue reading Insomni’hack 2013 Armory level1 & level2Insomni’hack 2013 : Armory wargame
As arm CPU are getting more and more used, we decided to create an arm-based wargame consisting of 4 challenges.
The first one, described here, is a reverse engineering challenge that will give you the credentials to access the actual raspberry pi box.
Continue reading Insomni’hack 2013 : Armory wargameInsomni’hack 2013 : Money money money
Money Money Money
Even after "The Event", money is still the key to beat your opponents. Our scouts found an old banking server which should contain information about the accounts and the money they contain, but this old computer used to use perforated cards. Our engineers were able to create an interface to use it on modern technology, but they are not able to break the security system to get the data.Continue reading Insomni’hack 2013 : Money money money
Insomnihack 2013 – Central Directory
And here I was thinking everybody knew SQL injections and that this challenge wouldn’t last an hour. And yet only one team was able to complete it before the end of the contest. o_O
Continue reading Insomnihack 2013 – Central DirectoryInsomni’hack 2013 – recycle.exe
The main idea behind this challenge came after reading an article in Valhalla magazine about inline JScript for implementing cryptography in malwares targeting Windows.
Continue reading Insomni’hack 2013 – recycle.exeInsomni’hack 2013 : The game
A popular game amongst survivors is the Rock-Paper-Scissors-Lizard-Spock game. To gain their respect, we strongly encourage you to be the best at this game. This will strengthen your reputation and will attract new citizens.Continue reading Insomni’hack 2013 : The game
Insomnihack 2013 – Facebookalypse
This challenge was definitely one of the harder web missions and based on a redefined session handler mechanism that was initially discovered in a relatively well-know Firewall brand. It is also very similar to the example you can find on PHP’s own documentation here : http://php.net/manual/en/function.session-set-save-handler.php
Continue reading Insomnihack 2013 – FacebookalypseInsomni’hack 2013 – Life is hard(ware)
Intro
For this challenge, I wanted the attendees to reverse a microcontroller firmware, but most of all, I wanted them to actually see the result “live” to prove that the code actually works on a real device. The main idea was to use a keypad and a small screen to display the flag once the correct code has been entered.
Continue reading Insomni’hack 2013 – Life is hard(ware)Insomni’hack contest wrap-up
After 8 hours of intense hacking, pycured ended up on top in this year’s Insomni’hack contest, in front of [TechnoPandas] and Int3pids.
Continue reading Insomni’hack contest wrap-upmongodb – SSJI to RCE
Lucky discovery
Trying some server side javascript injection in mongodb, I wondered if it would be possible to pop a shell.
The run method seems good for this :