This Web challenge was part of the ebCTF competition. It’s actually more crypto than web. We get a simple web site driving the famous cowsay binary: define(’MY_AES_IV’, CENSORED); define(’MY_AES_KEY’, CENSORED); define(’MY_HMAC_KEY’, CENSORED); define("FLAG","CENSORED"); function aes($data, $encrypt) { $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, ”, MCRYPT_MODE_CBC, ”); mcrypt_generic_init($aes, MY_AES_KEY, MY_AES_IV); return […]
This is a quick post to give my solution for the IMAFREAK challenge. What you need to succeed: – A JPEG file with EXIF CameraModel tag sets to “.php” so that the file is created with filename secretstoreddata/.php – Same JPEG file with the *RAW* Red plane containing a PHP […]
Web challenge. We have the “source code” and we know the location of the flag: <!– can’t touch this: http://securerng.misteryou.ru/flag.txt.gz –> <!– can touch this: http://securerng.misteryou.ru/index.php.txt –> The web page is simple form to generate pseudo-random numbers. Here is the form: <form method=’POST’> Enter the […]