BlankMediaGames/Town Of Salem Data Breach (2020 Update)
Overview Town of Salem, a video game produced by BlankMediaGames was breached around 1 year ago on the 3rd of January 2019. It is reported that the total row count of that database that was breached is 8,388,894 which included some 7,633,234 unique email addresses. Shortly after this breach in early 2019, hackers attacked and successfully…read more.
BlankMediaGames/Town Of Salem XSS
While looking on the BlankMediaGames.com website (creators of Town Of Salem) I came across an api.php file which one inside one of the folders listed in the sites robots.txt file. The file in question is:
|
1 |
https://blankmediagames.com/TownOfSalem/api/api.php |
Upon visiting the page we get the following output with a 200 response code: At first I thought this was…read more.
IOLI Crackme Write-up
Overview The goal of this crackme is to find out what password(s) make the program print out Password OK :). We ended up looking at the Windows binaries only. Write-up crackme0x00 Takes input through scanf and performs quick strcmp with string 250382 from strings table. Password: 250382 crackme0x01 As above but strcmp with integer 5274 read by scanf instead. Password: 5274…read more.
Hackvent 2019: Day 23
Challenge HV19.23 Internet Data Archive
|
1 2 3 4 5 |
Introduction Today's flag is available in the Internet Data Archive (IDA). Resources http://whale.hacking-lab.com:23023/ |
Solution We are presented with the following website: We are allowed to enter a username and select some data to download except the flag which is classified. Upon doing this a unique zip file is generated for us containing our files and we are also provided with…read more.
Hackvent 2019: Day 22
Challenge HV19.22 The command … is lost
|
1 2 3 4 |
Introduction Santa bought this gadget when it was released in 2010. He did his own DYI project to control his sledge by serial communication over IR. Unfortunately Santa lost the source code for it and doesn't remember the command needed to send to the sledge. The only thing left is this file: thecommand7.data Santa likes to start a new DYI project with more commands in January, but first he needs to know the old command. So, now it's on you to help out Santa. |
Resource mirror: thecommand7.data Solution We inspect our data file and Google some of the hex sequences inside like :100000000C9435000C945D000C945D000C945D0024 and :00000001FF . We soon realise its the hex dump (or machine code) for a program for an AVR micro controller. Based on our search it seems like the dump…read more.
Hackvent 2019: Day 21
Challenge HV19.21 Happy Christmas 256
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
Introduction Santa has improved since the last Cryptmas and now he uses harder algorithms to secure the flag. This is his public key: X: 0xc58966d17da18c7f019c881e187c608fcb5010ef36fba4a199e7b382a088072f Y: 0xd91b949eaf992c464d3e0d09c45b173b121d53097a9d47c25220c0b4beb943c To make sure this is safe, he used the NIST P-256 standard. But we are lucky and an Elve is our friend. We were able to gather some details from our whistleblower: - Santa used a password and SHA256 for the private key (d) - His password was leaked 10 years ago - The password is length is the square root of 256 - The flag is encrypted with AES256 - The key for AES is derived with pbkdf2_hmac, salt: "TwoHundredFiftySix", iterations: 256*256*256 Phew - Santa seems to know his business - or can you still recover this flag? Hy97Xwv97vpwGn21finVvZj5pK/BvBjscf6vffm1po0= |
Solution We review the clues the elves gave us and first start by trying to find Santa password that was leaked 10 years ago. We are looking for data breaches in 2009 so we look at a list of data breaches. We find that the rockyou breach was the biggest…read more.
Hackvent 2019: Day 20
Challenge HV19.20 i want to play a game
|
1 2 3 4 5 6 7 |
Introduction Santa was spying you on Discord and saw that you want something weird and obscure to reverse? your wish is my command. Resources HV19-game.zip |
Resource mirror: HV19-game.zip Solution We are given a binary and told it is something obscure we have to reverse. We download the binary and open it in IDA. After some digging around we realise the file has something to do with the PS4 and this is consistent…read more.
Hackvent 2019: Day 19
Challenge HV19.19 ?
|
1 |
Introduction |
|
1 |
???????????????⛺❗️??????️?????????????????⁉️????????????????????⛪???????????❤️????????????????????????????????????????????⛴???????????????????⛄??⏳?????????????????????????????????????????????????????????????????????????????✨???????????⛲??????????⛵?????????????????? ❗️➡️ ㉓ ??????❗️➡️ ??㊷ ? ⌘ ?⏩⏩ ???❗️ ?㉓❗️❗️ ? ⌘ ➡️? ㊷ ? ㉓ ⌘❗️❗️? ?????????????❤️??❤️???????⛪???? ❗️➡️ ? ??????????? ❗️➡️ ? ? ? ? ➡️ ??⁉️ ➡️ ?? ?❗️?? ? ? ??❗️???❗️????❗️❗️❗️ ➡️ ? ↪️??❗️? ???❗️???????❗️? ☣️??????❗️❗️➡️ ✓? ⌘ ?⏩⏩???❗️??❗️❗️?? ㊷ ? ? ⌘❗️❗️ ➡️ ⌃? ? ⌘ ???❗️❗️➡️ ^??⌃➖?㉓❗️➗?????❗️❗️❌^❌?⌘❗️➡️ ⎈ ↪️ ⌘ ◀ ??❗️?❎?? ㊷ ? ? ⌘❗️❗️➖ ?? ??❗️➕??❗️➖??❗️➖??❗️➕????❗️?✖??????❗️? ? ?⎈❗️❗️? ??????❗️?✍✓ ⎈ ⌘ ????❗️❗️?????✓ ??❗️❗️❗️➡️ ⌘↪️⌘ ? ?♀️???????❗️???⌘❗️? ? |
Solution We see a bunch of emoji and immediately think its EmojiCode! Initially we want to play around with the code so we go tio.run/#emojicode6 and enter in our code. Upon running our code we get a prompt and entering random input crashes our program to panick and crash:…read more.
Hackvent 2019: Day 18
Challenge HV19.18 Dance with me
|
1 2 3 4 5 6 7 8 |
Introduction Santa had some fun and created todays present with a special dance. this is what he made up for you: 096CD446EBC8E04D2FDE299BE44F322863F7A37C18763554EEE4C99C3FAD15 Dance with him to recover the flag. Resources HV19-dance.zip |
Resource mirror: HV19-dance.zip Solution In our zip file we get a dance binary that we discover is an arm binary. After some digging around we find out that it is in fact a DEB and written for iOS. We attempt to run the code in an emulator like…read more.
Hackvent 2019: Day 17
Challenge HV19.17 Unicode Portal
|
1 2 3 4 5 |
Introduction Buy your special gifts online, but for the ultimative gift you have to become admin. Resources http://whale.hacking-lab.com:8881/ |
Solution We visit the unicode portal and are presented with a very cool website: We have to login before we can view the symbols, source or admin page. We register an account (only username and password is needed). Upon logging in we see a symbols page, a source page and…read more.
