Google CTF 2017 – Ascii Art Client (Reverse) – Write-Up

Description : This client displays nice ASCII Art, can it query anything else? The aart_client binary is the source of the traffic that was captured in aart_client_capture.pcap. Understand the network communication protocol and find the flag in the pcap! Provided files : aart_client (ELF 64 bits) aart_client_capture.pcap   [TL;DR] The flag was sent in a protobuf obfuscated communication over HTTP. Using reverse engineering and a bit of guessing, we found the flag in the permuted and xored HTTP response. We were the first to solve this challenge amongst the 31 teams who solved…Read more …

Google CTF 2017 – Inst Prof (exploitation) – Write-Up

During the google CTF 2017, we finished Inst_prof, here is what was given to us: Please help test our new compiler micro-service Challenge running at inst-prof.ctfcompetition.com:1337 inst_prof This is an exploitation task, we get the basics done: Protections are pretty standards beside PIE that is not enabled on all binaries, also, the binary is not stripped, which is going to be helpful for the reversing part ! All in all, this binary is pretty straighfoward to reverse, Not much to say about the main, things to note is that we only have 25…Read more …