Wednesday, January 22, 2014

Microcorruption - New Orleans

Microcorruption

Matasano and Square have created a fun little CTF that simulates a little embedded hardware hacking. They've simulated a debugger that is running on a lock that you access through your browser. The tutorial and the New Orleans challenge involve determining what the password is for a lock in order to move on.

New Orleans

This challenge starts off with a description of the lock with no real useful information in it. 

So off we go into the debugger! 

If you run the program, it asks you to enter a password. Since we don't know what it is we can enter random text and see how the program processes it. 

Entering in some string like, "test", and continuing execution we are ushered quickly out of the program. :(

Bugger, now we'll have to step through and see what it may be doing. Looking at main we see a few interesting items...

The check_password and get_password functions might be worth looking into. The check_password function looks like this:

Before this function is called, it should be mentioned that r15 holds the location in memory of the password that you entered in. What this function looks like it does is compare the string held at r13, which is assigned from r15, to the memory location at 0x2400. Looking in the Live Memory Dump section for whats held at 0x2400 we see this:

At this point we can take a wild guess that the first password is p:J>>V`

Success!

This is a pretty fun CTF. I'm looking forward to checking out the other challenges. I'll try and write them up as I go along, but I stink so I'm guessing I'll only be able to get the first challenge =P

22 comments:

  1. Replies
    1. 🟢Hire the best and fastest HACKERS on the web today. We give you HACKING SERVICES better than any HACKING group you can find in the internet. Our HACKERS are available for 24/7, always ready to attend to you at any time of the day, anywhere in the world.

      🟢 There are no limits to what we can do. Don’t be surprised we say this. Hacking isn’t as difficult as it sounds, as so many HACKING equipments(softwares, virus, spyware, Trojan) are made available in the dark web and this has made HACKING very easy to perform. There are different varieties of Hacking Service we offer, such a as
      ▪️Phone📱📲 Hack, cloning & Tracking
      ▪️Computer 💻 Hacking
      ▪️Emails 📧 & Social Media account Hacks/password recovery
      ▪️Tracking/Finging People
      ▪️Raising Money 💰 using (Bitcoin Mining, Money Flip e.t.c)
      ▪️Tracking Scammers and Spammers.
      ▪️Recovery of deleted files e.t.c

      🟢If you need hacking services, PYTHONAX are the group you should contact. We have a strong policy that covers our Clients Privacy. We do not ask our Clients Targets and intention for any job given to us, we simply do our job and provide a strong security to Clients so that our services can’t be traced to them.

      🟠Payment for our services will only be collected after Customers have certified and confirmed the completion of their job. For no reason do we collect upfront for services. But note that Customers will have to pay for Hacking Equipments if necessary before a job would be done.

      🔴Beware of FRAUDSTERS claiming to be HACKERS and ripping people of their money, they saying things and share false testimonies to Attract people and Lure them. They are everywhere in the internet even here in this site, be careful of them. We have come across so many of this FRAUDSTERS Victims and some have been lucky to get back what was falsely taken from them.

      Below are list of our emails you can contact if you need our services
      Email-:
      pythonaxhacks@gmail.com
      pythonaxservices@gmail.com

      PYTHONAX.
      2020 © All Right Reserved.


      Delete
    2. I got my already programmed and blanked ATM card to withdraw the maximum of $1,000 daily for a maximum of 20 days. I am so happy about this because i got mine last week and I have used it to get $20,000. Mike Fisher Hackers is giving out the card just to help the poor and needy though it is illegal but it is something nice and he is not like other scam pretending to have the blank ATM cards. And no one gets caught when using the card. get yours from Mike Fisher Hackers today! *email cyberhackingcompany@gmail.com

      Delete
  2. I feel best essay writing service could use your helpit is quite rare to find who can manouvre around the fuzzing vulnserver with peach 3 since most servers do not accept tp connections this is such a big deal

    ReplyDelete
  3. Vest Nice blog for learning new things,thanks for such beautiful blog.
    below some new idea plz check once.
    ivanka hot

    ReplyDelete
  4. I strongly recommend the service of a GREAT Hacker to you and his email is
    (CYBER.LORD1010@gmail.com) I have used him quite a number of times and he has never disappointed me.

    He does all types of mobile hacks, get unrestricted and unnoticeable access to your Partner/Spouse, Skype, Facebook Account, Email(s), Whatsapp, Instagram, Text messages, In coming and Out going calls, Twitter, Snap Chats, Bank accounts, Deleted files,bitcoin address etc. He can also help you boost your credit score limit and also clear all debts on your card(s).

    Getting the job done is as simple as sending an email to (CYBER.LORD1010@gmail.com) stating what you want to do.and his services is cheap and affordable.

    ReplyDelete
  5. Beware of scammers i have been scammed 3 times because i was trying to know if my husband was cheating until i met this hacker named; (wizardcyprushacker@gmail.com) who helped me hack into my spouse phone for real this great hacker hacked into my spouse whats-app messages,Facebook messages.text messages,call logs,deleted text messages,bitcoin account and many more i was impressed with his job and he brought me results under 24 hours believe me he is real and his services are cheap and affordable.

    ReplyDelete
  6. Hello everyone on here, I have found the real hacker (keyloggershacker@gmail.com) is the best and reliable for all your hack.
    Thank you once again keyloggershacker for your job. I promised to announce to everyone that you are the best, I know you are seeing this now.
    He can hack into any emails, Twitter, Instagram, Facebook, Text messages...please tell him Kimberly referred you to him

    ReplyDelete
  7. I have been through thick and thin all in search for trustworthy and efficient hacker, For

    me it wasnt about the money all i needed was an hacker who could do what he said he could

    do, after been scammed by several imposters claiming to be hackers i was referred by a

    friend of a friend to contact; keyloggershacker@gmail.com who offered me top notch services.

    I am only doing all this for the genuine people out there like me desperately in need of a

    hacker you have just been shown the truth, do mention Kimberly when contacting him

    goodluck.

    ReplyDelete
  8. Gaining access into my wife’s device was not that easy, as my expertise wasn’t that much not until I told AFONKAPETROV@TUTANOTA.COM about this. He helped in cracking the AES (Advanced Encryption Standard) and EXPLOITING all VULNERABILITIES in the device hereby providing a thorough access to the mobile’s data. After all, it was not a waste of effort. There was SEVERE INFIDELITY on her part. Now, I guess I need the divorce immediately and child custody too.

    ReplyDelete
  9. If you really need a professional hacker to hack your cheating boyfriend's/girlfriend's/spouse phone, whatsapp, facebook, bank account hack etc. Or credit score upgrade, I would recommend
    ETHICALHACKERS009@GMAIL.COM
    He has proven to be trustworthy, His jobs are fast and affordable. He has carried out over 3 jobs for me including helping me hack my ex wife's mobile phone and i can't forget when he cleared my credit card debts and improved my credit score to 750. I can put my money on him at anytime!. He's one of the best out there. Spreading the word as my little favor to him for all he's done. Thank me later.

    ReplyDelete
  10. The worst feeling is you knowing that your partner is cheating on you but you
    don’t have any evidence against him, this was the feeling I battled with for like
    4 months. I tried using the app it didn’t work perfectly. It was until I saw a referral on here about CYBER.LORD1010@gmail.com that was how i was saved. He gave me access to my husband’s whatsapp, Facebook account, Instagram and gmail account without his notice and that was how I got all the evidences needed to confronted him, he couldn’t deny it. I had to break up with him, who else would want to stay with a cheater. I’m happy for this great help, if you need similar help to hesitate to reach out. He’s reliable.

    ReplyDelete
  11. I had a fruitless search for a lover, all F.A.K.E acquaintances. I even lost a bit above 39,400 EURO. My worst experience, but I didn’t let him go with this. I had reported this case to AFONKAPETROV@ TUTANOTA. COM . I was able to recover funds he stole from me as a result of AFONKA’S ADVANCED PENETRATION into HIS MOBILE PHONE LINKED TO HIS BANK, SNIFFED HIS MAILS AND WAS ABLE TO H.A.C.K INTO HIS BITCOIN WALLETS. We gained more than I lost and shared BTC with AFONKA. I am so delighted, even donated to charity. I don’t think I’ll try to find love online ever again. It wasn’t a good experience.

    ReplyDelete
  12. MY NIECE HAD ISSUES IN COLLEGE and needed some grades upgraded discreetly, I was directed to contact AFONKAPETROV@ TUTANOTA. COM This was a major breakthrough for us from her failure. The reason behind this was due to s.e.x.u.a.l a.s.s.a.u.l.t.s by the College Professor. This instigated failure for my niece. We had reported the case earlier and nothing was done. Anyway, her grades were successfully changed.

    ReplyDelete


  13. CONTACT US FOR ALL KINDS OF HACKING JOB @ chauphampham42@gmail.com We offer professional hacking services , we offer the following services;
    -University grades changing
    -Bank accounts hack
    -Erase criminal records hack
    -Facebook hack
    -Twitters hack
    -email accounts hack
    -Grade Changes hack
    -Website crashed hack
    -server crashed hack
    -Skype hack
    -Databases hack
    -Word Press Blogs hack
    -Individual computers hack
    Control devices remotely hack
    -Burner Numbers hack
    -Verified Paypal Accounts hack
    -Any social media account hack
    -Android & iPhone Hack
    -Text message interception hack
    -email interception hack
    -Untraceable Ip etc.
    Contact us at chauphampham42@gmail.com or text or call (601) 357-3187 for more inquiry..
    Track Calls log and Spy Call Recording.
    Monitoring SMS text messages remotely.
    Cell phone GPS location tracking. Spy on Whatsapp Messages.
    Free Update and 100% Undetectable.
    Track BBM messages and Line messages. Track Internet Browsing History and Read phone Access Address Book, totally worth your money, please no time wasters, he won't under any circumstances work for free, you can reach him by email chauphampham42@gmail.com or add on Hangout or call on (601) 357-3187 and text

    ReplyDelete
  14. hello i just want to bring to your notice an easy way of becoming a millionaire.I read about a blank ATM card & decided to reach out to this vendor, he then gave me the guidelines & proof of how the card was cloned. Though i wasn’t sure about their services but they assured me of safe & geniue transaction if i obliged to their terms and conditions which i eventually agreed to & 4days later i was delivered a card by the Delivery service which was sent from this hacker. I was shocked when the card dispensed $2000 instant, I've been able to cash out $10k...All thanks to you guys, you can email this real and reliable hacker via email: (verifiedhackinghome.hackers@gmail.com) or whatapp +1 (516) 494 0313  

    ReplyDelete
  15. They are all scammers, they will make you pay after which they will give you an excuse asking you to pay more money, they have ripped me of $2000, i promised i was going to expose them.
    I figured it all out when my colleague took me to Pavel

    (HACKINTECHNOLOGY@GMAIL.COM)
    CELL PHONE +16692252253

    He did perfect job, he hacks all accounts ranging from (Emails, Facebook, whatsapp, imo, skype, instagram, Phone cloning, DMV removal, tracking locations, background checks Kik etc. he also hacks cell phones, cell phone tapping and cloning, clears bad driving and criminal records, bank transfers, locates missing individuals e.t.c. You should contact him and please stop using contacts you see on websites to execute jobs for you, you can ask around to find a real hacker.

    ReplyDelete
  16. This comment has been removed by the author.

    ReplyDelete
  17. You guys have surpassed my expectations! James is seriously amazing and is doing everything to help my Fiancé and me, in1weeks my credit score went up 700 points and I can only imagine what is to come. Thank you for the excellent customer service and doing exactly what you all have set out to do! NO GIMMICKS OR BS with you guys.They carry out any kind of hacks You can reachout to them via Hackintechnology@gmail.com

    ReplyDelete
    Replies
    1. They are all scammers, they will make you pay after which they will give you an excuse asking you to pay more money, they have ripped me of $2000, i promised i was going to expose them. I figured it all out when my colleague took me to Pavel (HACKINTECHNOLOGY@GMAIL.COM) +1 669 225 2253 He did perfect job, he hacks all accounts ranging from (Emails, Facebook, whatsapp, imo, skype, instagram, Phone cloning, DMV removal, tracking locations, background checks Kik etc. he also hacks cell phones, cell phone tapping and cloning, clears bad driving and criminal records, bank transfers, locates missing individuals e.t.c. You should contact him and please stop using contacts you see on websites to execute jobs for you, you can ask around to find a real hacker.

      Delete
  18. I believe it was impossible to alter grades on a university database. I was in desperate need of a grade reconstruction. I was in dire need of an hacker with incredible penetration abilities. I stumbled on THE_PRIEST@TUTANOTA.COM who had tremendous reviews of successful grade re-constructions without a detection from the school's security. I put my faith in The Priest. I was anxious and worried through the 72 hours of the project. It has been over a month now and my grades are great and there's been no detection. I owe it to you THE_PRIEST@TUTANOTA.COM you are my hero!!

    ReplyDelete