Wednesday, January 22, 2014

Microcorruption - New Orleans

Microcorruption

Matasano and Square have created a fun little CTF that simulates a little embedded hardware hacking. They've simulated a debugger that is running on a lock that you access through your browser. The tutorial and the New Orleans challenge involve determining what the password is for a lock in order to move on.

New Orleans

This challenge starts off with a description of the lock with no real useful information in it. 

So off we go into the debugger! 

If you run the program, it asks you to enter a password. Since we don't know what it is we can enter random text and see how the program processes it. 

Entering in some string like, "test", and continuing execution we are ushered quickly out of the program. :(

Bugger, now we'll have to step through and see what it may be doing. Looking at main we see a few interesting items...

The check_password and get_password functions might be worth looking into. The check_password function looks like this:

Before this function is called, it should be mentioned that r15 holds the location in memory of the password that you entered in. What this function looks like it does is compare the string held at r13, which is assigned from r15, to the memory location at 0x2400. Looking in the Live Memory Dump section for whats held at 0x2400 we see this:

At this point we can take a wild guess that the first password is p:J>>V`

Success!

This is a pretty fun CTF. I'm looking forward to checking out the other challenges. I'll try and write them up as I go along, but I stink so I'm guessing I'll only be able to get the first challenge =P

11 comments:

  1. I feel best essay writing service could use your helpit is quite rare to find who can manouvre around the fuzzing vulnserver with peach 3 since most servers do not accept tp connections this is such a big deal

    ReplyDelete
  2. Vest Nice blog for learning new things,thanks for such beautiful blog.
    below some new idea plz check once.
    ivanka hot

    ReplyDelete
  3. I strongly recommend the service of a GREAT Hacker to you and his email is
    (CYBER.LORD1010@gmail.com) I have used him quite a number of times and he has never disappointed me.

    He does all types of mobile hacks, get unrestricted and unnoticeable access to your Partner/Spouse, Skype, Facebook Account, Email(s), Whatsapp, Instagram, Text messages, In coming and Out going calls, Twitter, Snap Chats, Bank accounts, Deleted files,bitcoin address etc. He can also help you boost your credit score limit and also clear all debts on your card(s).

    Getting the job done is as simple as sending an email to (CYBER.LORD1010@gmail.com) stating what you want to do.and his services is cheap and affordable.

    ReplyDelete
  4. Beware of scammers i have been scammed 3 times because i was trying to know if my husband was cheating until i met this hacker named; (wizardcyprushacker@gmail.com) who helped me hack into my spouse phone for real this great hacker hacked into my spouse whats-app messages,Facebook messages.text messages,call logs,deleted text messages,bitcoin account and many more i was impressed with his job and he brought me results under 24 hours believe me he is real and his services are cheap and affordable.

    ReplyDelete
  5. Hello everyone on here, I have found the real hacker (keyloggershacker@gmail.com) is the best and reliable for all your hack.
    Thank you once again keyloggershacker for your job. I promised to announce to everyone that you are the best, I know you are seeing this now.
    He can hack into any emails, Twitter, Instagram, Facebook, Text messages...please tell him Kimberly referred you to him

    ReplyDelete
  6. I have been through thick and thin all in search for trustworthy and efficient hacker, For

    me it wasnt about the money all i needed was an hacker who could do what he said he could

    do, after been scammed by several imposters claiming to be hackers i was referred by a

    friend of a friend to contact; keyloggershacker@gmail.com who offered me top notch services.

    I am only doing all this for the genuine people out there like me desperately in need of a

    hacker you have just been shown the truth, do mention Kimberly when contacting him

    goodluck.

    ReplyDelete
  7. Gaining access into my wife’s device was not that easy, as my expertise wasn’t that much not until I told AFONKAPETROV@TUTANOTA.COM about this. He helped in cracking the AES (Advanced Encryption Standard) and EXPLOITING all VULNERABILITIES in the device hereby providing a thorough access to the mobile’s data. After all, it was not a waste of effort. There was SEVERE INFIDELITY on her part. Now, I guess I need the divorce immediately and child custody too.

    ReplyDelete
  8. If you really need a professional hacker to hack your cheating boyfriend's/girlfriend's/spouse phone, whatsapp, facebook, bank account hack etc. Or credit score upgrade, I would recommend
    ETHICALHACKERS009@GMAIL.COM
    He has proven to be trustworthy, His jobs are fast and affordable. He has carried out over 3 jobs for me including helping me hack my ex wife's mobile phone and i can't forget when he cleared my credit card debts and improved my credit score to 750. I can put my money on him at anytime!. He's one of the best out there. Spreading the word as my little favor to him for all he's done. Thank me later.

    ReplyDelete
  9. The worst feeling is you knowing that your partner is cheating on you but you
    don’t have any evidence against him, this was the feeling I battled with for like
    4 months. I tried using the app it didn’t work perfectly. It was until I saw a referral on here about CYBER.LORD1010@gmail.com that was how i was saved. He gave me access to my husband’s whatsapp, Facebook account, Instagram and gmail account without his notice and that was how I got all the evidences needed to confronted him, he couldn’t deny it. I had to break up with him, who else would want to stay with a cheater. I’m happy for this great help, if you need similar help to hesitate to reach out. He’s reliable.

    ReplyDelete
  10. I had a fruitless search for a lover, all F.A.K.E acquaintances. I even lost a bit above 39,400 EURO. My worst experience, but I didn’t let him go with this. I had reported this case to AFONKAPETROV@ TUTANOTA. COM . I was able to recover funds he stole from me as a result of AFONKA’S ADVANCED PENETRATION into HIS MOBILE PHONE LINKED TO HIS BANK, SNIFFED HIS MAILS AND WAS ABLE TO H.A.C.K INTO HIS BITCOIN WALLETS. We gained more than I lost and shared BTC with AFONKA. I am so delighted, even donated to charity. I don’t think I’ll try to find love online ever again. It wasn’t a good experience.

    ReplyDelete