gynvael - All things reversed

gynvael

A collection of 17 posts

Gynvael's challenges - Solutions to collection of small web security challs

Gynvael's challenges - Solutions to collection of small web security challs

Recently Gynvael started to post little web challenges that are around topics of web security with NodeJs/Express (mostly) and Flask. Since I used to participate actively in Missions [https://allthingsreversed.io/tag/gynvael/] (that you could see at the end of his streams [https://www.youtube.com/watch?v=

GynvaelEN - Mission 023 - Solution

GynvaelEN - Mission 023 - Solution

Prefere videos? You can also watch it - if not, continue reading. Mission status: http://gynvael.vexillium.org/ext/43bf753f/mission023.txt We are given the package that consists of one .exe file and system.img. The .exe looks like a .NET application (default name for Console project is ConsoleApp1.

Gynvael - Mission 22 - Solution

Gynvael - Mission 22 - Solution

This was a hard one. Information about this mission can be found in stream #64 [https://www.youtube.com/watch?v=NXxxvt80T6o] and the mission itself is here [http://gynvael.vexillium.org/ext/876cad97a05cdb39c4fc749f99c3a4b5ae9317edb1271a23c5b82457996e5cbd_misja022.txt] . It's in Polish but the most relevant information here is that there's a RISC-V

GynvaelEN - Mission 022 - Solution

GynvaelEN - Mission 022 - Solution

Blokchain. *Coin. Hot topis for today. The 22nd mission [http://gynvael.vexillium.org/ext/180da8f7c52ec8b4de96b26168cbc6374fc5fad33ad8b1a48b7230de22f491c9_mission022.txt] is about blokchain and about coins. SpyCoins. The mission can be found on Stream #49 [https://www.youtube.com/watch?v=LzypD_NaWAs]. The SpyCoin center is here: http://gynvael.coldwind.pl/mission022_

Gynvael - Mission 021 - Solution

Gynvael - Mission 021 - Solution

The source [goo.gl/uk8RZB] for this mission can be found in stream 63 [https://www.youtube.com/watch?v=4OmK-7ULYd4]. It is in Polish but it can be easily spotted that the main source is a PCAP file that can be downloaded from here [goo.gl/p1Pwgm]. Wireshark(ing)

Finding "Praktyczna Inżyniera Wsteczna" last hidden flag.

Finding "Praktyczna Inżyniera Wsteczna" last hidden flag.

If you read this blog you can see that from time to time I participate in missions published by Gynvael Coldwind on his English [https://www.youtube.com/GynvaelEN] and Polish [https://www.youtube.com/user/GynvaelColdwind] streams. You might not know that he is an author of 2 (one

Gynvael - Mission 015 - Solution

Gynvael - Mission 015 - Solution

Last time, there was no mission on EN stream, so I've decided to describe the one from PL stream [https://www.youtube.com/watch?v=FN_TyVAK0Hw] sice it was also quite a nice one. The mission is located under https://goo.gl/rs1A2f and the most important part there

GynvaelEN - Mission 19 - Solution

GynvaelEN - Mission 19 - Solution

Gynvael is back with streams and with missions. The 39th stream [https://www.youtube.com/watch?v=ZUXP9ZbPv9s] contains mission no 19 that can be found here [http://goo.gl/56PLi4]. In this mission we are given a CHIP-8 ROM image. This is clearly a reference to the latest streams

GynvaelEN - Mission 018 - Solution

GynvaelEN - Mission 018 - Solution

This is an another GynvaelEN mission [https://www.youtube.com/watch?v=adHOlKKbFXM] solution. This time, the task is simple [http://goo.gl/2MYXfu]. We're given a script and we nned to find the correct password to get the flag. The script is a simple MD5/SHA1 comparison that uses

Gynvael - Mission 012 - Solution

Gynvael - Mission 012 - Solution

This mission [http://gynvael.vexillium.org/ext/020ed17f3fb2ccda168a6eefe9d47e1a0c1abd60_misja012.txt] was on the Polish stream, but it's a nice one so I've decided to describe it anyway. If you don't understand the language let me quickly bring you up to speed - you are given a ZIP file in order

GynvaelEN - Mission 17 - Solution

GynvaelEN - Mission 17 - Solution

Another stream from Gynvael - another mission [http://gynvael.vexillium.org/ext/05d08b59a5d818c05c711223ef0b701abcc33b40_mission017.txt] . This time we need to extract a message from a restriced admin panel. What we see on the page is a welcome message, and an info that the cookie was stored and a request to

GynvaelEN - Mission 16 - solution

GynvaelEN - Mission 16 - solution

Another week another mission on English side of the youtube channel. This time we are given an info that the transmission was intercepted. You can read more info here [http://gynvael.vexillium.org/ext/edd3c47b8db1c4c04751095f1e30cd66302eec31_mission016.txt] . After inspecting the link we are given a huge file [http://gynvael.vexillium.

GynvaelEN - Mission 15 - Solution

GynvaelEN - Mission 15 - Solution

Another Wednesday, another mission. This time we've got a vulnerability that allows leaking any via as a image - link [http://gynvael.vexillium.org/ext/315b8f1b6995d1d67244c04d4da9e5421dfc708a_mission015.txt] :) So we download the attached image and got this: The immediate conclusion is that the bars represent chars in the file and

Gynvael - Mission 010 - Solution

Gynvael - Mission 010 - Solution

This mission [http://goo.gl/oAdvWe] is actually published on the Polish stream [https://www.youtube.com/watch?v=UpGB9Ka6-Ps] but I've decided to write the solution here, in English. So what's this mission is about? We are given the PDF file [https://goo.gl/wgt94W] with the instructions to

GynvaelEN - Mission 14 - Solution

GynvaelEN - Mission 14 - Solution

Stream: https://www.youtube.com/watch?v=rhsH-snYkIc Mission link: https://goo.gl/oUg99i > Damn it, how will I ever get out of this labyrinth? ― Simón Bolívar This mission in comparison to the previous one [http://ctfs.ghost.io/gynvael-en-mission-13-solution/] was an easy one. This was a PPC category (programming)

GynvaelEN - Mission 12 - Solution

GynvaelEN - Mission 12 - Solution

In this mission [http://gynvael.vexillium.org/ext/a5da6349803f65783958b51c3b9fd15c3c35c0d5_mission012.txt] we are given the data from the hardware logger. On the first look we see some printable characters but nothing obvious. To solve this we need to get some knowledge about scancodes [https://en.wikipedia.org/wiki/Scancode]. The

GynvaelEN - Mission 11 - Solution

GynvaelEN - Mission 11 - Solution

If you don't know Gynvael - check his channel [https://www.youtube.com/gynvaelen] where he shows some RE/hacking stuff. After each video he posts some small challenge for solving by viewers. In this post I'll show how to solve mission 11 [https://www.youtube.com/watch?v=s5gOW-N9AAo]