Recently Gynvael started to post little web challenges that are around topics of web security with NodeJs/Express (mostly) and Flask. Since I used to participate actively in Missions [https://allthingsreversed.io/tag/gynvael/] (that you could see at the end of his streams [https://www.youtube.com/watch?v=
This was a hard one. Information about this mission can be found in stream #64 [https://www.youtube.com/watch?v=NXxxvt80T6o] and the mission itself is here [http://gynvael.vexillium.org/ext/876cad97a05cdb39c4fc749f99c3a4b5ae9317edb1271a23c5b82457996e5cbd_misja022.txt] . It's in Polish but the most relevant information here is that there's a RISC-V
Blokchain. *Coin. Hot topis for today. The 22nd mission [http://gynvael.vexillium.org/ext/180da8f7c52ec8b4de96b26168cbc6374fc5fad33ad8b1a48b7230de22f491c9_mission022.txt] is about blokchain and about coins. SpyCoins. The mission can be found on Stream #49 [https://www.youtube.com/watch?v=LzypD_NaWAs]. The SpyCoin center is here: http://gynvael.coldwind.pl/mission022_
Another stream from Gynvael - another mission [http://gynvael.vexillium.org/ext/05d08b59a5d818c05c711223ef0b701abcc33b40_mission017.txt] . This time we need to extract a message from a restriced admin panel. What we see on the page is a welcome message, and an info that the cookie was stored and a request to
Another week another mission on English side of the youtube channel. This time we are given an info that the transmission was intercepted. You can read more info here [http://gynvael.vexillium.org/ext/edd3c47b8db1c4c04751095f1e30cd66302eec31_mission016.txt] . After inspecting the link we are given a huge file [http://gynvael.vexillium.
Another Wednesday, another mission. This time we've got a vulnerability that allows leaking any via as a image - link [http://gynvael.vexillium.org/ext/315b8f1b6995d1d67244c04d4da9e5421dfc708a_mission015.txt] :) So we download the attached image and got this: The immediate conclusion is that the bars represent chars in the file and
Stream: https://www.youtube.com/watch?v=rhsH-snYkIc Mission link: https://goo.gl/oUg99i > Damn it, how will I ever get out of this labyrinth? ― Simón Bolívar This mission in comparison to the previous one [http://ctfs.ghost.io/gynvael-en-mission-13-solution/] was an easy one. This was a PPC category (programming)
In this mission [http://gynvael.vexillium.org/ext/a5da6349803f65783958b51c3b9fd15c3c35c0d5_mission012.txt] we are given the data from the hardware logger. On the first look we see some printable characters but nothing obvious. To solve this we need to get some knowledge about scancodes [https://en.wikipedia.org/wiki/Scancode]. The