gynvael - All things reversed

All things reversed

gynvael

A collection of 17 posts

Gynvael's challenges - Solutions to collection of small web security challs

Gynvael's challenges - Solutions to collection of small web security challs

Recently Gynvael started to post little web challenges that are around topics of web security with NodeJs/Express (mostly) and Flask. Since I used to participate actively in Missions (that you could see at the end of his streams) I was more than happy to participate in those challenges too.

GynvaelEN - Mission 023 - Solution

GynvaelEN - Mission 023 - Solution

Prefere videos? You can also watch it - if not, continue reading. Mission status: http://gynvael.vexillium.org/ext/43bf753f/mission023.txt We are given the package that consists of one .exe file and system.img. The .exe looks like a .NET application (default name for Console project is ConsoleApp1.

Gynvael - Mission 22 - Solution

Gynvael - Mission 22 - Solution

This was a hard one. Information about this mission can be found in stream #64 and the mission itself is here. It's in Polish but the most relevant information here is that there's a RISC-V firmware that needs to be analyzed and password to be extracted. Analyze with R2. Since

GynvaelEN - Mission 022 - Solution

GynvaelEN - Mission 022 - Solution

Blokchain. *Coin. Hot topis for today. The 22nd mission is about blokchain and about coins. SpyCoins. The mission can be found on Stream #49. The SpyCoin center is here: http://gynvael.coldwind.pl/mission022_spycoin/ First failed attempt I've tried to main SpyCoin. That would be an obvious solution to

Gynvael - Mission 021 - Solution

Gynvael - Mission 021 - Solution

The source for this mission can be found in stream 63. It is in Polish but it can be easily spotted that the main source is a PCAP file that can be downloaded from here. Wireshark(ing) Hacing this file on our disk, there isn't much more to do just

Finding "Praktyczna Inżyniera Wsteczna" last hidden flag.

Finding "Praktyczna Inżyniera Wsteczna" last hidden flag.

If you read this blog you can see that from time to time I participate in missions published by Gynvael Coldwind on his English and Polish streams. You might not know that he is an author of 2 (one self, one co-op) books in the simillar topics that he presents

Gynvael - Mission 015 - Solution

Gynvael - Mission 015 - Solution

Last time, there was no mission on EN stream, so I've decided to describe the one from PL stream sice it was also quite a nice one. The mission is located under https://goo.gl/rs1A2f and the most important part there is that it points to another download which

GynvaelEN - Mission 19 - Solution

GynvaelEN - Mission 19 - Solution

Gynvael is back with streams and with missions. The 39th stream contains mission no 19 that can be found here. In this mission we are given a CHIP-8 ROM image. This is clearly a reference to the latest streams about this topic (#34, #35, #36, #37, #38). If you don't

GynvaelEN - Mission 018 - Solution

GynvaelEN - Mission 018 - Solution

This is an another GynvaelEN mission solution. This time, the task is simple. We're given a script and we nned to find the correct password to get the flag. The script is a simple MD5/SHA1 comparison that uses a weak equals operator (==) and we can exploit that. The additional

Gynvael - Mission 012 - Solution

Gynvael - Mission 012 - Solution

This mission was on the Polish stream, but it's a nice one so I've decided to describe it anyway. If you don't understand the language let me quickly bring you up to speed - you are given a ZIP file in order to extract a data from it. Of course

GynvaelEN - Mission 17 - Solution

GynvaelEN - Mission 17 - Solution

Another stream from Gynvael - another mission. This time we need to extract a message from a restriced admin panel. What we see on the page is a welcome message, and an info that the cookie was stored and a request to reload the page. So he "Hit Refresh" (;)) and

GynvaelEN - Mission 16 - solution

GynvaelEN - Mission 16 - solution

Another week another mission on English side of the youtube channel. This time we are given an info that the transmission was intercepted. You can read more info here. After inspecting the link we are given a huge file of ascii printable characters that looks like base64 string. So we

GynvaelEN - Mission 15 - Solution

GynvaelEN - Mission 15 - Solution

Another Wednesday, another mission. This time we've got a vulnerability that allows leaking any via as a image - link :) So we download the attached image and got this: The immediate conclusion is that the bars represent chars in the file and the ascii value are represented by the bar

Gynvael - Mission 010 - Solution

Gynvael - Mission 010 - Solution

This mission is actually published on the Polish stream but I've decided to write the solution here, in English. So what's this mission is about? We are given the PDF file with the instructions to retreive the hidden message. If you didn't know it already, PDF is quite an interesting

GynvaelEN - Mission 14 - Solution

GynvaelEN - Mission 14 - Solution

Stream: https://www.youtube.com/watch?v=rhsH-snYkIc Mission link: https://goo.gl/oUg99i Damn it, how will I ever get out of this labyrinth? ― Simón Bolívar This mission in comparison to the previous one was an easy one. This was a PPC category (programming). In this one we're give

GynvaelEN - Mission 12 - Solution

GynvaelEN - Mission 12 - Solution

In this mission we are given the data from the hardware logger. On the first look we see some printable characters but nothing obvious. To solve this we need to get some knowledge about scancodes. The article on Wiki gives some clue that we might be on a right track

GynvaelEN - Mission 11 - Solution

GynvaelEN - Mission 11 - Solution

If you don't know Gynvael - check his channel where he shows some RE/hacking stuff. After each video he posts some small challenge for solving by viewers. In this post I'll show how to solve mission 11. In this task we're given a file that is the "firmware". When