RITSEC18 Bucket-o-cash
· ☕ 1 min read
By cating and grepping the file, we know that there was a file named /home/memes/flag.c It’s probably a program, so I searched for ./flag Just printing the line doesn’t seem to work so I tried cat memorydump | grep -A 10 -B 10 .

RITSEC18 Freeze
· ☕ 1 min read
It’s clearly a python compiled program since there is a libpython and also, when using decompiler, there was a function name PyDontWriteByteCode using ‘pyi-archive-viewer’ we can extract the main function. Append headers to the file "\x03\xf3\x0d\x0a\xf1\x32\x75\x5a" using uncompyle, we can get the main function.

RITSEC18 Gimme sum fud
· ☕ 1 min read
The binary loads the flag.txt to the memory and asks us to provide input. Interesting things is that it loads to the same memory segment with the input. Debugging locally, I found it at the offset 752 from the first input bytes.

RITSEC18 The tangled web
· ☕ 1 min read
wget -r fun.ritsec.club:8007 You may find the file Fl4gggg1337.html is referenced or has already been download. The flag wasn’t there, but it has link to Stars.html. Fetch that file, the base64 encoded string is the flag for this challenge.

RITSEC18 Yet another HR Management Framework
· ☕ 2 min read
By judging the program’s interface, we know that it was a heap challenge. Spent quite a lot of time reversing it, I figured it out that it malloc a few bytes for the person struct on the heap, then the name will be malloc with the size entered and that address will be put in the person struct.