CyberYoddha 2020 Write-Up

This event is event that for beginner, so it will teach you some basic to intermediate challenge and will teach you new method and new understanding about some security awarenes, this event start from 30th October to 1th November.

I play this event with my friends, you can check his blog here.

Reverse Engine

1. Password1

In this challenge we just need to read and understand about python list to get the flag.

you just need to ordered the password list from 0 and we got the flag.

Flag: CYCTF{pu771ng_th3_ch@r@ct3r}

2. Password2

In this challenge if you read and analyze the source code, you’ll understand we just need to input string

CYCTF{ju$@rcs_3l771l_@_t}bd3cfdr0y_u0t__03_0l3m

as the input, and i add print command in line 15 to print our input which already processing.

Flag: CYCTF{ju$t_@_l177l3_scr@mbl3_f0r_y0u_t0_d3c0d3}

3. Password3

As you can see, in line 13 there’s string wich is base64 encode, and look at line 8 there’s doing looping and xor for each char and xor it with 0x55, so first you need to decode string on line 13, and do it xor with 0x55 as the key, i use cybercheff to make it simple, at least i understand what is it doing and how it work.

Flag: CYCTF{B0th_x0r_@nd_b@s3_64?_th@ts_g0dly}

Binary Exploitation

1. Overflow2

In this challenge we need to overflow return address and control the program flow execution to execute function run_shell wich is will give us shell.

I open it using gdb and add breakpoints in the end of main function

run it and input a bunch of “A”

as you can see on register EIP value is AAAA that is our input and that mean we success overflow the return address, wich we want it to run_shell address, so here’s my exploit

Flag: CYCTF{0v3rfl0w!ng_v@ri@bl3$_i$_3z}

2. Overflow3

If you download the source code and read it

you will know that we need to overflow variable vuln with values 0xd3adb33f. then we will got shell, in this challenge we don’t need to find buff to overwrite variable vuln, because it declared side by side, so we just need to write 16 buff and hex target, here’s my exploit

Flag: CYCTF{wh0@_y0u_jump3d_t0_th3_funct!0n}

--

--

--

PARSECT // IT Security Enthusiast // STOICISM // KEEP DO SOMETHING LEGAL

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

I Decided to Add More Value to People’s Lives as a Programmer

Saving Screenshots & Byte Data in Unreal Engine

JChampions Conference 2022 official program 20–21–24–25 January 2022

Makey Makey Operation 2.0

Solving Linear Equation System

Reactive Extensions for the JVM: RxJava Part 3

Download a Kaggle dataset by linux console.

Unity Editor - Making it work for you!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
InersIn

InersIn

PARSECT // IT Security Enthusiast // STOICISM // KEEP DO SOMETHING LEGAL

More from Medium

Examining the database in SQL injection attacks.

Server-Side Request Forgery (SSRF) Explained

SSRF Explained

TryHackMe- Network Services 2 — Lab Walkthrough —SMTP

SQL Injection Heist