BLE_CTF write up

This post contains a write-up of the Bluetooth Low Energy Capture the Flag (BLE CTF) as developed by hackgnar. The CTF teaches various core concepts of Bluetooth LE. A more advanced version is now available too, the BLE_CTF_INFINITY. Prerequisites After building and flashing the CTF to the target device (see the documentation for the required steps), ensure the bluetooth service is running using systemctl start bluetooth. Next verify the target device is discoverable: sudo hcitool lescan should return an entry like this: 30:AE:A4:26:2B:E6 BLECTF.

Using LLDP to deliver XSS payloads to Zyxel GS1900

Earlier this year I took a closer look again at the Zyxel GS1900-8 switch. Last time I mainly looked at the firmware itself, however this time I took a closer look at a different vector to test this device. Link Layer Discovery Protocol (LLDP) Based on an educated guess I started poking around the LLDP pages on the web interface. LLDP is a layer 2 network protocol described in IEEE 802.

Holiday Hack Challenge 2020 – KringleCon 3

Right before the end of 2020 I completed the Holiday Hack Challenge 2020. Though it’s obviously not the first type this conference took place, it was the first time I participated. Below is my write-up of the primary objectives along with a selection of side-challenges. Objectives: Uncover Santa’s Gift List Investigate S3 Bucket Point-of-Sale Password Recovery Operate the Santavator Open HID Lock Splunk Challenge Solve the Sleigh’s CAN-D-BUS Broken Tag Generator ARP Shenanigans Defeat Fingerprint Sensor Naughty/Nice List with Blockchain Investigation (part 1, part 2) Challenges:

Angr 9 SimFile without SimSymbolicMemory

Whilst working on angr_ctf in order to properly dive into Angr, there was one exercise which required the use of a symbolic filesystem with SimFile backed by symbolic memory. This particular challenge requires a particular input to be present in the input file and as such act as the password. The filename can be quickly looked up in the binary; the contents however will be made symbolic so we can solve for that.

Brixel CTF 2020 write up

This year I participated in the Brixel CTF winter edition along with another player from the Darknet Diaries Discord community. Despite some stability issues on the server side this CTF had some fun puzzles although some more challenging puzzles would be appreciated for a future installment. Below is my write up of a few of them – I ended up solving a few more but I didn’t keep any notes on them.