0x3f

photo credit: RobotSkirts Second forensic challange of the DEFCON 18 CTF qualifications: the suggestion was “find the key” and the related file is here. (Mirrors: #1) Trying to identify the file. $ file f200_02b7b50f575759cff7.tar.lzma f200_02b7b50f575759cff7.tar.lzma: data So we can try to trust the file extension. $ unlzma -d f200_02b7b50f575759cff7.tar.lzma $ tar xvf f200_02b7b50f575759cff7.tar IMG_0001.png IMG_0002.png [...]

Last week a sqlmap user, Chilik Tamir, provided me with a patch to add basic support for SOAP based requests to the tool.I tested the patch, extended its functionalities and now sqlmap can also work against web services! Check it out from the Subversio…

Earlier this month I attended to AthCon conference in Athens (Greece) where I gave a talk, met some very smart people, did some awesome sight-seeing of the Acropolis, had good food and better-than-UK weather My presentation was titled Got database ac…

photo credit: RobotSkirts Some times ago i get a lot of fun at DEFCON 18 CTF qualifications with a group of really skilled friends. Now a bit later, here is my writeup for some challenges. First forensic challange of the DEFCON 18 CTF qualifications: the suggestion was “find the key” and the related file is [...]

Some while ago I met that ex-Microsoft employee and friend of mine over a pint or two. At some point he asked me “What is the maximum length of a path in Windows?”. For me, the answer was clearly MAX_PATH which is 260 bytes. Well, it turned out I was wrong. And I was wrong [...]

Last weekend we participated in the defcon quals and I tought I’ll make a writeup of the one challenge which drove me crazy. During the quals I was not able to exploit it because of the timezone difference, but then I thought I need to solve it otherwise I’ll never be able to sleep quietly

The third Defcon 18 CTF challenge that I solved with two team mates was Pwtent Pwnables 200.Title: Running on pwn8.ddtek.biz.EnjoyFile: pp200_73774703181e8703d24.bin (mirrored here).I downloaded the file and checked it’s type:file pp200_73774703181e870…

The second Defcon 18 CTF challenge that I solved was Pursuit Trivial 200.Title: sheep@pwn21.ddtek.biz:6000 sheep go baaAaaABeing it part of the trivial category I though immediately that the password for user sheep was baaAaaA and in fact, it was.I log…

Last week-end I played Defcon #18 Capture The Flag quals together with some friends. We made up a team of less than 10 people who worked hard, as much as we could, slept very little and had a lot of fun. We ended up in the Top 60!I am going to post a f…

I am glad to release hostmap version 0.2.2. In this version there are a lot of bug fixes and some new features. Introduction hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby and licensed under GNU General Public License version 3 (GPLv3). It’s goal is to enumerate all hostnames and [...]