RSS
 

BlankMediaGames/Town Of Salem Data Breach (2020 Update)

06 Jan 2020

Overview Town of Salem, a video game produced by BlankMediaGames was breached around 1 year ago on the 3rd of January 2019. It is reported that the total row count of that database that was breached is 8,388,894 which included some 7,633,234 unique email addresses. Shortly after this breach in early 2019, hackers attacked and successfully…read more.

 
3 Comments

Posted in Exploitation

 

BlankMediaGames/Town Of Salem XSS

03 Jan 2020

While looking on the BlankMediaGames.com website (creators of Town Of Salem) I came across an api.php file which one inside one of the folders listed in the sites robots.txt  file. The file in question is:

Upon visiting the page we get the following output with a 200 response code: At first I thought this was…read more.

 
No Comments

Posted in XSS

 

IOLI Crackme Write-up

30 Dec 2019

Overview The goal of this crackme is to find out what password(s) make the program print out Password OK :). We ended up looking at the Windows binaries only. Write-up crackme0x00 Takes input through scanf and performs quick  strcmp with string 250382 from strings table. Password: 250382 crackme0x01 As above but strcmp with integer 5274 read by scanf instead. Password: 5274 crackme0x02 scanf …read more.

 
No Comments

Posted in Miscellaneous

 

Hackvent 2019: Day 23

24 Dec 2019

Challenge HV19.23 Internet Data Archive

Solution We are presented with the following website: We are allowed to enter a username and select some data to download except the flag which is classified. Upon doing this a unique zip file is generated for us containing our files and we are also provided with a password…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 22

23 Dec 2019

Challenge HV19.22 The command … is lost

Resource mirror: thecommand7.data Solution We inspect our data file and Google some of the hex sequences inside like :100000000C9435000C945D000C945D000C945D0024 and :00000001FF . We soon realise its the hex dump (or machine code) for a program for an AVR micro controller. Based on our search it seems like the dump came…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 21

21 Dec 2019

Challenge HV19.21 Happy Christmas 256

Solution We review the clues the elves gave us and first start by trying to find Santa password that was leaked 10 years ago. We are looking for data breaches in 2009 so we look at a list of data breaches. We find that the rockyou breach was the biggest breach…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 20

20 Dec 2019

Challenge HV19.20 i want to play a game

Resource mirror: HV19-game.zip Solution We are given a binary and told it is something obscure we have to reverse. We download the binary and open it in IDA. After some digging around we realise the file has something to do with the PS4 and this is consistent with…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 19

20 Dec 2019

Challenge HV19.19 ?

Solution We see a bunch of emoji and immediately think its EmojiCode! Initially we want to play around with the code so we go tio.run/#emojicode6 and enter in our code. Upon running our code we get a prompt and entering random input crashes our program to panick and crash:

Amazingly, based…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 18

20 Dec 2019

Challenge HV19.18 Dance with me

Resource mirror: HV19-dance.zip Solution In our zip file we get a dance binary that we discover is an arm binary. After some digging around we find out that it is in fact a DEB and written for iOS. We attempt to run the code in an emulator like QEMU but…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 17

17 Dec 2019

Challenge HV19.17 Unicode Portal

Solution We visit the unicode portal and are presented with a very cool website: We have to login before we can view the symbols, source or admin page. We register an account (only username and password is needed). Upon logging in we see a symbols page, a source page and an admin page.…read more.

 
1 Comment

Posted in Hackvent 2019