The CONFidence Teaser CTF 2016 by Dragon Sector is now over and the results are in (congratz 9447!). Therefore I decided to share the sources of my task called ReRe, which was a Python rainbow-heavy obfuscation-heavy bytecode-all-around challenge. I won't spoil too much in case you would like to try to solve it (crackme/rere.py in the archive), but if you would like to read more on it, just see the SOLUTION.md file in the zip file. I'll add, that the obfuscation used self-modifying bytecode, some bytecode-level obfuscation and minor string obfuscation as well, so if you would like to learn more about Python 2.7 internal code representation, try your luck with ReRe :) It was solved 5 times btw.
Wczoraj podczas livestreamu m.in. pokazywałem jak rozwiązywało się zadanie plaiddrive (WEB450) z PlaidCTF 2016, i jak to zwykle bywa podczas demo ciekawszych rzeczy, coś nie zadziałało. Konkretniej, w kluczowym momencie chciałem pokazać, że można przejść po ramkach obiektu window niezależnie od originu przebywanych ramek, aż do ramki z tym samym originem; a następnie dostać się do jej treści - i zamiast dostępu do location/document dostałem widoczny wyżej wyjątek, że originy się nie zgadzają. Stwierdziłem wtedy, że pewnie robię jakiś głupi błąd - i w rzeczywistości tak było ;)
Adobe Reader 9.5.1 and 10.1.3 multiple vulnerabilities - 62 unique crashes, from that 31 trivially exploitable and 9 more potentially exploitable, 11 CVE's assigned (CVE-2012-4149 to CVE-2012-4160). Some of these bugs were fixed for Windows and OSX releases of Adobe Reader in APSB12-16.
Contributed to discovery of multiple low-to-high vulnerabilities in Google Chrome (CVE-2012-2851, CVE-2012-2855, CVE-2012-2856, CVE-2012-2862, CVE-2012-2863 and some other) - some of these were mentioned in this post.
A lot of bugs in ffmpeg and libav which resulted in 892 (sic!) patches in ffmpeg and 299 patches in libav (CVE-2011-3930 to CVE-2011-3952 and some other).
Mozilla Firefox 126.96.36.199 and Opera 9.50 information leak, also midly affected Safair, Konqueror and some other products (CVE-2007-6524, CVE-2008-0420, CVE-2008-0894, CVE-2008-1573). A demo video is also available.
PiXieServ is a simplified PXE (network boot) server for Windows and Linux-based OS, created for testing of very small home-made OS. See also the post about it.
ExcpHook, a system-wide exception monitor for Windows XP 32-bit. Useful if you're fuzzing something that doesn't like having a debugger attached.
Ent is an entropy measuring tool for reverse engineering reconnaissance (see also a post explaining how to use it).
HiperDrop is a simple command line process memory dumper for Windows, with a few different work modes.
asmloader - this little app executes headerless machine code (compiled assembly code). It's meant to be an aid in learning/teaching and playing with assembly, as well as the right tool when you just need to execute some machine code.
NetSock is a simple socket/networking lib/wrapper for C++ I've wrote back in 2003 and update from time to time - I use it for most of my network-enabled projects.