on - repo.zenk-security.com · and knowledge in the computer security and to have some fun...
TRANSCRIPT
![Page 1: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/1.jpg)
ON
![Page 2: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/2.jpg)
SERVICES WRITE-UPS Mikhail Vyatskov aka Tris and more
![Page 3: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/3.jpg)
MOTIVATION “The main goal of RuCTFE is to share experience
and knowledge in the computer security and to
have some fun together.”
— RuCTFE Rules
![Page 4: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/4.jpg)
RULES • Each team has an image
• There are some services on this image
• There are some vulnerabilities
• Hack em’ all!
![Page 5: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/5.jpg)
MINISTRY OF LOVE Maxim Muzafarov aka m_messiah
![Page 6: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/6.jpg)
ABOUT SERVICE • Python
• Tornado web server
• Momoko
• WebSockets
![Page 7: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/7.jpg)
WATCH CRIMES • image
![Page 8: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/8.jpg)
REPORT A CRIME • image
![Page 9: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/9.jpg)
AUTHENTICATE • image
![Page 10: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/10.jpg)
HACK IT!
![Page 11: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/11.jpg)
SQL INJECTION
![Page 12: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/12.jpg)
SQL INJECTION
![Page 13: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/13.jpg)
SQL INJECTION
![Page 14: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/14.jpg)
PROFILE SPOOFING
Bind profile without authentication
![Page 15: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/15.jpg)
PROFILE SPOOFING Profile ids are visible
in open crimes
![Page 16: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/16.jpg)
SAME DATABASE • Each team has similar database
• Each team has all authentication data
![Page 17: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/17.jpg)
“BACKDOOR”
![Page 18: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/18.jpg)
bit.ly/ructfe_mol_sploit
![Page 19: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/19.jpg)
MINISTRY OF TAXES Pavel Blinov aka pahaz
![Page 20: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/20.jpg)
ABOUT SERVICE • Node.js
• Koa web framework
• Custom router
![Page 21: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/21.jpg)
ADD PERSONAL DATA • image
![Page 22: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/22.jpg)
UPLOAD REPORT • image
![Page 23: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/23.jpg)
UPLOAD REPORT • image
![Page 24: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/24.jpg)
HACK IT!
![Page 25: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/25.jpg)
WEAK ID GENERATION
So what?
![Page 26: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/26.jpg)
WEAK ID GENERATION
![Page 27: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/27.jpg)
REMOTE CODE EXECUTION
![Page 28: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/28.jpg)
REMOTE CODE EXECUTION
![Page 29: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/29.jpg)
bit.ly/ructfe_tax_sploit
![Page 30: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/30.jpg)
ELECTIONS FOR E-DEMOCRACY Konstantin Plotnikov aka kost
![Page 31: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/31.jpg)
ABOUT SERVICE • C# + Mono
• Homomorphic encryption
![Page 32: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/32.jpg)
ELECTIONS • TODO
![Page 33: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/33.jpg)
NOMINATE • image
![Page 34: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/34.jpg)
VOTE • image
![Page 35: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/35.jpg)
GET ELECTED • image
![Page 36: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/36.jpg)
HACK IT!
![Page 37: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/37.jpg)
UNFILTERED INPUT • Client-side vote generation & encryption
• Vote – vector of integers
• Election result – sum of votes
![Page 38: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/38.jpg)
UNFILTERED INPUT
break & hack
![Page 39: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/39.jpg)
UNFILTERED INPUT • Calculations are made modulo 243
• Overflow competitor's value
• Let the battle begins!
![Page 40: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/40.jpg)
WEAK PRIVATE KEY GENERATOR • Calculations are made modulo 243 = 35
• Private key – random number
• Chance of them being non-coprime
• 3 divides private key ⇒ can decrypt
![Page 41: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/41.jpg)
WEAK PRIVATE KEY GENERATOR • image
![Page 42: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/42.jpg)
WEAK PRIVATE KEY GENERATOR • image
![Page 43: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/43.jpg)
WEAK PRIVATE KEY GENERATOR • image
…
![Page 44: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/44.jpg)
NASA RASA Andrey Gein aka andgein
![Page 45: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/45.jpg)
ABOUT SERVICE • PHP
• MySQL
![Page 46: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/46.jpg)
REPORT A PLANET • image
![Page 47: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/47.jpg)
BROWSE DISCOVERED PLANETS • image
![Page 48: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/48.jpg)
BROWSE USERS • image
![Page 49: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/49.jpg)
HACK IT!
![Page 50: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/50.jpg)
HARDCODED DB CREDENTIALS Remember about RCE?
![Page 51: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/51.jpg)
PADSPACE COLLATION • todo
⇒2
![Page 52: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/52.jpg)
bit.ly/ructfe_collations
![Page 53: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/53.jpg)
HEALTH MONITOR Polina Zonova aka Klyaksa
![Page 54: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/54.jpg)
ABOUT SERVICE • Go
• SQLite
![Page 55: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/55.jpg)
REPORT YOUR HEALTH • todo
![Page 56: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/56.jpg)
BROWSE YOUR PROGRESS • todo
![Page 57: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/57.jpg)
HACK IT!
![Page 58: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/58.jpg)
AUTHENTICATION
![Page 59: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/59.jpg)
HARDCODED SALT
Plan: 1. Set up vulnbox 2. Change all passwords & keys 3. Win
![Page 60: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/60.jpg)
LENGTH EXTENSION ATTACK • uids are serial – we can guess
• Over 9k tools to perform MD5 LEA
![Page 61: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/61.jpg)
INTERPLANETARY MIGRATION AUTHORITY Dmitry Titarenko aka dscheg
![Page 62: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/62.jpg)
ABOUT SERVICE • Nim
• Redis
![Page 63: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/63.jpg)
KNOW CITIZENS • TODO
![Page 64: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/64.jpg)
FILL MIGRATION FORM… • фы
![Page 65: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/65.jpg)
…BUT NOT QUITE • фыв
![Page 66: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/66.jpg)
HACK IT!
![Page 67: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/67.jpg)
HARDCODED DB CREDENTIALS And again
![Page 68: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/68.jpg)
HMAC USING EXTERNAL LIBRARY
zero-padded user has the same HMAC
![Page 69: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/69.jpg)
HMAC USING EXTERNAL LIBRARY
• Login as one of citizens
• Steal flag from the filled form
![Page 70: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/70.jpg)
MODIFYING LOCAL DATA • Form data stored on client side
• Form data is encrypted
• AES encryption in CBC mode
• No integrity checks
![Page 71: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/71.jpg)
MODIFYING LOCAL DATA • We know plaintext – JSON with filled data
• We can modify ciphertext
![Page 72: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/72.jpg)
MODIFYING LOCAL DATA • todo
![Page 73: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/73.jpg)
MITM • On step 3 we need to sign up a random value
• Only checker has the private key
• Let’s hack value generation function
• Check will sign everything for us
![Page 74: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/74.jpg)
bit.ly/ructfe_mig_sploit
![Page 75: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/75.jpg)
THE BANK Alexander Bersenev aka bay
![Page 76: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/76.jpg)
ABOUT SERVICE • C
• Mongoose
• Custom dictionary
![Page 77: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/77.jpg)
CREATE ACCOUNTS • todo
![Page 78: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/78.jpg)
TRANSFER MONEY • todo
![Page 79: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/79.jpg)
HACK IT!
![Page 80: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/80.jpg)
ACCESS LOGS bank.teamX.e.ructf.org/access.log
![Page 81: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/81.jpg)
DICTIONARY
Binary Search Tree Position
Independent Code
![Page 82: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/82.jpg)
DICTIONARY • Key in BST – SHA256 from key in dict
• Value – amount of money (8 bytes)
• BST stored in array
![Page 83: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/83.jpg)
DICTIONARY Bufferoverflow
Remotecodeexecu2on
![Page 84: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/84.jpg)
DICTIONARY Shell
jmptoshell
![Page 85: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/85.jpg)
bit.ly/ructfe_bank_sploit
![Page 86: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/86.jpg)
RECOMMENDATIONS • Always change keys and passwords
• Learn Linux administration
• Stay positive & have fun!
![Page 87: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/87.jpg)
Questions?
![Page 88: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/88.jpg)
Thanks!
![Page 89: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/89.jpg)
Сервисы
Ministry of Love Interplanetary Migration Authority
Nasa Rasa
![Page 90: ON - repo.zenk-security.com · and knowledge in the computer security and to have some fun together.” — RuCTFE Rules . RULES ... • Node.js • Koa web framework • Custom router](https://reader036.vdocument.in/reader036/viewer/2022063009/5fc136782afd0748c55d73c4/html5/thumbnails/90.jpg)
Сервисы
Electro Tax
Bank
Health Monitor