Duc Phan ducphanduyagentp

## AcoraidaMonicaGame.sol
pragma solidity =0.4.25;

contract AcoraidaMonicaGame{
    uint256 public version = 4;
    string public description = "Acoraida Monica admires smart guys, she'd like to pay 10000ETH to the one who could answer her question. Would it be you?";
    string public constant sampleQuestion = "Who is Acoraida Monica?";
    string public constant sampleAnswer = "$*!&#^[` a@.3;Ta&*T` R`<`~5Z`^5V You beat me! :D";
    Logger public constant logger=Logger(0x5e351bd4247f0526359fb22078ba725a192872f3);
    address questioner;
    string public question;

## SVATTT2018.txt
Đề được ra với mong muốn có 1 dạng mới lạ hơn so với các kỳ SVATTT trước mà tác mình đã tham gia.
2 bài trên được đánh giá ban đầu là 2 bài web 100đ và web 200đ.
Hint được cho dựa trên log làm bài và tiến độ của các đội.

## exploit.c
#include <stdint.h>
#include <sys/io.h>
#include <unistd.h>
#include <stdio.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <string.h>
#include <assert.h>

#include "virt_to_phys.c"

## SecurityAtHSGS_DEMOVULN_APP.kt
package com.basicsec.demoweb

import io.jsonwebtoken.Jwts
import io.vertx.core.AbstractVerticle
import io.vertx.core.Vertx
import io.vertx.core.json.JsonObject


class MainVerticle : AbstractVerticle() {

## checkaslrfiles.py
'''checkaslrfiles.py: Check for files that opt into ASLR with /DYNAMICBASE,
but do not have a relocation table to allow ASLR to function.

usage: checkaslrfiles.py <dir>
ex: checkaslr.py "C:\Program Files\"

requires: pefile <https://github.com/erocarrera/pefile>, which should be
installable via: pip install pefile
'''

## WCTF_2018_searchme_exploit.cpp
// WCTF 2018 "searchme" task exploit
//
// Author:    Mateusz "j00ru" Jurczyk
// Date:      6 July 2018
// Tested on: Windows 10 1803 (10.0.17134.165)
//
// See also:  https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
#include <Windows.h>
#include <winternl.h>
#include <ntstatus.h>

## oalabs_x86vm.ps1
Write-Host -NoNewline " "
Write-Host -NoNewline "  _______  _______  ___      _______  _______  _______  "
Write-Host -NoNewline " |       ||   _   ||   |    |   _   ||  _    ||       | "
Write-Host -NoNewline " |   _   ||  |_|  ||   |    |  |_|  || |_|   ||  _____| "
Write-Host -NoNewline " |  | |  ||       ||   |    |       ||       || |_____  "
Write-Host -NoNewline " |  |_|  ||       ||   |___ |       ||  _   | |_____  | "
Write-Host -NoNewline " |       ||   _   ||       ||   _   || |_|   | _____| | "
Write-Host -NoNewline " |_______||__| |__||_______||__| |__||_______||_______| "
Write-Host -NoNewline " "
Write-Host -NoNewline " "

## writeup.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              2 stars
            
          
                JMdoubleU
                / writeup.md
            
            
              Last active
              August 11, 2018 03:20
            
              
                h1-702 2018 CTF Web Challenge Writeup
              
          
    h1-702 CTF 2018 Web Challenge Writeup

This is a writeup of how I went about solving the web challenge from the h1-702 CTF, including my thought process as I navigated through the wrong and right paths to reach a solution. If you're only interested in what the correct steps were, skip to the TL;DR at the end.
Upon navigating to the challenge URL, we're greeted with a message:
Notes RPC Capture The Flag
Welcome to HackerOne's H1-702 2018 Capture The Flag event. Somewhere on this server, a service can be found that allows a user to securely stores notes. In one of the notes, a flag is hidden. The goal is to obtain the flag.
Good luck, you might need it.

  
## h1-702-web-ctf.md

      
              1 file
            
          
              1 fork
            
          
              1 comment
            
          
              7 stars
            
          
                bayotop
                / h1-702-web-ctf.md
            
            
              Created
              June 20, 2018 20:01
            
              
                h1-702 CTF 2018 - Web 1
              
          
    Description


Announcement: https://www.hackerone.com/blog/Jackpot-h1-702-2018-CTF-here-Win-Trip-Biggest-Live-hacking-Event-2018
CTF: https://h1-702-2018.h1ctf.com/

Web challenge 1

The first challenge was available at http://159.203.178.9. The root page introduces a hidden service that allows to securely store notes. The goal is to find a flag hidden in one of these notes.
Finding the service


## flash_killbit.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MicrosoftEdge\ActiveX Compatibility\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
	pragma solidity =0.4.25;

	contract AcoraidaMonicaGame{
	uint256 public version = 4;
	string public description = "Acoraida Monica admires smart guys, she'd like to pay 10000ETH to the one who could answer her question. Would it be you?";
	string public constant sampleQuestion = "Who is Acoraida Monica?";
	string public constant sampleAnswer = "$!&#^[` a@.3;Ta&T` R`<`~5Z`^5V You beat me! :D";
	Logger public constant logger=Logger(0x5e351bd4247f0526359fb22078ba725a192872f3);
	address questioner;
	string public question;
	Đề được ra với mong muốn có 1 dạng mới lạ hơn so với các kỳ SVATTT trước mà tác mình đã tham gia.
	2 bài trên được đánh giá ban đầu là 2 bài web 100đ và web 200đ.
	Hint được cho dựa trên log làm bài và tiến độ của các đội.
	#include <stdint.h>
	#include <sys/io.h>
	#include <unistd.h>
	#include <stdio.h>
	#include <fcntl.h>
	#include <sys/mman.h>
	#include <string.h>
	#include <assert.h>

	#include "virt_to_phys.c"
	package com.basicsec.demoweb

	import io.jsonwebtoken.Jwts
	import io.vertx.core.AbstractVerticle
	import io.vertx.core.Vertx
	import io.vertx.core.json.JsonObject


	class MainVerticle : AbstractVerticle() {
	'''checkaslrfiles.py: Check for files that opt into ASLR with /DYNAMICBASE,
	but do not have a relocation table to allow ASLR to function.

	usage: checkaslrfiles.py <dir>
	ex: checkaslr.py "C:\Program Files\"

	requires: pefile <https://github.com/erocarrera/pefile>, which should be
	installable via: pip install pefile
	'''
	// WCTF 2018 "searchme" task exploit
	//
	// Author: Mateusz "j00ru" Jurczyk
	// Date: 6 July 2018
	// Tested on: Windows 10 1803 (10.0.17134.165)
	//
	// See also: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
	#include <Windows.h>
	#include <winternl.h>
	#include <ntstatus.h>
	Write-Host -NoNewline " "
	Write-Host -NoNewline " _______ _______ ___ _______ _______ _______ "
	Write-Host -NoNewline " \| \|\| _ \|\| \| \| _ \|\| _ \|\| \| "
	Write-Host -NoNewline " \| _ \|\| \|_\| \|\| \| \| \|_\| \|\| \|_\| \|\| _____\| "
	Write-Host -NoNewline " \| \| \| \|\| \|\| \| \| \|\| \|\| \|_____ "
	Write-Host -NoNewline " \| \|_\| \|\| \|\| \|___ \| \|\| _ \| \|_____ \| "
	Write-Host -NoNewline " \| \|\| _ \|\| \|\| _ \|\| \|_\| \| _____\| \| "
	Write-Host -NoNewline " \|_______\|\|__\| \|__\|\|_______\|\|__\| \|__\|\|_______\|\|_______\| "
	Write-Host -NoNewline " "
	Write-Host -NoNewline " "
	Windows Registry Editor Version 5.00

	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MicrosoftEdge\ActiveX Compatibility\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
	"Compatibility Flags"=dword:00000400
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
	"Compatibility Flags"=dword:00000400
	[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
	"Compatibility Flags"=dword:00000400