Skip to content

Instantly share code, notes, and snippets.

View mlashley's full-sized avatar

Malcolm Lashley mlashley

3 followers · 8 following
  • Bristol, UK
View GitHub Profile
@mlashley
mlashley / Nahamcon CTF 2023.md
Last active June 18, 2023 23:16

Didn't get to spend as much time as I would have liked on this - the writeup is mostly random thoughts as I went along. Our team of 2 ended up 121/2546 teams (5692 players) - these are my solves.

Regina

I have a tyrannosaurus rex plushie and I named it Regina! Here, you can talk to it :)

Press the Start button on the top-right to begin this challenge.
Connect with:
@mlashley
mlashley / ATRHAX.md
Last active February 20, 2021 09:10
ATRHAX Writeups

Write-ups for ATR HAX CTF hosted by McAfee - Feb 2021.

Captain Ridley's Shooting Party Scoreboard

Exploitation

A Winning Attitude (500pts)

Challenge Description

@mlashley
mlashley / testing_ctf.md
Last active December 17, 2020 07:38
Testing CTF solves

Zed

$ cat zed | uncompress -f -
flag{65e48228c2508afe47661ef1eeacbed0}

ret2win

7 words of filler, and 3 bytes of RSP.




  


  




    


          
    

      

        
        

          

              @mlashley
          

          

            
                mlashley
                / CVE-2021-1585.md
            
            

              Last active
              April 15, 2024 06:26
            

          

        

      

        

  

      

    
Cisco ASDM IDM Launcher Vulnerabilities CVE-2021-1585


Timeline




  


  




    


          
    

      

        
        

          

              @mlashley
          

          

            
                mlashley
                / 01 Writeup.md
            
            

              Last active
              September 26, 2020 23:53
            

              
                BSidesBOS CTFs
              
          

        

      

        

  

      

    
Baseball:


We are given TzRaVUNVMlRNRTRIQTZMSFBGWkdTNVpTSzVZVU1ZSllIQk5ER00zREdKTkhBVTJWSkJHVkNWMllPRlVFSzMyRE9GTUVNMkNaR0Y1RU1VUlpNUlNHS1JSWE9CQ1VVU1pZSk4ySEFWVFVPVTJGQzJDV000WlUyUVNHSlpBVFNNUT0=


Which appears to be base64, decoding to O4ZUCU2TME4HA6LHPFZGS5ZSK5YUMYJYHBNDGM3DGJNHAU2VJBGVCV2YOFUEK32DOFMEM2CZGF5EMURZMRSGKRRXOBCUUSZYJN2HAVTUOU2FC2CWM4ZU2QSGJZATSMQ=


ALLCAPS (and the trailing =) leads us to base32, giving w3ASSa8pygyriw2WqFa88Z33c2ZpSUHMQWXqhEoCqXFhY1zFR9ddeF7pEJK8KtpVtu4QhVg3MBFNA92


Either noticing no O etc. or just following the hints from the name - this is base58 - flag{wow_you_hit_a_homerun_and_really_ran_the_bases_there}


Ref: https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true)From_Base32('A-Z2-7%3D',false)From_Base58('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz',false)&input=VHpSYVZVTlZNbFJOUlRSSVFUWk1TRkJHV2tkVE5WcFRTelZaVlUxWlNsbElRazVFUjAwelJFZEtUa2hCVlRKV1NrSkhWa05XTWxsUFJsVkZTek15UkU5R1RVVk5Na05hUjBZMVJVMVZVbHBOVWxOSFMxSlNXRTlDUTFWVl



  


  




    


          
    

      

        
        

          

              @mlashley
          

          

            
                mlashley
                / gist:34cefeee75b64d3889b08f6f14b5221c
            
            

              Created
              January 11, 2020 18:13
            

              
                Kb
              
          

        

      

        

  

    
    


        



  


  

        

          
          ### Keybase proof
        

        

          
          

        

        

          
          I hereby claim:
        

        

          
          

        

        

          
            * I am mlashley on github.
        

        

          
            * I am ma1c (https://keybase.io/ma1c) on keybase.
        

        

          
            * I have a public key ASA2j2s0qVNDBTM-Ka7D-S49vdYIC1vq9cyduMFmzg9bqAo
        

        

          
          

        

        

          
          To claim this, I am signing this object: