3 posts tagged with "Static Code Analysis"

We prepare for a challenge by preparing challenge files, then proceed to perform source code analysis using VSCodium. As we delve into the code, we identify vulnerabilities in the "requirements" section (CVE-2023-2142, CWE-1321), as well as a SQL Injection vulnerability within the "getUser()" function located in the "helpers/DBHelper.js" file. Furthermore, we discover additional vulnerabilities in the "helper/JWT.js" file, specifically CVE-2022-23539, CVE-2022-23540, and CVE-2022-23541. We then exploit CVE-2022-23541 to gain access, followed by exploiting the SQL Injection vulnerability within the "getUser()" function.

As we navigate through the application, we determine the selected row and column number of interest. Next, we identify a table called "flag_storage" containing sensitive information, along with a specific column labeled as "top_secret_flag". With this knowledge in hand, we proceed to grab the flag from its designated location. We then submit our findings, encapsulating the flag within an HTB{...} notation, and declare Challenge Completed once this task is accomplished.

We prepare for a challenge by preparing challenge files and testing the executable. Next, we perform static analysis using Ghidra to identify potential vulnerabilities. Upon discovering a buffer overflow vulnerability, we verify its existence and proceed to analyze the target architecture and endianness using pwntools' checksec feature.

With this information in hand, we use GDB and PEDA to identify the offset and address of the flag() function. We then craft a malicious payload using pwntools to smash the stack and exploit the vulnerability. Before submitting the exploit to the target machine, we verify its effectiveness against a local copy of the executable. After successfully exploiting the target, we submit our exploit and grab the recovered flag, declaring Challenge Completed once the task is accomplished.

We navigate the Hack The Box CTF platform, preparing for a challenge by preparing challenge files and testing the executable. We then perform static analysis using Ghidra and dynamic analysis with OllyDbg to gain insight into its behavior.

Next, we run the executable with test data and track where it stores this data in memory, checking the surrounding environment to better understand the context. With this knowledge, we extract the password and verify it by running the executable again with the password as input. Finally, we submit the flag as HTB{<password>} and declare Challenge Completed.