Monday, August 20, 2012

XSS on La Liga turn

hi again.
i'm soo into XSS at the moment.so here another two xss found in fcbarcelona and realmadrid for today post


Wednesday, August 15, 2012

Friday, August 3, 2012

Wargames2012 - Crypto100,200 Writeups

again, there's a wargames conducted by HiTB KL Crews this year. I'm participated but not doing well just like previous year..since..there were some other commitments during that weekends. So, here are two writeups for crypto

  Crypto100
Easy crypto: 82 73 81 81 61 83 52 62 63 41 74 22 01 42 73 31 74 52 01 21 74 01 71 83 83 01 92 73 83 32 61 73 01 81 62 43 01 74 63 51 01 71 43 92 32 92 92 22 23 43 42 61 01 51 51 72 41 62 81 72 42 22 91 01 74 91 52 74 01 42 33 23 61 23 43 21 61 52 22 01 52 74 42 01 82 63 43 94 92 93 91 32 23 32 01 94 43 01 21 62 21 74 52 81 32 71 91 33 93 01 43 51 63 42 01 32 01 52 53 32 94 63 74 91 42 01 52 81 83 92 92 01 21 74 01 91 31 41 53 82 91 62 63 01 73 42 82 91 21 22 51 71 01 91 94 32 01 51 83 22 62 61 51 63 52 94 82 01 41 33 01 83 73 01 92 82 41 62 61 41 32 42 83 01 61 94 91 53 42 52 21 01 41 93 53 82 91 31 01 63 53 92 01 52 43 93 23 82 81 72 93 01 81 94 41 21 82 61 61 43 83 01 93 42 91 31 94 42 01 61 83 01 83 21 72 33 41 42 51 01 81 23 43 01 42 93 61 23 91 32 53 63 01 21 62 21 74 52 81 32 71 91 33 93 01 73 33 53 81 01 21 22 21 53 01 32 22 52 71 72 83 32 93 01 83 92 51 61 53 91 83 93 91 52 01 81 23 43 52 53 33 82 01 31 43 71 33 31 82 93 61 41 62 01 93 51 52 73 93 91 91 31 01 52 43 52 94 74 51 41 01 52 94 01 41 41 01 81 23 43 01 53 42 72 21 01 41 94 93 33 91 01 91 51 83 32 52 01 21 91 33 01 33 93 42 01 74 62 93 01 92 21 53 01 32 94 51 83 93 91 01 41 33 01 63 53 92 01 51 74 43 31 53 32 42 51 01 81 23 43 01 33 53 92 31 23 82 31 01 92 52 32 93 01 92 42 01 51 32 62 33 71 01 94 92 53 01 23 61 23 43 21 74 42 23 92 51 01 52 74 83 94 01 33 92 51 74 43 74 01 94 93 33 51 32 83 91 22 82 52 42 61 01 81 94 71 42 53 94 22 01 81 82 42 01 32 42 51 01 53 74 42 53 31 41 81 21 61 52 22 01 31 94 82 91 01 91 31 42 92 94 81 62 74 73 63 ------------- Description: ------------ Look carefully! Does it look like hex?
the numbers refers phone keypad. decode it and then you'll get another cipher which is a vignere cipher. decrypt it and you'll get an article about cryptography. the 'key' is a hint to this challenge's flag.

  Crypto200
FN1hJU9XAJZhTF8qbnJENt1XBMd6i0utzJpHCGyVt4yp8LsHYHUJP+/M+37eNjldkx4T5xnliSrIsz/qQHB9PA==
as you can see,this is just a normal base64. decode it and you'll get some scrabble/rubbish/random words+symbols.view hex of the decoded base64 just like below.
yerp.its an md5 hash.you just need to decrypt in and you'll get the flag :) this year,these two are the only crypto challenges that the crew released. maybe quite hard compared last year so players struggle to solve them. thanks.