Clicking in the picture causes some whitespace to appear on top of the image (pushing it down the page) and a text area to appear under it, empty. html extension, it opens in Firefox and shows the picture. I spent some time trying to cut the HTML page out of this file and get it to work, but it turns out the entire file is a polyglot, functioning as both an image or an HTML page. Looking at the file in a text editor, there’s HTML tags including a block of JavaScript not too far from the top: Starting with the image, binwalk shows embedded files within it, including an HTML page: You should definitely give Bread’s famous easy perfect fresh rosemary yeast black pepper bread a try this Christmas! Solution HTML Page Ten (twentyfourpointone) pieces a-puzzling, On the twelfth day of Christmas my true love sent to me… There was also more web exploitation of a Tomcat deserialization CVE, a really interesting ELF reversing challenge, and pulling data from an iOS backup.
I really liked one that was another polyglot file where an image turned into an HTML page that dropped a Python script which pull out a docker image containing images that contained a flag. My favorite was a binary and a PCAP of an attacker exploiting the binary, where I needed to reverse the crypto operations in the binary and the exploit to recover the data that was stolen. The leet challenges started on day 20, but then followed an additional three hard challenges before the second and final leet one.
0 kommentar(er)
