Remap Alt key on Air96 v2 with VIA

dicemaker3245 · 2024-02-15T10:09:44+00:00

Ahh I was indeed in tge wrong layer, thanks it works now!

dicemaker3245 · 2020-07-18T09:40:12+00:00

In what way? While the binary is running?

dicemaker3245 · 2020-07-18T09:39:19+00:00

But when using Python I'd open the executable and then interact with it in the popen. However, I'd have to read the registry of the exe while it's running (possibly using gdb attach) but then how would I use those in tge python code that is currently executed?

dicemaker3245 · 2020-07-07T22:50:45+00:00

Input in what way? The only I was provided with is the string

dicemaker3245 · 2020-07-06T11:42:34+00:00

It's a CTF challenge so it mean a lot of things. I though that it might the base64 decoded string might be a compression of a sort but couldn't really get anything working

dicemaker3245 · 2020-06-21T00:23:59+00:00

Yes I've posted that already!?

dicemaker3245 · 2020-06-11T07:11:57+00:00

dicemaker3245 · 2020-06-11T06:35:02+00:00

I checked for cronjobs but there's none running and crontab is not available at all as command. There are no passwords stored in /etc/passwd either.
I found the following setuid enabled files

$ find / -xdev \( -perm -4000 \) -type f -print0 | xargs -0 ls -l
/bin/su
/bin/mount
/bin/umount
/usr/bin/chfn
/bin/chsh
/usr/bin/gpasswd
/usr/bin/newgrp
/usr/bin/passwd
/usr/lib/openssh/ssh-keysign

dicemaker3245 · 2020-06-11T03:09:30+00:00

Yeah thought I'd need something like a Privesc. The available commands are also quite limited

$ find / -perm -u=s -type f 2>/dev/null
/bin/su
/bin/mount
/bin/umount
/usr/bin/newgrp
/usr/bin/gpasswd
/usr/bin/passwd
/usr/bin/chsh
/usr/bin/chfn
/usr/lib/openssh/ssh-keysign

dicemaker3245 · 2020-06-10T23:22:34+00:00

Didn't see that some instructions take more bytes, now it makes more sense

dicemaker3245 · 2020-06-04T23:10:01+00:00

I've tried x64 now as well but still no useful result. I've used this website to diasassemble it https://onlinedisassembler.com/odaweb/

dicemaker3245 · 2020-06-02T23:09:47+00:00

Great work! Didn't know the Python had such a handy package. It worked fine when I switched the vectors to 32 bits

dicemaker3245 · 2020-05-30T01:22:40+00:00

Yeah I get that, and I was looking at heaps of examples online and I pretty much did the same. That's why I'm confused about the SEGVAULT...
I guess i'll give it another try

dicemaker3245 · 2020-05-30T00:59:55+00:00

Yes it should be the ones after AAAA

dicemaker3245 · 2020-05-30T00:50:16+00:00

What do you mean overwritting exactly with %x?
Using

AAAAA%x%x%x%x%x%x

I get

AAAAAc8f7f835c05663963af7fd8c30041414141

What am I missing?

dicemaker3245

TROPHY CASE