I decided that this post should could be summed up pretty quickly with just a few pictures, so I’m doing this in more of a blurb format than a blog post :)

The challenge:

Selection_004

This was to allow some wiggle rooms for teams solving the same challenges.

So I was screwing around with Android app hacking and I figured the Snapchat App for Android would be a cool read. While I was originally more interested in reversing the app and making a script to automate Snapchat it turns out someone has already done it: https://github.com/dstelljes/php-snapchat

Dang it!

The process was no a complete waste however, as I stumbled upon something very weird…

Note: To get this source for yourself you’ll need to get the Snapchat APK. Then use dex2jar to create a .jar file, now you can use a Java Decompiler to view the source (in Java). This is possible because Java compiles into bytecode (an intermediary language) and not into machine code.

So I recently had a good idea (probably in the shower).

One of the biggest issues when trying to penetrate a network is getting past the perimeter. The outside is almost most protected and if you had an internal user hacked you’d be well on your way to full compromise.

The normal idea here is usually to utilize spear phishing or attempt to get a user to click a link to a browser autopwn page, etc. Sadly, most people aren’t too keen on clicking random links they get in emails.

I started to think what email links do I click on? More specifically what links do I click on from users I don’t already know?

The beginning of the Web 200 problem for the Sharif University CTF Quals started with a screen like this:

Selection_002

 

So it’s a hybrid login/sign-up form, probably due to the fact that coding two pages is a lot of work for a temporary CTF.

Once you’ve logged in you are presented with a website like so:

While everyone is preparing writeups for the cool challenges I think a lot of people would also be interested in the funny things that went on during CSAW.

Poor Kevin

One of the recon assignments was to find a hidden flag for “Kevin Chung”, the challenge simply starts like this:

Selection_001

What could possibly go wrong right?