https://rizemon.github.io/rizemon's blogJust bloggin cyber security related content. 2023-10-15T11:46:02+08:00 rizemon https://rizemon.github.io/ Jekyll © 2023 rizemon /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png TISC 2023 - (Level 7b) DevSecMeow2023-10-05T20:00:00+08:00 2023-10-15T11:45:35+08:00 https://rizemon.github.io/posts/tisc-level7b/ rizemon Description Palindrome has accidentally exposed one of their onboarding guide! Sneak in as a new developer and exfiltrate any meaningful intelligence on their production system. https://d3mg5a7c6anwbv.cloudfront.net/ Note: Concatenate flag1 and flag2 to form the flag for submission. Solution The onboarding guide website is shown below: It looked like the first step was to submit... TISC 2023 - (Level 6b) The Chosen Ones2023-10-05T20:00:00+08:00 2023-10-15T11:45:35+08:00 https://rizemon.github.io/posts/tisc-level6b/ rizemon Description We have discovered PALINDROME’s recruitment site. Infiltrate it and see what you can find! http://chals.tisc23.ctf.sg:51943 Solution The website is shown as below: After a number is submitted, it then mentions the correct lucky number. My first guess was that the lucky numbers may repeat themselves at some point in time, so I decided to use the Turbo Intruder extensi... TISC 2023 - (Level 5) PALINDROME's Invitation2023-10-05T20:00:00+08:00 2023-10-15T11:45:35+08:00 https://rizemon.github.io/posts/tisc-level5/ rizemon Description Valuable intel suggests that PALINDROME has established a secret online chat room for their members to discuss on plans to invade Singapore’s cyber space. One of their junior developers accidentally left a repository public, but he was quick enough to remove all the commit history, only leaving some non-classified files behind. One might be able to just dig out some secrets of P... TISC 2023 - (Level 4) Really Unfair Battleships Game2023-10-05T20:00:00+08:00 2023-10-15T11:45:35+08:00 https://rizemon.github.io/posts/tisc-level4/ rizemon Description After last year’s hit online RPG game “Slay The Dragon”, the cybercriminal organization PALINDROME has once again released another seemingly impossible game called “Really Unfair Battleships Game” (RUBG). This version of Battleships is played on a 16x16 grid, and you only have one life. Once again, we suspect that the game is being used as a recruitment campaign. So once again, ... TISC 2023 - (Level 3) KPA2023-10-05T20:00:00+08:00 2023-10-15T11:45:35+08:00 https://rizemon.github.io/posts/tisc-level3/ rizemon Description We’ve managed to grab an app from a suspicious device just before it got reset! The copying couldn’t finish so some of the last few bytes got corrupted… But not all is lost! We heard that the file shouldn’t have any comments in it! Help us uncover the secrets within this app! Attached files kpa.apk Solution Using the file command, kpa.apk was identified to be an Android m...