Home

Dumpster Diving: Robot Vacuum

Another day, another holiday season dumpster dive. My dear neighbours dumped a working Bobsweep robot vacuum cleaner made in 2016 and it didn’t look too shabby. A quick test of the robot vacuum had a runtime of about 5 minutes hence why the owners most likely donated the device rather than dumping it. Rather than investing into a new battery ...

Read more

Dumpster Diving: SSD

As we all know, we should be recycling more often than not and recycling electronics is not an exception. On my usual morning walks with my dog, someone dumped a full tower sized gaming PC with some hardware damaged with reckless intent. Nothing seemed salvagable and the parts were somewhat dated in the 2016 technology era of things. However, th...

Read more

Retro Classic: OG Gameboy

As I’m digging up my old boxes of things I need to dump out sooner or later, I found this classic gem. The original Nintendo Gameboy from 1991. At this point of time, this must have been sitting in a dark box for at least 20+ years. Thankfully, I have respected the sedimental value of the device by removing the batteries before long term storage...

Read more

Code Review Adventures

Python 01 import hashlib from flask import Flask,redirect from secrets import token_hex secret = "[....]" app = Flask(__name__) def sign_for_payment(payment_information): # compute signature to ensure the payment details # cannot be tampered with data = secret+payment_information return hashlib.sha256(data.encode('utf-8')).hexdigest() ...

Read more

Wireshark

Wireshark I wouldn’t say this is much of a tutorial but rather a quick protocol reference to read results from Wireshark and methods on how to extract data from data streams. The pattern of how to analyze protocols is similar across multiple protocols so if you learn one technique, the variation from the next shouldn’t be difficult unless some c...

Read more

Cody's First Blog

Flag0 “Cody’s First Blog” Inspecting the source reveals a URL that leads to an admin page: <!--<a href="?page=admin.auth.inc">Admin login</a>--> Navigation to URL: http://34.74.105.127/1512748f68/?page=admin.auth.inc After poking around the page, I noticed there might be a potential f...

Read more

Photo Gallery

Flag0 “Magical Image Gallery” The images are fetched by using id parameters as such: http://34.74.105.127/9c4252a0af/fetch?id=1 When sending a GET request directly, the server doesn’t render the URL as an image but as raw format. From past CTF experiences, this is usually a case of extracting a system file to ...

Read more

Console

“Could you please check the console of your Chrome?” Upon investigating the URL, it showed a php info status page which hinted to load php-console in order to be prompted for a password. At first I didn’t know what this meant until I read the hints about downloading a chrome extension. Prior before knowing about the Chrome ...

Read more