Neuland Blog

Vulnerability writeups and other shitposts

THI-App Man in the Middle Vulnerability

Man in THI middle is a man in the middle (MITM) vulnerability in the official app of Technische Hochschule Ingolstadt. It was discovered by two students while reverse engineering the API used by the app. An attacker who is in the same network or physically close to the victim can potentially sniff and modify traffic between the app and the API backend. This allows access to sensitive user data such as grades, home address and even login credentials....

December 22, 2021

Cyber Santa CTF - Bamboozled Challenge Writeup

The challenge input consists of a single .pyc file, which is a bytecode for a program run with python 3.8. There are existing tools to decompile .pyc back to .py such as decompyle3 or uncompyle6, but unfortunately both of these tools and some others we tested fail to decompile the given pyc file. The two mentioned ones print the JIT opcodes in human readable format and print Parse error at or near 'None' instruction at offset -1...

December 5, 2021

PicoCTF Web Exploitation Challenges

dont-use-client-side The website prompts us with a “Secure Logon” that has to be verified with valid credentials in order to proceed. If we take a look at the source code, we can see how the verify function works. function verify() { checkpass = document.getElementById("pass").value; split = 4; if (checkpass.substring(0, split) == 'pico') { if (checkpass.substring(split*6, split*7) == '723c') { if (checkpass.substring(split, split*2) == 'CTF{') { if (checkpass.substring(split*4, split*5) == 'ts_p') { if (checkpass....

November 27, 2021

HackTheBox 'Delivery' Writeup

OS: Linux Difficulty: Easy Points: 10 The nmap scan shows an open SSH and HTTP port. On the corresponding website we can find a Helpdesk Application and a Mattermost. To actually access the server, the IP and servername has to be added to /etc/host on the local machine. Mattermost can be accessed over the URL http://:8065. Go to the support center and “Open a new Ticket”, upon submit you get an E-Mail Address associated with your ticket 7493836@delivery....

March 28, 2021

HackTheBox 'Ready' Writeup

OS: Linux Difficulty: Medium Points: 30 Release: 12 Dec 2020 Initial Access Nmap shows an open ssh and onscreen port. With the Onscreenport :5080 a website hosting Gitlab can be accessed. A short google search reveals a fitting CVE, Download the code, register a user, gather the necessary data and run the script to get a shell with the git user. To get a prettier shell, run...

March 23, 2021