Using z3 to find a password and reverse obfuscated JavaScript - Fsec2017 CTF

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=TpdDq56KH1I


Duration: 10:33
82,212 views
2,663

Recently I attended fsec 2017 in croatia. And there was a cool CTF challenge I solved during the conference that I wanted to share.

script: https://gist.github.com/LiveOverflow/11bde6352f52be33864f1fd657e7cde1

-=[ πŸ”΄ Stuff I use ]=-

β†’ Microphone:* https://geni.us/ntg3b
β†’ Graphics tablet:* https://geni.us/wacom-intuos
β†’ Camera#1 for streaming:* https://geni.us/sony-camera
β†’ Lens for streaming:* https://geni.us/sony-lense
β†’ Connect Camera#1 to PC:* https://geni.us/cam-link
β†’ Keyboard:* https://geni.us/mech-keyboard
β†’ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ ❀️ Support ]=-

β†’ per Video: https://www.patreon.com/join/liveoverflow
β†’ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ πŸ• Social ]=-

β†’ Twitter: https://twitter.com/LiveOverflow/
β†’ Website: https://liveoverflow.com/
β†’ Subreddit: https://www.reddit.com/r/LiveOverflow/
β†’ Facebook: https://www.facebook.com/LiveOverflow/

-=[ πŸ“„ P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#CTF



Other Videos By LiveOverflow


2017-12-08Some thoughts on Mobile App Security - is it FUD?
2017-12-01format2 on a modern Ubuntu - bin 0x26
2017-11-27Looking for Feedback - Link to Survey in the Description
2017-11-24Stack grooming and 100% reliable exploit for format0 - bin 0x25
2017-11-17Playing around with a Format String vulnerability and ASLR. format0 - bin 0x24
2017-11-10RTMP Heap Overflow CVE-2016-10191 - Exploiting FFmpeg ft. Paul Cher
2017-11-04Analysis of CVE-2016-10190 - Exploiting FFmpeg ft. Paul Cher
2017-10-27First look at a simple PoC crash - Exploiting FFmpeg ft. Paul Cher
2017-10-20Play CTF! A Great Way to Learn Hacking - Fsec 2017
2017-10-17KRACK - Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
2017-10-13Using z3 to find a password and reverse obfuscated JavaScript - Fsec2017 CTF
2017-10-06Software Side-Channel attack on AES - White Box Unboxing 4/4 - RHme3 Qualifier
2017-09-29Some failed attack ideas - White Box Unboxing 3/4 - RHme3 Qualifier
2017-09-22TL;DR it's AES... - White Box Unboxing 2/4 - RHme3 Qualifier
2017-09-15Understanding the execution flow of the binary - White Box Unboxing 1/4 - RHme3 Qualifier
2017-09-10[Live] Reverse Engineering new PopUnder for Chrome 63 on Windows
2017-09-08†: Use-after-free with fast bins
2017-09-08Use-after-free and overwrite entry in GOT - Exploitation part 2/2 - RHme3 Qualifier
2017-09-01Exploring pwnable with ltrace and gdbinit script - Exploitation part 1/2 - RHme3 Qualifier
2017-08-29RHme3 qualification ended but you could still get a board!
2017-08-25Don't trust time


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
z3
sat solver
javascript obfuscation
deobfuscate javascript
fsec2017
fsec 2017
varazdin
zagreb
croatia
infosec
liveoverflow talk