October 17, 2017 Flare-on 2017 #10: shell.php shell.php looked like a webshell you’d find left behind by an attacker. See the bottom of this post for the full challenge code. ctf flareon4
October 17, 2017 Flare-on 2017 #9: remorse.ino.hex The filename ends with ‘ino.hex’, which hints towards an Arduino binary; which uses an AVR microcontroller. A strin gin the binary hints towards an Arduino UNO, which has an ATmega328P microcontroller, specifically. I know quite a bit of AVR assembly,... ctf flareon4
October 17, 2017 Flare-on 2017 #8: flair.apk This is an Android APK, so first up, we need to decode it. Since an APK is just a zip, we could just unzip it, but that leaves quite a few encoded files inside; so using Apktool is a better... ctf flareon4
October 17, 2017 Flare-on 2017 #7: zsud.exe This challenge is an awesome Single-user dungeon playing in the offices of Mandiant, part of the company organising Flare-on. When started, it shows some awesome ASCII art: ctf flareon4
October 17, 2017 Flare-on 2017 #6: payload.dll The file is a DLL and should be started as such. The file contains a small hint on how it should be used in a string: ctf flareon4