Nahamcon 2024

Helpful Desk

Solved by : thewhiteh4t

  • In this challenge security bulletin shows 3 versions of the application
  • v1.2 shows critical status
  • After downloading both updates we can use diff to check which files were updated
diff -bur v1_1 v1_2

  • Using Avalonia ILSpy we can decompile the DLL file and inspect different functions
  • SetupController contains some interesting code and it shows a URL path

  • On visiting this page we can actually set admin credentials!

  • After setting credentials we can login and inspect services to get the flag

Published on : 28 May 2024