Nahamcon 2024

Helpful Desk

Solved by : thewhiteh4t

• In this challenge security bulletin shows 3 versions of the application
• v1.2 shows critical status
• After downloading both updates we can use diff to check which files were updated

diff -bur v1_1 v1_2

• Using Avalonia ILSpy we can decompile the DLL file and inspect different functions
• SetupController contains some interesting code and it shows a URL path

• On visiting this page we can actually set admin credentials!

• After setting credentials we can login and inspect services to get the flag