The Plague is running a betting service to build up funds for his massive empire. Can you figure out a way to beat the house? The service is running at 54.197.195.247:4321.
Apr 19
PlaidCTF 2014 parlor writeup
Apr 18
PlaidCTF 2014 __nightmares__ writeup
The Plague is building an army of evil hackers, and they are starting off by teaching them python with this simple service. Maybe if you could get full access to this system, at 54.196.37.47:9990, you would be able to find out more about The Plague’s evil plans.
Code:
(can be run locally with $ socat TCP4-listen:9990,reuseaddr,fork EXEC:./nightmares.py)
Apr 17
PlaidCTF 2014 RSA writeup
Our archaeologists recovered a dusty and corrupted old hard drive used by The Plague in his trips into the past. It contains a private key, but this has long since been lost to bitrot. Can you recover the full key from the little information we have recovered?
Mar 02
Boston Key Party CTF – Differential Power (Crypto 400)
we hooked up a power meter to this encryption box. we don’t know the key. that’s what we want to know. you can encrypt any string of 8 characters on the service http://54.218.22.41:6969/string_to_encrypt
Feb 24
Codegate 2014 Quals – Angry Doraemon (pwn 250)
□ description
==========================================
OS : Ubuntu 13.10 x86
IP : 58.229.183.18 / TCP 8888http://58.229.183.26/files/angry_doraemon_c927b1681064f78612ce78f6b93c14d9
==========================================□ number of solvers : 57
□ breakthrough by
1 : More Smoked Leet Chicken (02/23 06:16)
2 : ppp (02/23 06:22)
3 : stratumauhuur (02/23 06:28)
Feb 24
Codegate 2014 Quals – Minibomb (pwn 400)
□ description
==========================================
ssh guest@58.229.183.14 / ExtremelyDangerousGuest
ssh guest@58.229.183.15 / ExtremelyDangerousGuest==========================================
□ number of solvers : 15
□ breakthrough by
1 : More Smoked Leet Chicken (02/23 02:38)
2 : Hexcellents (02/23 02:42)
3 : ppp (02/23 03:16)
Feb 09
Olympic CTF 2014 GuessGame (300)
Be careful, it’s cheating!
nc 109.233.61.11 3126
Summary: discrete logarithm with group oracle
Feb 02
Olympic CTF Sochi 2014 Registration is Open
 |
Let there be OlympicsMSLC proudly presents… Game starts: February 7th, 2014 16:14 UTC (yeah yeah, those Sochi number freaks… it’s 20:14 in MSK timezone)
Game ends: February 9th, 2014 16:14 UTC Sign up: https://olympic-ctf.ru/ Prize set: |
1500 USD, 
1000 USD, 
500 USD.Jan 07
Sudden CTF syndrome
Happy new 2014 and merry Orthodox Christmas if you’re religious ;-D
Maybe you already know hack you and hack you too, so I won’t even say that hack you is an individual CTF that we originally held for our university freshmen and opened it for everyone interested in the world.
Couple days after this New Year hangover, we asked ourselves: “Hey guys, didn’t we want to throw a CTF?” — “We sure did!”
And everyone gets a new hack you.
Game starts: January 10th, 2014 14:00 UTC
Game ends: January 15th, 2014 14:00 UTC
Sign up: http://hackyou.ctf.su/
Unlike first hack you, this one isn’t baby-tasks-only. Quite a few things to mess with.
So in just a few words:
hack you 2014. Twenty good old Jeopardy. Have fun ;)
Oct 25
Hack.lu 2013 CTF – Crypto 350 (BREW’r’Y)
BREW’r’Y (Category: Crypto) Author(s): dwuid
Finally, the robots managed to sneak into one of our breweries. I guess I won’t have to explain how bad that really is. That darn non-physical ones even shutdown our login system. Shiny thing, advanced technology, all based on fingerprints. Been secure as hell. If only it was running. Well, basically, we’re screwed.
But wait, there’s hope. Seems like they didn’t shutdown our old login system. Backward compatibility’s a bitch, eh? Unfortunately, we got like _zero_ knowledge about the protocol. I mean come on, the last time we used that thingy was like decades ago. If we are lucky, the old authentication method is buggy.
So, I heard you’re kinda smart? Have a look at it. We desperately need to get drunk^W supply. You’ll find the old system at ctf.fluxfingers.net:1335. Good luck.Hint: Data is – and is expected to be – compressed using zlib.
Hint: The challenge text gives hints about the protocol involved.
Summary: Hamilton path bugged check
Jun 17
Defcon CTF Quals 2013 – \xff\xe4\xcc 4 (penser)
good luck. penser.shallweplayaga.me:8273 http://assets-2013.legitbs.net/liabilities/penser
Summary: x86_64 Unicode-proof shellcoding.
Jun 17
Defcon CTF Quals 2013 – \xff\xe4\xcc 3 (linked)
typedef struct _llist {
struct _llist *next;
uint32_t tag;
char data[100];
llist;and:
register char *answer;
char *(*func)();
llist *head;
…
func = (char *(*)(llist *))userBuf;
answer = (char *)(*func)(head);
send_string(answer);
exit(0);Write me shellcode that traverses the randomly generated linked list, looking for a node with a tag 0x41414100, and returns a pointer to the data associated with that tag, such that the call to send_string will output the answer.
Running at linked.shallweplayaga.me:22222 OR linked2.shallweplayaga.me:22222
Summary: x86 shellcode golfing.
Jun 17
Defcon CTF Quals 2013 – All Web Challenges (3dub)
Summary:
3dub (1) – babysfirst: SQLite SQL injection
3dub (2) – badmedicine: Stream cipher bit flipping
3dub (3) – hypeman: Rack/Sinatra session secret disclosure
3dub (4) – rememberme: Bruteforce
3dub (5) – worsemedicine: Block cipher bit flipping