Jun
19

Google CTF 2017 Quals – BLT (Bleichenbacher’s Lattice Task – Insanity Check)

A slow descent into the dark, into madness, futility, and despair. BLT.jar (not necessary) STDOUT Flag.java Summary: DSA with short secrets, lattice + meet-in-the-middle attack.

Jun
19

Google CTF 2017 Quals – Crypto writeups

Scripts with short explanations for all crypto tasks (except RSA) from Google CTF Quals 2017: Crypto Backdoor Introspective CRC Shake It RSA CTF Challenge (no writeup, but I think it’s similar to this old one) Rubik Bleichenbacher’s Lattice Task (full writeup here)

Mar
14

0CTF 2016 Quals – Equation (Crypto 2 pts)

Here is a RSA private key with its upper part masked. Can your recover the private key and decrypt the file? equation.zip Summary: recovering RSA key from part of the private key.

Mar
13

0CTF 2016 Quals – RSA? (Crypto 2 pts)

It seems easy, right? rsa.zip Tip: openssl rsautl -encrypt -in FLAG -inkey public.pem -pubin -out flag.enc Summary: factoring 300-bit modulus into 3 primes, extracting cube roots.

Feb
26

CodeGate 2012 Quals Forensic 500 Write-up

This file is Forensic file format which is generally used. Check the information of imaged DISK, find the GUIDs of every partition. Answer: strupr((part1_GUID) XOR (part2_GUID) XOR …) Download : B704361ACF90390C17F6103DF4811E2D Forensic 500 features EWF format container with EFI GPT partition table.

Feb
26

CodeGate 2012 Quals Vuln500 Write-up

1.234.41.7:22 ID : yesMan PWD : ohyeah123 Download vulnerable binary. Vuln500 was a hardened format-string vuln with ASLR, NX-stack, no-DTORs, RO .dynamic

Feb
26

CodeGate 2012 Quals – Vuln 400

Here’s a web-based crypto challenge. Summary: padding oracle attack, bit flipping

Feb
26

CodeGate 2012 Quals Net400 Write-up

Because of vulnerability of site in Company A, database which contains user’s information was leaked. The file is dumped packet at the moment of attacking. Find the administrator’s account information which was leaked from the site. For reference, some parts of the packet was blind to XXXX. Answer : strupr(md5(database_name|table_name|decode(password_of_admin))) (‘|’is just a character) Download… Continue reading »

Feb
26

CodeGate 2012 Quals – Vuln 300

Here we are given ssh credentials where we need to exploit the binary. Summary: compose file to make program jump to stack.

Feb
26

CodeGate 2012 Quals – Vuln 200

This web challenge is again about uploading. Our aim was to get shell. Summary: upload php shell, read the key.

Feb
26

CodeGate 2012 Quals – Vuln 100

This challenge is a web service where one can upload mp3 files and listen to them. Our aim is to get admin’s song. Summary: sql injection

Feb
26

CodeGate 2012 Quals – Binary 200

Find a printable string that the program would print ultimately. Down (pw: infected) Summary: unpack, XTEA decrypt

Feb
13

IFSF CTF #8 (X98) Write-up

we know it’s about some secret agents , but we need more than that 208.64.122.234 PORT 3000 X98 is a remote CTB task with a shell injection vuln.

Jun
09

Defcon CTF Quals 2011 – Retro 400

This challenge was on remote exploiting. The binary is for FreeBSD. The program is some kind of a Virtual Machine, with it’s own stack and memory. binary Summary: memory address check mistake, write shellcode and overwrite _exit function pointer

Jun
08

Defcon CTF Quals 2011 – Binary 500

This challenge was on reverse engineering. The binary is 32bit MZ-PE executable for Windows. binary Summary: reverse engineering, anti-anti-debugging challenge

Older posts «