This challenge was on reverse engineering. The binary is 32bit MZ-PE executable for Windows.
Summary: reverse engineering, crypto
Jul 23
NdH2k11 WaRgam3 – CrackMe 100 (500pts)
This challenge was on reverse engineering. The binary is 32bit MZ-PE executable for Windows.
Summary: reverse engineering, crypto Continue reading
Jun 09
Defcon CTF Quals 2011 – Retro 400
This challenge was on remote exploiting. The binary is for FreeBSD.
The program is some kind of a Virtual Machine, with it’s own stack and memory.
binary
Summary: memory address check mistake, write shellcode and overwrite _exit function pointer
Jun 08
Defcon CTF Quals 2011 – Binary 500
This challenge was on reverse engineering. The binary is 32bit MZ-PE executable for Windows.
Summary: reverse engineering, anti-anti-debugging challenge
Jun 07
Defcon CTF Quals 2011 – Pwnables 100
This challenge was on remote exploiting. The binary is for FreeBSD.
Summary: buffer overflow, jump to shellcode (bruteforce address)
Jun 06
Defcon CTF Quals 2011 – Pwnables 200
This challenge was on remote exploiting. The binary is for SunOS (Solaris).
Summary: shellcoding challenge
Jun 06
Defcon CTF Quals 2011 – Pwnables 400
This challenge was on remote exploiting. The binary is for Linux, statically linked and stripped.
Summary: overflow, ROP for execve(“/bin/sh”)
Apr 27
PlaidCTF 2011 #23 – Exploit Me :p (200)
Category: pwnables
It seems like AED also has some plans to raise hacker force!
We found this binary as an exploitation practice program in the office, but they forgot to remove the setgid flag on the program.
So we can get the secret key!
ssh username@a5.amalgamated.bizUsername: exp_1
Password: jNKpzFuRLpsIW9xzqNIpCVF1
Summary: .dynamic->FINI overwriting, execl symlink
Apr 27
PlaidCTF 2011 #19 – Another small bug (250)
Category: pwnables
This time, let’s attack /opt/pctf/z2/exploitme.
ssh username@a5.amalgamated.bizUsername: z2_1
Password: 29rpJinvpwoI7pzdufQc4h6edzvyh
Summary: buffer overflow, static binary
Apr 27
PlaidCTF 2011 #18 – A small bug (250)
Category: pwnables
Get access to the key using /opt/pctf/z1/exploitme.
ssh username@a5.amalgamated.bizUsername: z1_1
Password: GwB4eivw9NTvCjmobw1EnuyqcWfJs
Summary: race condition, create a symlink before the file is opened
Apr 26
PlaidCTF 2011 #24 – Calculator (200)
Category: pwnables
AED’s summer internship program is notorious for attracting terrible programmers.
They’ve resorted to giving them some of the simplest projects to work on.
We expect this service that the latest ‘All-Star’ intern worked on all summer is no where near secure.
nc a9.amalgamated.biz 60124
Summary: python eval with some filtering
Apr 26
PlaidCTF 2011 #20 – C++ upgrade (300)
Category: pwnables
They have an update for the vulnerable C++ program trying to fix the bug.
However, the coders at AED suck and introduced another stupid mistake.Get a shell (and the key, too.)
ssh username@a5.amalgamated.biz
Username: cpp2_1
Password: zKQaKrdFPSsT6j03XSt31NaT0H
Summary: tricky overflow class’ method and exec’ing symlinks
Apr 26
PlaidCTF 2011 #17 – C++5x (300)
Category: pwnables
AED decided to use C++ to develop their internal tools.
However, they seem to make a mistake one of their new C++ programs.Exploit and get the key!
ssh username@a5.amalgamated.biz
Username: cpp1_1
Password: IwKheuEHvR1jYXmjIYz8bo8FFe1h8
Summary: tricky overflow class’ method and exec’ing symlinks
Apr 26
PlaidCTF 2011 #25 – PC Rogue (600)
Category: pwnables
Amalgamated has banned the use of Solitaire due to loss of productivity.
The only employee who would write a new game for everyone only likes ‘retro’ games, and has placed a text-adventure version of pacman on a company server.
We don’t believe he could have coded this securely, and the server contains a vital key.
Connect to the game here and find the key.
nc a9.amalgamated.biz 60123
Summary: remote formatstring vulnerability, without binary