Apr
19

PlaidCTF 2014 parlor writeup

The Plague is running a betting service to build up funds for his massive empire. Can you figure out a way to beat the house? The service is running at 54.197.195.247:4321.

Read the rest of this entry »

Apr
18

PlaidCTF 2014 __nightmares__ writeup

The Plague is building an army of evil hackers, and they are starting off by teaching them python with this simple service. Maybe if you could get full access to this system, at 54.196.37.47:9990, you would be able to find out more about The Plague’s evil plans.

Code:

Spoiler Inside SelectShow

(can be run locally with $ socat TCP4-listen:9990,reuseaddr,fork EXEC:./nightmares.py)

Read the rest of this entry »

Apr
17

PlaidCTF 2014 RSA writeup

Our archaeologists recovered a dusty and corrupted old hard drive used by The Plague in his trips into the past. It contains a private key, but this has long since been lost to bitrot. Can you recover the full key from the little information we have recovered?

Read the rest of this entry »

Mar
02

Boston Key Party CTF – Differential Power (Crypto 400)

we hooked up a power meter to this encryption box. we don’t know the key. that’s what we want to know. you can encrypt any string of 8 characters on the service http://54.218.22.41:6969/string_to_encrypt

encrypt.asm
chall source (released after ctf)

Read the rest of this entry »

Feb
24

Codegate 2014 Quals – Angry Doraemon (pwn 250)

□ description
==========================================
OS : Ubuntu 13.10 x86
IP : 58.229.183.18 / TCP 8888

http://58.229.183.26/files/angry_doraemon_c927b1681064f78612ce78f6b93c14d9
==========================================

□ number of solvers : 57
□ breakthrough by
1 : More Smoked Leet Chicken (02/23 06:16)
2 : ppp (02/23 06:22)
3 : stratumauhuur (02/23 06:28)

Binary

Read the rest of this entry »

Feb
24

Codegate 2014 Quals – Minibomb (pwn 400)

□ description
==========================================
ssh guest@58.229.183.14 / ExtremelyDangerousGuest
ssh guest@58.229.183.15 / ExtremelyDangerousGuest

==========================================

□ number of solvers : 15
□ breakthrough by
1 : More Smoked Leet Chicken (02/23 02:38)
2 : Hexcellents (02/23 02:42)
3 : ppp (02/23 03:16)

Binary

Read the rest of this entry »

Feb
09

Olympic CTF 2014 GuessGame (300)

Be careful, it’s cheating!
nc 109.233.61.11 3126

Summary: discrete logarithm with group oracle

Read the rest of this entry »

Feb
02

Olympic CTF Sochi 2014 Registration is Open

Olympic CTF Sochi 2014

Let there be Olympics

MSLC proudly presents…
Alright, do we even need words here?

Game starts: February 7th, 2014 16:14 UTC

(yeah yeah, those Sochi number freaks… it’s 20:14 in MSK timezone)

Game ends: February 9th, 2014 16:14 UTC

Sign up: https://olympic-ctf.ru/

Prize set: 1500 USD, 1000 USD, 500 USD.
Expect decent tasks. Twenty of them.

Jan
07

Sudden CTF syndrome

hack you 2014

Happy new 2014 and merry Orthodox Christmas if you’re religious ;-D

Maybe you already know hack you and hack you too, so I won’t even say that hack you is an individual CTF that we originally held for our university freshmen and opened it for everyone interested in the world.

Couple days after this New Year hangover, we asked ourselves: “Hey guys, didn’t we want to throw a CTF?” — “We sure did!”
And everyone gets a new hack you.

Game starts: January 10th, 2014 14:00 UTC
Game ends: January 15th, 2014 14:00 UTC

Sign up: http://hackyou.ctf.su/

Unlike first hack you, this one isn’t baby-tasks-only. Quite a few things to mess with.

So in just a few words:
hack you 2014. Twenty good old Jeopardy. Have fun ;)

Jan
05

GITS 2014 Teaser – PPC

Find the key. (File)
PPC running at ppc.2014.ghostintheshellcode.com:10000.

Summary: format string vuln, communication via qrcodes

Read the rest of this entry »

Dec
18

RuCTFe rocks, iCTF is fine, rwthCTF are assholes

The traditional Winter Attack-Defense Spree is over, and what can I say…

pic

Read the rest of this entry »

Oct
25

Hack.lu 2013 CTF – Crypto 350 (BREW’r’Y)

BREW’r’Y (Category: Crypto) Author(s): dwuid
Finally, the robots managed to sneak into one of our breweries. I guess I won’t have to explain how bad that really is. That darn non-physical ones even shutdown our login system. Shiny thing, advanced technology, all based on fingerprints. Been secure as hell. If only it was running. Well, basically, we’re screwed.
But wait, there’s hope. Seems like they didn’t shutdown our old login system. Backward compatibility’s a bitch, eh? Unfortunately, we got like _zero_ knowledge about the protocol. I mean come on, the last time we used that thingy was like decades ago. If we are lucky, the old authentication method is buggy.
So, I heard you’re kinda smart? Have a look at it. We desperately need to get drunk^W supply. You’ll find the old system at ctf.fluxfingers.net:1335. Good luck.

Hint: Data is – and is expected to be – compressed using zlib.
Hint: The challenge text gives hints about the protocol involved.

Summary: Hamilton path bugged check

Read the rest of this entry »

Jun
17

Defcon CTF Quals 2013 – \xff\xe4\xcc 4 (penser)

good luck. penser.shallweplayaga.me:8273 http://assets-2013.legitbs.net/liabilities/penser

Download penser binary »

penser

Summary: x86_64 Unicode-proof shellcoding.

Read the rest of this entry »

Jun
17

Defcon CTF Quals 2013 – \xff\xe4\xcc 3 (linked)

typedef struct _llist {
struct _llist *next;
uint32_t tag;
char data[100];
llist;

and:

register char *answer;
char *(*func)();
llist *head;

func = (char *(*)(llist *))userBuf;
answer = (char *)(*func)(head);
send_string(answer);
exit(0);

Write me shellcode that traverses the randomly generated linked list, looking for a node with a tag 0x41414100, and returns a pointer to the data associated with that tag, such that the call to send_string will output the answer.

Running at linked.shallweplayaga.me:22222 OR linked2.shallweplayaga.me:22222

Summary: x86 shellcode golfing.

Read the rest of this entry »

Jun
17

Defcon CTF Quals 2013 – All Web Challenges (3dub)

Summary:

3dub (1) – babysfirst: SQLite SQL injection
3dub (2) – badmedicine: Stream cipher bit flipping
3dub (3) – hypeman: Rack/Sinatra session secret disclosure
3dub (4) – rememberme: Bruteforce
3dub (5) – worsemedicine: Block cipher bit flipping

Read the rest of this entry »

Older posts «

» Newer posts