Hack.lu 2012 CTF Challenge #14-15 (150+250)

14 – Safehouse

It’s the middle of the night. Nothing but complete darkness and the moaing of approaching zombies surrounds you. You need to escape. Fast. There seems to be nothing to hide and nowhere to run. But then – a small dancing gleam appears while you are running through the blackness. Could it be? Yes – it looks like the light of a safehouse, now a few meters away. You need to get in, you need to survive. But it’s locked. Looks like you need a special knocking sequence to enter. But how to get it? You have to be fast to get into safety. The Zombies are getting closer …

SSH: ctf.fluxfingers.net
PORT: 2092
USER: ctf
PASS: js8pps991xsgyy7

15 – Secure Safehouse

It’s past midnight now. The zombies managed to invade your safehouse and you needed to escape. Again. Seems like the imprudent security measures had their price. But there is hope! Rumor has it there’s another safehouse which proves to be more secure, employing security measures no zombie would ever figure out. But can you?

SSH: ctf.fluxfingers.net
PORT: 2093
USER: ctf
PASS: xbshsya8ksUs7

Summary: x64 shellcoding

Continue reading

Hack.lu 2012 CTF Challenge #7 (200)

7 – python jail

You are surrounded by zombies. You heard there’s a safe house nearby, but climbing fences is hard with a beer belly. Thank god, there’s another surviver over there. “Hey! Help me!”, you shout. He just laughs and shakes you off the fence. Asshole.

Later, you see his dead body lying in front of a high security door secured by automated weapons. Heh… karma is a bitch. But that means you’ll have to find another way in. In this nerd area, all the doors are secured with stupid computer puzzles. So, what the heck. Better try this one:


ctf.fluxfingers.net tcp/2045

You’ll find the entrance in “./key”

This challenge is a tribute to PHDays Finals 2012 challenge ‘ndevice’.
Thanks again, I had fun solving it.

I’m fairly certain that this challenge avoids being exploitable by
the tricks we could use in PHDays (the module “os” was imported…).
So, no advantage for people who did not attend PHDays.

Summary: python eval tricks

Continue reading

Hack.lu 2012 CTF Challenge #4 (250)

4 – Reduced Security Agency

Some of our guys broke into the Reduced Security Agency and stole the source of their highly secure login system. Unfortunately no one of them made it uninfected back and so we only have a part of the source. Now it’s your turn to break their system and login to the agency.

HOST: ctf.fluxfingers.net
PORT: 2062
SOURCE: reduced_security_agency.tar.gz

Summary: weak RSA private key generation

Continue reading

Announcing hackyou CTF

hack you

It’s fall already and that means the new CTF season is starting, and so is the new academic year in our university.

This is the time when we want to attract more freshmen into our CTF tarpit ;-D
So we are running – a CTF.

But it’s not just for them. Wouldn’t it be fun to allow the whole world to beat the shit out of our first-year students, right? So we are opening hack you to everyone interested, just separating the scoreboards: one for the world and other just for confirmed ITMO students (bonus: if you manage to pwn your way into ITMO’s internal systems, you can compete in that special chart too).

Registration open: October 3rd, 2012 — October 18th, 2012
Game starts: October 8th, 2012 14:00 UTC
Game ends: October 18th, 2012 14:00 UTC

Sign up: http://hackyou.ctf.su/

Don’t expect it to be challenging, it will be more of a speed-hack contest.

So in just a few words: hack you CTF. School-level tasks. October 8th.

Russian Spy in Santa Barbara

Last few months I have spent in Boston and recently had an opportunity to come to awesome Santa Barbara. Santa Barbara is a motherland not only of the longest (or one of the longest) an American television soap opera, which was very well known in Russia in 90s, but also University of California Santa Barbara (UCSB).

Continue reading

SIMD [250] (Pirating)

After examining some code retrieved by our operative we are unsure whether it was written by an evil genius or a google employee. We will let you decide.

Summary: linux x64 binary, obfuscated xor

Continue reading

PlaidCTF 2012 – RSA [200] (Password Guessing)

We recently intercepted a plethora of robot transmissions but they are all encrypted with some strange scheme we just can’t quite figure out. Can you crack it?

Summary: small public exponent: 3

Continue reading

PlaidCTF 2012 – Encryption Service [300] (Password Guessing)

We found the source code for this robot encryption service, except the key was redacted from it. The service is currently running at

Summary: IV predict, byte-by-byte bruteforce

Continue reading

PlaidCTF 2012 – Nuclear Launch Detected [150] (Password Guessing)

Our spies intercepted communications and a file between 5 of the top 10 robo-generals and their nuclear bomb server. We must recover the final launch code from the 5 robo-general’s secret codes, so we can stop the detonation!

Summary: Shamir’s Secret Sharing

Continue reading

PlaidCTF 2012 – Format [99] (Pwnables)

Up on a hill, far away, sits the robot king of old. While he was once great, he recently has seemed to just offer simple challenges. Vanquish him and bring honor to your team!

Summary: rand guessing, format string exploitation 

Continue reading

PlaidCTF 2012 – Bouncer [250] (Practical Packets)

In a recent battle we took an enemy robot hostage and examined his operating system. During the examination we found a piece of robot malware that we don’t quite understand. Can you enumerate its targets?
This challenge was made by our friends at ManTech. If you enjoyed it, you might be interested in working for them.

Summary: unpack x64 ELF, bot request analysis.

Continue reading

Программа RuCTF


NuitDuHack 2012 Prequals – Web3.ndh

Our spy thinks that Sciteek staff is aware about the mole inside
their building. He is trying to read a private file named “sciteek-private.txt”
located at sciteek.nuitduhack.com:4005. Please find the .ndh attached, if
you are sucessfull, reply with a message entitled “complex remote service”.

Of course, your efforts will be rewarded with $2500. Maybe you will find
pieces of informations about the mole.


NDH Virtual Machine

Summary: rop exploit in a VM, avoiding hardcoded stack cookie

Continue reading

NuitDuHack 2012 Prequals – executable1.ndh

Meanwhile, we got
fresh news from our mystery guy. He came along with an intersting binary file.
It just looks like an executable, but it is not ELF nor anything our experts
would happen to know or recognize. Some of them we quite impressed by your skills
and do think you may be able to succeed here. I attached the file, if you discover
anything, please send me an email entitled “Strange binary file”.

This will be rewarded, as usual. By the way, your account has just been credited
with $100.

NDH Virtual Machine

Summary: simple crackme on NDH VM

Continue reading

NuitDuHack 2012 Prequals – sciteekadm.cap

Hopefully, we succeeded to spy some wireless communications around Sciteek
building, our technical staff has attached the capture file, will you be able
to exploit it? We hope that some valuable files were exchanged during the
Please entitle your reply “captured file”, as usual.

By the way, your account has been credited with $1000.

Summary: WPA traffic decrypting

Continue reading