Author's posts

Hack.lu 2012 CTF Challenge #7 (200)

7 – python jail You are surrounded by zombies. You heard there’s a safe house nearby, but climbing fences is hard with a beer belly. Thank god, there’s another surviver over there. “Hey! Help me!”, you shout. He just laughs and shakes you off the fence. Asshole. Later, you see his dead body lying in …

Continue reading

Hack.lu 2012 CTF Challenge #4 (250)

4 – Reduced Security Agency Some of our guys broke into the Reduced Security Agency and stole the source of their highly secure login system. Unfortunately no one of them made it uninfected back and so we only have a part of the source. Now it’s your turn to break their system and login to …

Continue reading

SIMD [250] (Pirating)

After examining some code retrieved by our operative we are unsure whether it was written by an evil genius or a google employee. We will let you decide. Summary: linux x64 binary, obfuscated xor

Continue reading

PlaidCTF 2012 – RSA [200] (Password Guessing)

We recently intercepted a plethora of robot transmissions but they are all encrypted with some strange scheme we just can’t quite figure out. Can you crack it? Summary: small public exponent: 3

Continue reading

PlaidCTF 2012 – Encryption Service [300] (Password Guessing)

We found the source code for this robot encryption service, except the key was redacted from it. The service is currently running at 23.21.15.166:4433 Summary: IV predict, byte-by-byte bruteforce

Continue reading

PlaidCTF 2012 – Nuclear Launch Detected [150] (Password Guessing)

Our spies intercepted communications and a file between 5 of the top 10 robo-generals and their nuclear bomb server. We must recover the final launch code from the 5 robo-general’s secret codes, so we can stop the detonation! Summary: Shamir’s Secret Sharing

Continue reading

NuitDuHack 2012 Prequals – Web3.ndh

Our spy thinks that Sciteek staff is aware about the mole inside their building. He is trying to read a private file named “sciteek-private.txt” located at sciteek.nuitduhack.com:4005. Please find the .ndh attached, if you are sucessfull, reply with a message entitled “complex remote service”. Of course, your efforts will be rewarded with $2500. Maybe you …

Continue reading

NuitDuHack 2012 Prequals – executable1.ndh

Meanwhile, we got fresh news from our mystery guy. He came along with an intersting binary file. It just looks like an executable, but it is not ELF nor anything our experts would happen to know or recognize. Some of them we quite impressed by your skills and do think you may be able to …

Continue reading

NuitDuHack 2012 Prequals – sciteekadm.cap

Hopefully, we succeeded to spy some wireless communications around Sciteek building, our technical staff has attached the capture file, will you be able to exploit it? We hope that some valuable files were exchanged during the capture. Please entitle your reply “captured file”, as usual. By the way, your account has been credited with $1000. …

Continue reading

NuitDuHack 2012 Prequals – executable2.ndh

Our anonymous guy managed to get access to another bunch of files. We also need to get as much information as possible about the file itself. If you succeed, you will be rewarded with $2500 for the ndh file. executable2.ndh NDH Virtual Machine Summary: VM in the NDH VM, crackme

Continue reading

CodeGate 2012 Quals – Vuln 400

Here’s a web-based crypto challenge. Summary: padding oracle attack, bit flipping

Continue reading

CodeGate 2012 Quals – Vuln 300

Here we are given ssh credentials where we need to exploit the binary. Summary: compose file to make program jump to stack.

Continue reading

CodeGate 2012 Quals – Vuln 200

This web challenge is again about uploading. Our aim was to get shell. Summary: upload php shell, read the key.

Continue reading

CodeGate 2012 Quals – Vuln 100

This challenge is a web service where one can upload mp3 files and listen to them. Our aim is to get admin’s song. Summary: sql injection

Continue reading

IFSF CTF 2012 #9 – X97

SSH : 208.64.122.235 guest:guest binary Category: exploitation Summary: format string bug, ASLR and NX

Continue reading