Author's posts

Codegate CTF 2011 Issue 500 (bootsector)

Find a key. [link to submit form] binary $ file challenge.bin challenge.bin: x86 boot sector, code offset 0xc0 Summary: bootsector with password check, bruteforcing 2 bytes hash.

Continue reading

Codegate CTF 2011 Crypto 400

The attacker got a secret! File Summary: Padding oracle attack analysis

Continue reading

Codegate CTF 2011 Mini writeups

Some mini writeups on Codegate 2011 Prequals: Issue100,200, Net100,200, Crypto100,200.

Continue reading

Codegate CTF 2011 Crypto300 Writeup

Description: we are investigating an illegal online gambling site. To find any evidence to support for illegal gambling, we must access the oracle database with administrator privileges. The suspect says that he does not know the administrator password, but we know for sure that he is lying. The password is estimated to be longer than …

Continue reading

Padocon CTF 2011 Binary500 Writeup (300)

The challenge consists of a windows binary and connection details: HOST : 168.188.130.216 PORT : 888 Binary (Daemon.exe) Summary: reversing the algorithm with some encryption and coding a client

Continue reading

Padocon CTF 2011 Binary100 Writeup (200)

This task we were given a binary and a host/port where it is running: HOST : 168.188.130.217 PORT : 8080 Binary Note: At the beginning of the contest, there was no binary. But nobody solved it and the binary was added, I guess it’s because of strange format of the input. Summary: reversing (or guessing) …

Continue reading

Hack.lu 2010 CTF #22 (Pirates Wisdom) writeup

Pirates Wisdom Captian Iglo heard there is a secret wisdom in the well known pirate wisdom system. Log in to ssh pirates.fluxfingers.net:9022 user: ctf password: ctf and get the content of key.txt. You get rewarded with 300 coins. binary Summary: simple heap’s chunk reusage error with a bit obfuscated logic

Continue reading

Hack.lu 2010 CTF Challenge #8 Writeup

Sad Little Pirate (150) Our sad little pirate haes lost his password. It is known that the pirate has just one hand left; his left hand. So the paessword input is quite limited. Also he can still remember that the plaintext started with “674e2” and his password with “wcwteseawx” Please help the sad pirate finding …

Continue reading

Hack.lu 2010 CTF Challenge #7 Writeup

Breiers Deathmatch (150) Schnuce Breier has challenged you to a cryptographer’s deathmatch. Connect to pirates.fluxfingers.net 8007/tcp and get the secret number. $ nc pirates.fluxfingers.net 8007 Hi. This is your friendly ‘Decryption Oracle’ We have implemented a well-known public-key cryptosystem. Guess which ;) Modulo: 5628290459057877291809182450381238927697314822133923421169378 062922140081498734424133112032854812341 Generator: 99 Public Key: 135744434201778324839308712462911647727754874814096844915 5264250239122362719894347099351280643528244 Ciphertext: (44750535504622985677351849167148532593337860047243938284 03819968944371696234280482660523326406427034, 40867215175893797288404 …

Continue reading

Hack.lu 2010 CTF Challenge #5 Writeup

Captain Redbeard’s Battleships (500) While pirating-out a bit, you run into Captain Redbeard and his armada of ghost ships. source1, source2 pirates.fluxfingers.net 2204 /tcp. It is a Battleships game. We have to win Cpt. Redbeard 3 times in a row, to get the flag. First time he shots every 3 ships from 5, than 4 …

Continue reading

Hack.lu 2010 CTF Challenge #19 Writeup

Magicwall (400) Captain Hook found the following link after looting his last frigate. He heard that the file flag on this system is worth 400 coins. Give him this file and he will reward you! ssh: pirates.fluxfingers.net:7022 user: ctf password: ctf In the box, there was a suid executable, which we were to compromise to …

Continue reading

Hack.lu 2010 CTF Challenge #18 Writeup

Digital Treasure Chest (300) You were asked to pentest the 1.1 beta-version of the digital treasure chest. Finding an authentication bypass appears to be trivial to you. pirates.fluxfingers.net 6969/tcp $ nc pirates.fluxfingers.net 6969 010 WELCOME. Please Enter your secret digits 0 555 Wrong credentials If we try some more numbers, we will get: $ nc …

Continue reading

Leet More 2010 ELF Quest writeup

Find the hidden message. file Try the file tool and u’ll be told it is an ELF file. But any other tools say the header is corrupted and if you compare it with true ELF header, you will know it’s a trash. A good thing for further analysis is to count chars. 73 30 6d …

Continue reading

Leet More 2010 Time Traveller writeup

A scientist who worked on the issue of space-time continuum, suddenly disappeared. He left only a mysterious drawing in a notebook. There is a suspicion that he traveled back in time. In what year did he travel? And what is his name? There are only 2 breaks in this maze. Let’s try to find the …

Continue reading

Leet More 2010 Strange Cipher writeup

Decrypt this “UPDYUFFRPY\TDDSUITF\R\FARTTITYGPPF\/YSGDFYAAO:DF/TA\IAGR:A//DR/T”. ctf.ifmo.ru:5555 If we connect to the service and try to encrypt \x00, \x01, \x02, \x03, \x04, we can notice that only first two bytes and the last one change: [ GDOPU/SIIR\TDPAFYGDA/:S/EIT\\FS/OA:PRYS/DOIOTIS/GUPPYPS/GIGPUSS\ ] [ GFOPU/SIIR\TDPAFYGDA/:S/EIT\\FS/OA:PRYS/DOIOTIS/GUPPYPS/GIGPUSSE ] [ GGOPU/SIIR\TDPAFYGDA/:S/EIT\\FS/OA:PRYS/DOIOTIS/GUPPYPS/GIGPUSSR ] [ ::OPU/SIIR\TDPAFYGDA/:S/EIT\\FS/OA:PRYS/DOIOTIS/GUPPYPS/GIGPUSST ] There are 16 different chars, so a good idea is to …

Continue reading