You get arbitrary code execution…. as long as it’s code we approve of. Source available at blech.py Service running on 54.234.73.81 port 1234 blech.py Summary: RSA cube root attack
Tag: python
Nov 19
PoliCTF 2012 Crypto 200
Nov 13
Dobbertin Challenge 2012
The Dobbertin Challenge is issued every two years since 2006, in honor and memory of Prof. Hans Dobbertin. http://cryptochallenge.nds.rub.de:50080/ A simple JSON Web Service is provided, which processes PIN codes of users. A user can send his encrypted PIN to the Web Service, which decrypts and stores the PIN. The Web Service allows to use …
Oct 25
Hack.lu 2012 CTF Challenge #17 (400)
17 – Zombieshop A new company offers a lot of anti zombie equipment to protect yourself. Unfortunately not everyone can buy the good stuff. Only privileged users may do so. We managed to create an account, but it is not privileged. Your mission is to buy “Anti zombie Spray”. zomboy53:killthezombies https://ctf.fluxfingers.net:2077/ Summary: bruteforce DES
Oct 25
Hack.lu 2012 CTF Challenge #7 (200)
7 – python jail You are surrounded by zombies. You heard there’s a safe house nearby, but climbing fences is hard with a beer belly. Thank god, there’s another surviver over there. “Hey! Help me!”, you shout. He just laughs and shakes you off the fence. Asshole. Later, you see his dead body lying in …
May 01
PlaidCTF 2012 – RSA [200] (Password Guessing)
We recently intercepted a plethora of robot transmissions but they are all encrypted with some strange scheme we just can’t quite figure out. Can you crack it? Summary: small public exponent: 3
May 01
PlaidCTF 2012 – Encryption Service [300] (Password Guessing)
We found the source code for this robot encryption service, except the key was redacted from it. The service is currently running at 23.21.15.166:4433 Summary: IV predict, byte-by-byte bruteforce
May 01
PlaidCTF 2012 – Nuclear Launch Detected [150] (Password Guessing)
Our spies intercepted communications and a file between 5 of the top 10 robo-generals and their nuclear bomb server. We must recover the final launch code from the 5 robo-general’s secret codes, so we can stop the detonation! Summary: Shamir’s Secret Sharing
Mar 26
NuitDuHack 2012 Prequals – Web3.ndh
Our spy thinks that Sciteek staff is aware about the mole inside their building. He is trying to read a private file named “sciteek-private.txt” located at sciteek.nuitduhack.com:4005. Please find the .ndh attached, if you are sucessfull, reply with a message entitled “complex remote service”. Of course, your efforts will be rewarded with $2500. Maybe you …
Feb 26
CodeGate 2012 Quals – Vuln 100
This challenge is a web service where one can upload mp3 files and listen to them. Our aim is to get admin’s song. Summary: sql injection
Feb 13
IFSF CTF 2012 #9 – X97
SSH : 208.64.122.235 guest:guest binary Category: exploitation Summary: format string bug, ASLR and NX
Jan 30
Gits 2012 # – Crypto 400
files running at hellothere.final2012.ghostintheshellcode.com Summary: MITM attack
Jan 30
Gits 2012 #19 – Crypto 250
Question: SuperSecure 250 Points Use your team name and generate a valid answer. (File) Summary: xor-chained sha256 and sha512