Monday, October 01, 2012

CSAW 2012 Quals - writeup collection

Trivia


http://eindbazen.net/2012/09/csaw-2012-trivia/http://the-ctf-guy.blogspot.in/2012/10/csaw-2012-trivia-challenges.html

Recon 

Web 

c4ca4238a0b923820dcc509a6f75849b - 100 Points
http://128.238.66.216/c4ca4238a0b923820dcc509a6f75849b/
Lara Anderton needs to break into PreCrime to free her husband, but they just installed a fancy new security system. Help her break into it!
Solutions:
http://eindbazen.net/2012/09/csaw-2012-web-100/

 c81e728d9d4c2f636f067f89cc14862c - 200 Points
http://128.238.66.216/c81e728d9d4c2f636f067f89cc14862c/
Solutions:
http://eindbazen.net/2012/09/csaw-2012-web-200/

 217 - 300 Points
http://128.238.66.217/
This is a website belonging to a horse-fighting gang. Even with an account, it's not clear what they're up to. Your task is to get administrator access and see if you can figure anything out. Your account is csaw_challenger/letmein123.
Solutions:
http://isisblogs.poly.edu/2012/09/30/csaw-ctf-horseforce-writeup/

 CryptoMat - 400 Points
http://128.238.66.214/
CryptoMat is a site where you can send encrypted messages to other users. Dog is a user on the site and has the key. Figure out how to get into his account and obtain it.
Solutions:
http://blog.lse.epita.fr/articles/29-csaw-ctf-2012-web-400-writeup.html

 Noderper - 500 Points
Derpsoft
Hello, QA personnel! As you know, we here at Noderpsoft are desperately trying to put the finishing touches on our Noderper web UI, and although we're super mega confident in the awesomness of our Web 12.0-centric strategy, we had some security consultant jerk tell us that our diagnostic interface was a Pastebin in the making.What a load of baloney! There isn't anything wrong with it, but just to satisfy the derpiest of derps, we thought we'd let you all prove us RIGHT! What better way to check the status of your system than with common Lunix commands, and even offer an awesome Web 2.5-3.0 (depending on who we're marketing to that day) friendly extensible interface?!?!??!?!?!?!?!??!?!?!
We hope you like Noderper as much as we do, and find zero bugs or mythical, so-called security vulnerabilities in it. Otherwise, you're fired.
Sincerely, and with all the hopes for the most ludicrous of V.C. money,
Roberto J. Quinetana
Solutions:
http://eindbazen.net/2012/09/csaw-2012-web-500/
http://blog.lse.epita.fr/articles/27-csaw-ctf-2012-web-500-writeup.html
https://github.com/quine/csaw2012/tree/master/noderp
eccbc87e4b5ce2fe28308fd9f2a7baf3 - 600 Points
http://128.238.66.216/eccbc87e4b5ce2fe28308fd9f2a7baf3/
Solutions:
http://eindbazen.net/2012/09/csaw-2012-web-600/

Reversing

csaw2012reversing.exe - 100 Points
csaw2012reversing.exe
csaw2012reversing.pdb

Solutions:


CSAWQualificationEasy.exe - 200 Points
CSAWQualificationEasy.exe
Solutions:
CSAWQualification.exe - 300 Points
CSAWQualification.exe
Solutions:
csaw2012reversing - 400 Points
csaw2012reversing
Solutions:
8086100f.mrom - 500 Points
8086100f.mrom
8086100f.mrom.tmp
Exploitation

 54321 - 200 Points
nc 128.238.66.218 54321
exploitation1-release
Read the key out of ./key in the current working directory.
Solutions :
http://xelenonz.blogspot.in/2012/10/csaw-ctf-exploit200-write-up.html
http://ppp.cylab.cmu.edu/wordpress/?p=954

4842 - 300 Points
nc 128.238.66.218 4842
Read the key out of ./key in the current working directory.
This binary has been changed to update the server.
Solutions :
http://eindbazen.net/2012/09/csaw-2012-exploitation-300/
http://ppp.cylab.cmu.edu/wordpress/?p=968

23456 - 400 Points
nc 128.238.66.213 23456
Read the key out of ./key in the current working directory.
Solutions :
http://ppp.cylab.cmu.edu/wordpress/?p=985

12345 - 500 Points
nc 128.238.66.213 12345
Read the key out of ./key in the current working directory
Solutions :
http://ppp.cylab.cmu.edu/wordpress/?p=1015
http://blog.lse.epita.fr/articles/31-csaw-ctf-2012-exploitation-200300400500-writeups.html

Forensics

version1.png - 200 Points

version1.png

Solutions :
version2.png - 200 Points
version2.png
core - 500 Points
core

Networking

telnet.pcap - 100 Points
telnet.pcap

lemieux.pcap - 200 Points
lemieux.pcap
Some dude I know is planning a party at some bar in New York! I really want to go but he's really strict about who gets let in to the party. I managed to find this packet capture of when the dude registered the party but I don't know what else to do. Do you think there's any way you can find out the secret password to get into the party for me? By the way, my favorite hockey player ever is mario lemieux.
dongle.pcap - 300 Points
dongle.pcap
timewave-zero.pcap - 400 Points
timewave-zero.pcap
According to Terence McKenna, the universe has a teleological attractor at the end of time that increases interconnecte dness, eventually reaching a singularity of infinite complexity in 2012, at which point anything and everything imaginable will occur simultaneously. He conceived this idea over several years in the early to mid-1970s while using psilocybin mushrooms and DMT.
Once you get the key, truncate it to 128 characters.
Solutions:
http://blog.lse.epita.fr/articles/30-csaw-ctf-2012-timewave-zeropcap-net400.html
Posted by at 2 comments:
Labels: ,

Sunday, June 03, 2012

Defcon 20 - Quals Writeup Collection


forensics
f100
http://sysexit.wordpress.com/2012/06/03/defcon-20-ctf-prequals-2012-forensics-300-writeup/#comments
f200
http://sysexit.wordpress.com/2012/06/03/defcon-20-ctf-prequals-2012-forensics-300-writeup/#comments
f300
http://sysexit.wordpress.com/2012/06/03/defcon-20-ctf-prequals-2012-forensics-300-writeup/
http://research.shell-storm.org/files/research-28-en.php
http://www.blizz.se/dc20_ctf_f300.html
f400
http://www.routards.org/2012/06/defcon-20-quals-forensics-400.html
http://blog.lse.epita.fr/articles/15-defcon2k12-prequals-for400-writeup.html
f500
http://blog.lse.epita.fr/articles/13-defcon2k12-prequals-for500-writeup.html
pwnables
p100
http://pastebin.com/eqzdtwmw
http://blog.lse.epita.fr/articles/17-defcon2k12-prequals-pwn100-writeup.html
p200
http://pastebin.com/hZRjypSH
http://blog.oxff.net/#jmjgjxh7rng7hgjyd7hq
http://pastebin.com/hvAxGMWM
p300
http://blog.oxff.net/#z44b5paapelzyn46rjea
http://blog.lse.epita.fr/articles/14-defcon2k12-prequals-pwn300-writeup.html
p400
http://blog.oxff.net/#anvszwpmjdyizhsqgngq
p500
binary l33tness
b100
http://securityblackswan.blogspot.co.uk/2012/06/defcon-20-ctf-qualifiers-b100.html
http://squidzrus.schleppingsquid.net/wiki/index.php?title=Binary_l33tness_100
b200
http://www.blizz.se/dc20_ctf_quals_bin200.html
b300
http://insight-labs.org/?p=368
b400
http://bit.ly/NyqP7a
http://x-n2o.com/bin400-dc20
b500
/urandom
r100
http://squidzrus.schleppingsquid.net/wiki/index.php?title=Urandom_100
r200
http://devtrixlabs.com/blog/2012/06/defcon-2012-urandom-200-writeup/
r300
http://www.routards.org/2012/06/defcon-20-quals-urandom-300.html
http://blog.sigsegv.in/2012/06/defcon-ctf-quals-2012-urandom-300.html
r400
http://secdef.cs.washington.edu/dc20-quals-urandom-400.html
r500
grab bag
gb100
gb200
http://adversec.com/docs/defcon_ctf_quals_2012_grab_bag_200_writeup.txt
http://www.routards.org/2012/06/defcon-20-quals-grab-bag-200.html
gb300
http://pastie.org/4023158
http://blog.lse.epita.fr/articles/16-defcon2k12-prequals-gb300-writeup.html
www.rajatswarup.com/blog/2012/06/03/defcon-ctf-quals-grabbag-300-writeup/
gb400
http://sysexit.wordpress.com/2012/06/03/defcon-20-ctf-prequals-2012-grab-bag-400-writeup/
http://www.rajatswarup.com/blog/2012/06/03/defcon-ctf-quals-grabbag400-writeup/http://www.rajatswarup.com/blog/2012/06/03/defcon-ctf-quals-grabbag400-writeup/
gb500
Posted by at 6 comments:
Labels: , , ,

Monday, April 30, 2012

Plaid CTF 2012 Writeups Collection

Bunyan 
200
Pwnables
We found a simple web application that robots made to serve tmp files for debugging purposes. SSH into the machine as your_user@174.129.69.147 and exploit the web app to read their secret.
Solutions
http://www.bases-hacking.org/bunyan-plaidctf2012.html
Chest 
300
Pwnables
Robots are running secret service that aims to mill down diamonds into fairy dust, and use it to take over our world! Help us please!
23.22.1.14:1282
Solutions
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/chest.html
Format 
99
Pwnables
Up on a hill, far away, sits the robot king of old. While he was once great, he recently has seemed to just offer simple challenges. Vanquish him and bring honor to your team!
23.20.104.208:56345
Solutions
http://x86overflow.blogspot.in/2012/04/plaidctf-pwnable-99.html
http://leetmore.ctf.su/wp/plaidctf-2012-format-99-pwnables/
http://pastebin.com/T1g4YYD4
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/format.html
FPU 
600
Pwnables
At the core of Robot city lies a giant robotic orb who gives orders to all the robots. Bringing down this behemoth robot would strike a great victory for all humankind.
50.17.111.209:9999
Solutions
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/fpu.html
Secure FS 
600
Pwnables
At the heart of the robot operating system lies a super secure file system. If this flaw could be found, we could potentially create a Weapon of Mass Robot Destruction!
72.44.33.97:37008
Solutions
http://auntitled.blogspot.fr/2012/05/plaid-ctf-2012-secure-fs.html
RPO 
150
Password Guessing
Ok, so we think we intercepted some robot pr0n but we are not entirely sure. Can you help us decide what it is?
Solutions

RSA
200
Password Guessing
We recently intercepted a plethora of robot transmissions but they are all encrypted with some strange scheme we just can't quite figure out. Can you crack it?
Solutions
http://leetmore.ctf.su/wp/plaidctf-2012-rsa-200-password-guessing/
RoboDate 
100
Password Guessing
So apparently robots, despite their lack of hormones, still have an underlying desire to mate. We stumbled upon a robot dating site, RoboDate. Hack it for us!
Solutions
http://0xbadf00d.co.uk/plaid-ctf-robo-date/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/robodate.html
Stego 
150
Password Guessing
We are a little unsure what the robots fascination with Star Trek is but it would seem from the amount of accesses this image has been getting that it holds something interesting for them. Can you figure out what it is?
Solutions
http://blog.lse.epita.fr/articles/11-plaidctf-2012-stego-writeup.html
Nuclear Launch Detected 
150
Password Guessing
Our spies intercepted communications and a file between 5 of the top 10 robo-generals and their nuclear bomb server. We must recover the final launch code from the 5 robo-general's secret codes, so we can stop the detonation!
Solutions
http://leetmore.ctf.su/wp/plaidctf-2012-nuclear-launch-detected-150-password-guessing/
http://eindbazen.net/2012/05/plaid-ctf-2012-nuclear-launch-detected/
Robot Testing Framework 
350
Pirating
We have discovered a robot testing framework that appears to take a robot module and determine whether or not it is acceptable. Can you help us figure out what the criterion for acceptance are? Framework is found at pwning.net:8009.
This challenge was made by our friends at ManTech. If you enjoyed it, you might be interested in working for them.
Solutions
https://sysexit.wordpress.com/2012/05/03/plaidctf-2012-robot-testing-framework-350-pirating-writeup/

Editors
100
Pirating
We recently gained access to a log of a robot operative interacting with computer. We are unsure what he was up to but we know it is of the upmost importance to figure it out.
Solutions
http://int3pids.com/2012/05/plaidctf-2012-editors-100-pts.html
http://eindbazen.net/2012/05/plaid-ctf-2012-editors/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/editors.html
Traitor 
200
Pirating
Top operative laser mic'd a room where a robot conspirator was logging into the robot governments secret interface. We were able to clean up the audio file significantly, but have no clue anymore.
Solutions
http://www.int3pids.com/2012/05/plaidctf-2012-traitor-200-pts.html
Mess
300
Pirating
The biggest event of the robot year is happening this week! Robot invitations are cool in that they are just a password that validates at the door. We acquired the validator to be used. Can you find an invitation for us in time?
Solutions
http://smokedchicken.org/2012/05/plaidctf-2012---mess-300.html
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/mess.html
Shoulder Surfing 
25
Puzzles
What's a password that polaroid head got from inside Ellingson?
Solutions
http://sysexit.wordpress.com/2012/04/29/plaidctf-2012-shoulder-surfing-25-puzzles-writeup/
http://eindbazen.net/2012/04/plaid-ctf-2012-shoulder-surfing/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/shouldersurfing.html
Addition is Hard 
15
Puzzles
Addition is hard!
0x0 +0x7068703f = ?
Answer in decimal
Solutions
http://x86overflow.blogspot.in/2012/04/plaidctf-addition-is-hard.html
http://khr0x40sh.wordpress.com/2012/04/30/plaid-ctf-2012-write-ups-addition-is-hard-and-torrents/
http://eindbazen.net/2012/04/plaid-ctf-2012-addition-is-hard/
Twitter
100
Puzzles
First team to get access to the Twitter account PPP and send us the password wins.
www.twitter.com/ppp
Go!

(Just kidding. Please don't get arrested.)
Solutions
Torrents 
200
Practical Packets
It turns out that robots, like humans, are cheap and do not like paying for their movies and music. We were able to intercept some torrent downloads but are unsure what the file being downloaded was. Can you figure it out?
Solutions
https://h4des.org/blog/index.php?/archives/325-PlaidCtf-2012-write-up-Torrent-200.html
http://codezen.fr/2012/04/30/plaidctf-2012-practical-packets-200-torrents-writeup/
http://mweissbacher.com/blog/2012/04/30/plaidctf-2012-challenge-torrent-practical-packets-writeup-200-points/
http://eindbazen.net/2012/05/plaid-ctf-2012-torrent/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/torrents.html
80s Thinking 
250
Practical Packets
We saw two robots dressed in sweater dresses, leggings and press on nails and decided we had to listen in. But, these robots were speaking an unintelligible language. Can you figure out what they were saying?
Solutions
http://codezen.fr/2012/04/30/plaidctf-2012-practical-packets-250-80s-thinking-writeup/
http://0xbadf00d.co.uk/plaidctf-80s-thinking/
http://eindbazen.net/2012/05/plaid-ctf-2012-80s-thinking/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/80sthinking.html
Paste 
100
Practical Packets
Robot hackers, like their human counter parts, have a largely unmet need to dump large amounts of text to their peers. We recently got access to one of their servers and are providing you with the files. What have they been talking about?
Solutions
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/paste.html
Bouncer 
250
Practical Packets
In a recent battle we took an enemy robot hostage and examined his operating system. During the examination we found a piece of robot malware that we don't quite understand. Can you enumerate its targets?
This challenge was made by our friends at ManTech. If you enjoyed it, you might be interested in working for them.
Solutions
http://leetmore.ctf.su/wp/plaidctf-2012-bouncer-250-practical-packets/
http://eindbazen.net/2012/05/plaid-ctf-2012-bouncer/
SIMD 
250
Pirating
After examining some code retrieved by our operative we are unsure whether it was written by an evil genius or a google employee. We will let you decide.
Solutions
http://leetmore.ctf.su/wp/simd-250-pirating/
http://eindbazen.net/2012/05/plaid-ctf-2012-simd/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/simd.html
Encryption Service 
300
Password Guessing
We found the source code for this robot encryption service, except the key was redacted from it. The service is currently running at 23.21.15.166:4433
Solutions
http://leetmore.ctf.su/wp/plaidctf-2012-encryption-service-300-password-guessing/
http://codezen.fr/2012/05/01/plaidctf-2012-password-guessing-300-encryption-service-writeup/
http://www.pentester.es/2012/05/encryption-service-del-plaidctf.html
http://codezen.fr/2012/05/01/plaidctf-2012-password-guessing-300-encryption-service-writeup/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/encryptionservice.html
Demo Time 
350
Pirating
Pop some popcorn, grab a seat and be ready to listen to your favorite robotic chiptunes. It's an old fashioned robot party!
Solutions
http://eindbazen.net/2012/05/plaid-ctf-2012-demo-time/
ECE's Revenge II 
500
Potpourri
Our aerial reconnaissance drones recently sighted these new robot prototypes but we cannot figure out how to turn them on (INSERT INAPPROPIATE JOKE). Can you help us solve the mystery and get their electrons flowing?
Solutions
http://eindbazen.net/?p=918
http://eindbazen.net/2012/04/plaid-ctf-2012-ece/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/ecesrevenge.html
QCE's Revenge 
400
Potpourri
Maths are hard. Quantum maths are even harder.
Solutions
The Game 
100
Potpourri
Robots enjoy some strange games and we just can't quite figure this one out. Maybe you will have better luck than us.
23.22.16.34:6969
Solutions
http://0xbadf00d.co.uk/plaid-ctf-the-game/
http://secgroup.ext.dsi.unive.it/2012/04/30/plaidctf-2012-write-up-the-game/
http://tasteless.se/2012/04/pctf-2012-the-game-writeup/
http://codezen.fr/2012/04/30/plaidctf-2012-potpourri-100-the-game-writeup/
http://smokedchicken.org/2012/05/plaidctf-2012---game-100.html
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/thegame.html
There Once Was A
200
Pirating
Turns out iPhones are just as cool to robots as they are to us! They all seem to have this app installed but it looks pretty boring to us. Any ideas?
Solutions
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/thereoncewasa.html
Debit or Credit 
200
Potpourri
Ca-Ching! Do you think robots have headphone jacks?
Solutions
http://eindbazen.net/2012/05/plaid-ctf-2012-debit-or-credit/
http://smokedchicken.org/2012/05/plaidctf-2012---debit-or-credit-200.htm
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/debitorcredit.html
3D 
100
Potpourri
The robots appear to be testing some kind of new camera technology but we haven't quite figured it out yet. Understanding this imaging could be crucial to our understanding the enemy and winning the war.
Solutions
http://eindbazen.net/2012/05/plaidctf-2012-3d/
http://www.joshuagauthier.com/2012/05/pctf-2012-3d/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/3d.html
Simple 
250
Pirating
Our lead scientist was really close to cracking this problem before a robot assassin took his life and stole all his work. All that was left was a posted saying 'simple'.
Solutions
http://blog.lse.epita.fr/articles/9-plaidctf-2012-simple-writeup.html
http://eindbazen.net/?p=901
http://eindbazen.net/2012/04/plaid-ctf-2012-simple/
JIT 
450
Pwnables
Shoot to the left, break to the right and slide into the bunker 'just in time'.
23.21.39.14:52608 (BTW, administrator disabled /bin/sh... damn)
Solutions

Supercomputer 1 
50
Pirating
Computing one big number is hard, but apparently the robots can do four? Please help us!
What is the first number?
Solutions
http://eindbazen.net/?p=890
http://eindbazen.net/2012/04/plaid-ctf-2012-supercomputer-1/

Supercomputer 2 
50
Pirating
Computing one big number is hard, but apparently the robots can do four? Please help us!
What is the second number?
Solutions
http://wilrobertson.com/blog/2012/04/learning-to-robo-compute-at-plaidctf-2012
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/supercomputer.html
Supercomputer 3 
100
Pirating
Computing one big number is hard, but apparently the robots can do four? Please help us!
What is the third number?
Solutions
http://wilrobertson.com/blog/2012/04/learning-to-robo-compute-at-plaidctf-2012
Supercomputer 4 
300
Pirating
Computing one big number is hard, but apparently the robots can do four? Please help us!
What is the LAST number?
Solutions

Size Doesn't Matter 
250
Password Guessing
We found a pair of robot command execution services running at 23.20.239.9 ports 8888 and 8889. Can you break into it?
Solutions
http://eindbazen.net/2012/04/plaid-ctf-2012-size-doesnt-matter/


Override
http://eindbazen.net/2012/05/plaid-ctf-2012-override/
http://smokedchicken.org/2012/05/plaidctf-2012---override-300.html
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/override.html


Repositories 
http://repo.shell-storm.org/CTF/PlaidCTF-2012/
http://www.techbrunch.fr/securite/plaid-ctf-2012-writeups-collection/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/
http://www.techbrunch.fr/securite/plaid-ctf-2012-writeups-collection/
Posted by at 2 comments:
Labels: , , ,