• 9447 2015 - Calcpop - Exploitables (80pts) writeup

    The challenge description was: See if you can pop this calc. Running at calcpop-4gh07blg.9447.plumbing port 9447 A binary file with the name calcpop was provided: mrt:~/ctf/9447-15/exploit/calcpop$ file calcpop calcpop: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=3b0773c4d23785ef3daae0b3a3505d8fa41403af, not stripped mrt:~/ctf/9447-15/exploit/calcpop$ strings calcpop /lib/ld-linux.so.2 libc.so.6 ... Welcome to calc.exe help Type 'exit' to exit. exit Exiting... %d + %d = %d Type two numbers and I will calculate..[read more]
  • CSAW 2015 - Lawn Care Simulator (200pts) writeup

    The challenge description was: http://54.165.252.74:8089/ This web challenge was really easy, actually it was so easy that I think it wasn't meant to be that way. When you visit the link you are greeted with the following screen: Checking for SQL injection wasn't returning anything indicating it was what we had to do, so I checked the network traffic while trying to..[read more]
  • CSAW 2015 - FTP 2 - Exploitables (300pts) writeup

    The challenge description was: This challenge is a follow up to FTP, now exploit the service. This is a follow-up challenge of: FTP Reversing writeup, this writeup will be terribly disappointing to many since most of the work has already been done in that first writeup. I have no clue if I had to exploit anything as the title suggested since I..[read more]
  • CSAW 2015 - FTP - Reversing (300pts) writeup

    The challenge description was: We found an ftp service, I'm sure there's some way to log on to it. nc 54.172.10.117 12012 A binary file with the name ftp_0319deb1c1c033af28613c57da686aa7 was provided, let's have a look at it to get some informations: mrt:~/ctf/csaw/reverse/ftp$ file ftp_0319deb1c1c033af28613c57da686aa7 ftp_0319deb1c1c033af28613c57da686aa7: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=43afbcd9f4e163f002970b9e69309ce0f1902324, stripped mrt:~/ctf/csaw/reverse/ftp$ strings ftp_0319deb1c1c033af28613c57da686aa7 |..[read more]
  • CSAW 2015 - Hacking Time (200pts) writeup

    The challenge description was: We're getting a transmission from someone in the past, find out what he wants. A NES ROM with the name HackingTime_03e852ace386388eb88c39a02f88c773.nes was provided. My friend SciFi actually told me about this challenge during the CTF while I was working on another one, he thought I would get excited and he was absolutely right. That was a really..[read more]
  • PoliCTF 2015 - Reversemeplz (200pts) writeup

    The challenge description was: Last month I was trying to simplify an algorithm.. and I found how to mess up a source really really bad. And then this challenge is born. Maybe is really simple or maybe is so hard that all of you will give up. Good luck! A binary was provided so let's have a look at it: mrt:~/ctf/polictf/reversing/reversemeplz$ file..[read more]
  • PoliCTF 2015 - Hanoi as a Service (50pts) writeup

    The challenge description was: Check out our shiny new HaaS platform! nc haas.polictf.it 80 Let's connect to the service and see what is going on: mrt:~/ctf/polictf/pwnable/hanoi_as_a_service$ nc haas.polictf.it 80 Welcome to the Hanoi-as-a-Service cloud platform! How many disks does your tower have? 1 * Move top disk from a to b mrt:~/ctf/polictf/pwnable/hanoi_as_a_service$ nc haas.polictf.it 80 Welcome to the Hanoi-as-a-Service cloud platform! How many disks does your tower have? 4 * Move..[read more]
  • PoliCTF 2015 - Hard Interview (50pts) writeup

    The challenge description was: interview.polictf.it:80 Not much from the description, so let's connect and see what is happening: mrt:~/ctf/polictf/grab_bag/hard_interview$ nc interview.polictf.it 80 ____ ..[read more]