• DEF CON 2015 Quals - access control (1pt) writeup

    The challenge description was: It's all about who you know and what you want. access_control_server_f380fcad6e9b2cdb3c73c651824222dc.quals.shallweplayaga.me:17069 A binary called client_197010ce28dffd35bf00ffc56e3aeb9f was provided. Let's connect to the server and see what it's really about (since the server is offline now I'm going to try and replicate what was happening): mrt:~/ctf/defcon/reverse/nc access_control_server_f380fcad6e9b2cdb3c73c651824222dc.quals.shallweplayaga.me 17069 connection ID: &7"R%{7+e*QZAu *** Welcome to the ACME data retrieval service *** what version is your..[read more]
  • DEF CON 2015 Quals - mathwhiz (1pt) writeup

    The challenge description was: mathwhiz_c951d46fed68687ad93a84e702800b7a.quals.shallweplayaga.me:21249 This was a programming challenge, when connecting the server would ask us to solve some basic mathematic operations such as: 1 + 2 If you know how to parse data it is pretty straight forward, after a couple attempt to see where the script would fail (such as when the server would ask to solve ONE +..[read more]
  • DEF CON 2015 Quals - babycmd (1pt) writeup

    The challenge description was: babycmd_3ad28b10e8ab283d7df81795075f600b.quals.shallweplayaga.me:15491 A binary called babycmd_3ad28b10e8ab283d7df81795075f600b was also provided. Let's quickly check what happens when we connect to it: mrt:~/ctf/defcon/baby/babycmd$ nc babycmd_3ad28b10e8ab283d7df81795075f600b.quals.shallweplayaga.me 15491 Welcome to another Baby's First Challenge! Commands: ping, dig, host, exit We need to find a way to run other commands and get the flag but a couple characters we could use to pipe or chain other commands are actually..[read more]
  • VolgaCTF 2015 Quals - Captcha (150pts) writeup

    The challenge description was: We've got a rather strange png file. Very strange png. Something isn't right about it... (a PNG file with what seemed to be the letter 'i' was provided) Let's have a quick look at this file: mrt:~/ctf/volga/stego/captcha$ xxd capthca.png | less 0000000: 8950 4e47 0d0a 1a0a 0000 000d 4948 4452 .PNG........IHDR 0000010: 0000 0100 0000 0100 0802 0000 00d3..[read more]
  • VolgaCTF 2015 Quals - Bash (125pts) writeup

    The challenge description was: Just another super-puper secure shell. nc bash.2015.volgactf.ru 7777 A binary called tiny_bash was also provided. Let's quickly check what happens when we connect to it: mrt:~/ctf/volga/pwn/bash$ nc bash.2015.volgactf.ru 7777 Welcome to our small secure shell.You are disallowed to execute several types ofcommands.Are you able to bypass these restrictions? >> help >> ls This command is prohibited. >> exit >> ^C Appears like a small shell with..[read more]
  • VolgaCTF 2015 Quals - Database (75pts) writeup

    The challenge description was: Hack the database! nc database.2015.volgactf.ru 7777 A binary was also provided so let's have a look at it: mrt:~/ctf/volga/pwn/database$ file database database: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=d9a1acedc81f211feef5289d2cb05effd06d4a34, not stripped So we have a x64 ELF binary, let's have a quick look at what is exactly going on when we connect to..[read more]
  • Hack.lu CTF 2014 - Dalton Corporate Security Safe for Business (200pts) writeup

    The challenge description was: The Dalton Brothers are tricking people into buying their “safe” locks. So they can rob them afterwards. The lock has some safety features, as it resets itself after a few seconds. It also requires a lot of valid inputs before it's letting you open it. Please find out what their weakness is and report back. https://wildwildweb.fluxfingers.net:1422 The..[read more]
  • Hack.lu CTF 2014 - ImageUpload (200pts) writeup

    The challenge description was: In the Wild Wild Web, there are really bad guys. The sheriff doesn't know them all. Therefore, he needs your help. Upload pictures of criminals to this site and help the sheriff to arrest them. You can make this Wild Wild Web much less wild!!! After visiting the web page we see the following: A link to a..[read more]