07
Jun
2011

Defcon 19 CTF Prequals – PP300

The challenge

Pwtent Pwnables 300 was a webpage containing three images, a YouTube movie and a clock countdown implemented in Javascript. We were able to pull some weird strings from the images like ‘is reddit netsec uber enough to play a game’ and something like a hash. We thought it would have something to do with the reddit netsec website but at this point we got stuck.

After closer inspecting the HTTP packets we noticed the server was running Ruby on WEBrick and a Set-Cookie header was set.
Requesting the index page gave us the following Cookie:
{Read More}

06
Jun
2011

Defcon 19 CTF Prequals – PP200

This weekend a few of us had some good fun with the defcon 19 CTF prequals. Here’s a short write-up of Pwtent Pwnables 200.

$ file pp200.elf
pp200.elf: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), stripped
$ wtfux... ; strings pp200.elf
-bash: wtfux...: command not found
..
@(#)SunOS 5.10 Generic January 2005
$ A-h4!@#%

So we’re dealing with a SunOS/Solaris x86_32 binary here. Time to quickly deploy an Opensolaris VM and see if we can interactively debug this rather than dry reverse it.. Turns out this wasn’t really needed, the code is quite basic, but having an actual environment did help.
{Read More}