This was the challenge which scored us the last couple of points and put us on the second place. We thought a write up would be nice. This challenge gave us some headache, and if you see the final solution it looks so easy, but it was a long way to get there.
The server involved was the 192.168.0.5. After a nmap scan we noticed the server was listening on port 21/tcp, or ftp. The service info also gives us the first clue of the challenge, it was a port knocking exercise.
This is how we solved it.
One of the parts of the PHDays Quals was the ‘meteorite rain’ archive, containing many small and not so small challenges. One of these (M100) was tougher than most and quite interesting, so we decided to do a writeup.
The file M100 is a Windows console program written in C++. This means it’s a bit of a pain to reverse engineer. One of my teammates did the reverse engineering but then got stuck, so he asked if I could take a look at it. Basically the program looked like this when translated to a simple C program:
The zip file found on the Monolith server (seemingly) contains a VMware image of Ubuntu Server 10.10.
Archive: jhc_rc2.zip Length Date Time Name --------- ---------- ----- ---- 1298 2011-05-06 13:40 jhc_rc2/readme 1834352640 2011-05-06 17:10 jhc_rc2/Ubuntu 10.10 Server i386.vmdk 536870912 2011-04-25 12:40 jhc_rc2/Ubuntu 10.10 Server i386.vmem 2496 2011-05-06 17:10 jhc_rc2/Ubuntu 10.10 Server i386.vmx