19
Dec
2011

PHD CTF Quals 2011 – Port knocking

This was the challenge which scored us the last couple of points and put us on the second place. We thought a write up would be nice. This challenge gave us some headache, and if you see the final solution it looks so easy, but it was a long way to get there.

The server involved was the 192.168.0.5. After a nmap scan we noticed the server was listening on port 21/tcp, or ftp. The service info also gives us the first clue of the challenge, it was a port knocking exercise.

This is how we solved it.
{Read More}

11
Dec
2011

PHD CTF Quals 2011 – M100 (reversing/crypto)

One of the parts of the PHDays Quals was the ‘meteorite rain’ archive, containing many small and not so small challenges. One of these (M100) was tougher than most and quite interesting, so we decided to do a writeup.

The file M100 is a Windows console program written in C++. This means it’s a bit of a pain to reverse engineer. One of my teammates did the reverse engineering but then got stuck, so he asked if I could take a look at it. Basically the program looked like this when translated to a simple C program:

{Read More}

11
Dec
2011

PHD CTF Quals 2011 – Forensics #1

The zip file found on the Monolith server (seemingly) contains a VMware image of Ubuntu Server 10.10.

Archive:  jhc_rc2.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
     1298  2011-05-06 13:40   jhc_rc2/readme
1834352640  2011-05-06 17:10   jhc_rc2/Ubuntu 10.10 Server i386.vmdk
536870912  2011-04-25 12:40   jhc_rc2/Ubuntu 10.10 Server i386.vmem
     2496  2011-05-06 17:10   jhc_rc2/Ubuntu 10.10 Server i386.vmx

{Read More}