30
Sep
2012

CSAW 2012 – Score over time

30
Sep
2012

CSAW 2012 – Networking 200

“Some dude I know is planning a party at some bar in New York! I really want to go but he’s really strict about who gets let in to the party. I managed to find this packet capture of when the dude registered the party but I don’t know what else to do. Do you think there’s any way you can find out the secret password to get into the party for me? By the way, my favorite hockey player ever is mario lemieux.”
File https://csawctf.poly.edu/challenges/45b963397aa40d4a0063e0d85e4fe7a1/23dce85a4e96a87028cc9a3e662663ce/lemieux.pcap

The pcap contained allot of HTTP streams, we made an assumption that the request would be an HTTP post request:
{Read More}

30
Sep
2012

CSAW 2012 – Exploitation 300

Exploitation 300 was a remote service with some funny korean strings in it. To run it locally you needed to create a user ‘liaotian’ on your system and put a ‘key’ file in it’s home directory.

When we connect to the service we can send some string and it will disconnect us. However, when we send a big string(TM) we trigger a traditional stack smash. After exactly 326 bytes we hit the first saved EIP.
{Read More}

30
Sep
2012

CSAW 2012 – Forensics 500

No challenge description
https://csawctf.poly.edu/challenges/45b963397aa40d4a0063e0d85e4fe7a1/9dc1ba24833acff030b7c85c015970c2/core

This challenge can be solved by running strings on the file we received:

{Read More}

30
Sep
2012

CSAW 2012 – Forensics 200 – 2

No challenge description.
https://csawctf.poly.edu/challenges/45b963397aa40d4a0063e0d85e4fe7a1/f8c64a70ad468a2fd3d9fa1e37c6b034/version2.png

In this challenge we got a similar file to the Forensics 200 – 1 challenge. Again the same image:

{Read More}

30
Sep
2012

CSAW 2012 – Forensics 200 – 1

https://csawctf.poly.edu/challenges/45b963397aa40d4a0063e0d85e4fe7a1/961c734bdd95c5b1e06cbae8c548ac04/version1.png
No challenge description

The PNG file we can download contains the text “ONE OF THESE THINGS XS NOT LIKE THE OTHER”.

{Read More}

30
Sep
2012

CSAW 2012 – Trivia

There were 5 Trivia questions, each worth 100 points:

    What is the first step of owning a target?
    What is the name of the Google’s dynamic malware analysis tool for Android applications?
    What is the x86 opcode for and al, 0x24? Put your answer in the form 0xFFFF.
    Who was the first security researcher to publish the DEP bypass that utilized WriteProcessMemory()?
    What is the name of Microsoft’s sophisticated distributed fuzzing system that utilizes automated debugging, taint analysis, model building, and constaint solving?

{Read More}

30
Sep
2012

CSAW 2012 – Recon

There were 5 recon challenges:

    Jordan Wiens
    Jeff Jarmoc
    Julian Cohen
    Dan Guido (What are Dan Guido’s two favorite foods?)
    Yoda

{Read More}

30
Sep
2012

CSAW 2012 – Reversing 500

For this challenge, we’re given two files:


8086100f.mrom: BIOS (ia32) ROM Ext. (6*512)
8086100f.mrom.tmp: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped

{Read More}

30
Sep
2012

CSAW 2012 – Reversing 400

Reversing 400 was a 64bit Linux ELF that you needed to crack/reverse. Let’s have a look.

blasty@fastbox:~/csaw2012$ file csaw2012reversing 
csaw2012reversing: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x012c3cf67d5aa15a9985ea064958921dc600c367, not stripped
blasty@fastbox:~/csaw2012$ ./csaw2012reversing 
Encrypted Key:  ??????????????

{Read More}