05
May
2013

pCTF 2013 – usbdude (for 350)

For this challenge we’re given a pcap file containing USB traffic. Initial inspection learns us this is a dump of an AVRISP mkII USB programmer for 8-bit AVR microcontrollers.
{Read More}

04
May
2013

pCTF 2013 – charsheet (web 150)

My friend is in my D&D campaign – could you get me his character name? He administrates this site.

This challenge is a very simple SQL injection, asking for the character name.

{Read More}

04
May
2013

pCTF 2013 – secure_reader (pwn 150)

I can’t figure out how to read the flag πŸ™ ssh to 54.224.109.162

The secure_reader program can read the flag, but can only be invoked from the reader program.

{Read More}

04
May
2013

pCTF 2013 – unnnnlucky (misc 20)

Question: Where does The Plague hide his money?

This question is clearly a reference to the movie Hackers, we’ve immediately watched the movie on youtube and skipped to the referenced part in the NSA interview room scene.

{Read More}

02
May
2013

pCTF 2013 – ropasaurusrex (pwn 200)

This is a very simple network service which will overflow a stack buffer if you send it too much data. The stack is non-executable, which we can get around using Return-Oriented Programming (which is pretty much given away by the challenge name of course). Then the only tricky bit is that ASLR is enabled, which means that libc (which contains all of the interesting functions like system()) will be at a different address each time we connect.

{Read More}