26
Apr
2013

pCTF 2013 – pyjail (misc 400)

We did not solve this challenge in time, despite spending a lot of time on it. If we had we would have taken 1st place, but of course there’s always that one challenge you wish you had solved…

Still, it was a really cool challenge and we solved the first part pretty well before getting stuck. And that part deserves a writeup at least.

This challenge consisted of a server that read a string from the user, removed most interesting characters from it, and then ran it through python’s eval and exec. The goal was to get a shell using only the very limited remaining character set and a maximum of 1900 characters, and while having a very stripped down environmen.

{Read More}

26
Apr
2013

pCTF 2013 – dynrpn (pwnable 250)

`dc` runs too slowly for my tastes.

Dynrpn is a calculator program which uses Reverse Polish Notation as syntax which is somewhat compatible with the syntax used by the dc calculator program. However, this version compiles every expression to native FPU code and then runs that code to get the answer.

{Read More}

26
Apr
2013

pCTF 2013 – cheap (misc 100)

What could this mysterious architecture be?

For this challenge we had access to a remote service without any additional information on what to do or what to look for.

{Read More}

26
Apr
2013

pCTF 2013 – servr (web 400)

The challenge description is:

We got a shell on this crazy guy’s web server, but he’s running some really weird software πŸ™ Help me get higher privileges please?

As it turns out, this guy is really crazy, since his web server is implemented as a kernel module, and this “web” challenge is actually a kernel pwning challenge.

{Read More}

26
Apr
2013

pCTF 2013 – cat_rar (forensics 150)

So, among all the binaries Plaidctf also followed the tradition in CTF to hide a stego as a forensics challenge. We had a challenge with this description:

cat_rar
150
forensics
“Meow meow mw mw m.
cat.rar

In the cat.rar file we found two files:

  • a cat.rar.jpg which seems to be an image of a cat.
  • a cat.rar.bin which seems to be an x64 ELF binary

{Read More}

26
Apr
2013

pCTF 2013 – giga (crypto 250)

In this challenge we get a network service which generates a RSA keypair, encrypts a flag with it and shows you the ciphertext, and then allows you to encrypt a bunch of different plaintexts and view the corresponding ciphertexts. The goal is to decrypt the encrypted flag somehow.

Normally this should not be possible with RSA, so there have to be some bugs. Let’s look at the code:
{Read More}

26
Apr
2013

pCTF 2013 – compression (crypto 250)

In this challenge we are given a very simple python service to connect to. In a loop, it reads some data from the client, appends a flag to it, compresses it, encrypts it with AES in CTR mode, and then returns it to the client. The goal is to find the flag, of course!

{Read More}

22
Apr
2013

pCTF 2013 – cyrpto (crypto 100)

One of us devised a new cryptosystem! Can you break it?

For this challenge we had access to a home-grown crypto system, allowing us to encrypt and decrypt messages. However the server refused to decrypt the encrypted flag given.

Let’s see if we can trick it.
{Read More}

31
Mar
2013

Cybercrime Challenge 0x7DD #2

This series of 2 blog posts comprise a writeup of the ‘Cybercrime Challenge 0x7DD’ recruitment challenge by the Team High Tech Crime of the Dutch Police; as such, both posts are in Dutch (apologies to non-Dutch readers).

Dit is een writeup van de ‘Cybercrime Challenge 0x7DD’, een recruitmentchallenge van het Team High Tech Crime van de Politie.

{Read More}

31
Mar
2013

Cybercrime Challenge 0x7DD #1

This series of 2 blog posts comprise a writeup of the ‘Cybercrime Challenge 0x7DD’ recruitment challenge by the Team High Tech Crime of the Dutch Police; as such, both posts are in Dutch (apologies to non-Dutch readers).

Dit is een writeup van de ‘Cybercrime Challenge 0x7DD’, een recruitmentchallenge van het Team High Tech Crime van de Politie.

{Read More}