In this challenge we’re asked to figure out the number of attacks (and related ports) carried out by a zombie host, provided a zombie client binary and an associated data file.
This challenge requires us to retrieve a plaintext string which would be eventually printed by the provided DLL. Our routine identification attempt tells us that the DLL has been packed using PEtite v2.1.
We’re given a zipfile containing a Windows executable. An identification attempt (using CFF explorer) quickly reveals that it was packed using a simple executable compressor:
Signature: CExe v1.0a
Someone have leaked very important documents. We couldn’t find any proof without one PCAP file. But this file was damaged.
¡Ø The password of disclosure document is very weakness and based on Time, can be found easily.
Cryptographic algorithm is below.
Msg = ¡°ThisIsNotARealEncryption!SeemToEncoding¡±
Key = 0x20120224 (if date format is 2012/02/24 00:01:01)
Cryto = C(M) = Msg * Key = 0xa92fd3a82cb4eb2ad323d795322c34f2d809f78
When IU who lives in Seoul tried to do SQL Injection attack a certain WEB site, suddenly the browser was closed abnormally. What is the SQL Injection value she tried to enter and when the browser was closed? The time is based on Korea Standard Time(UTC +09:00)
This challenge contains of a PCAP file with the following assignment:
You spied to find “Secret of Joseon which is previous dynasty of Korea”.
You got all main pages information to manage unrevealed secret of Joseon through network sniffing.
Open the file contained the secret of Joseon.
In order to steal financial information of Company X, IU got a job under cover. She decided to attack CFO’s computer, and then insert malicious code to his computer in the way of social engineering. She figured out that he didn’t use to turn off his computer, when he gets off work. After he leaves the office, she obtains financial data from his computer to search EXCEL file. By checking installed application program, she can find the information in the file. She lacks the file externally. In order to remove all traces, she erases malicious code, event logs and recent file list.
감사합니다./ありがとうございます./Dank u./Tak.Danke./Gratias./Спасибо./Terima kasih.
Mulţumesc./Cảm ơn bạn./Дзякуй./Благодаря./Tack./Gracias./شكرا لك./Go raibh maith agat.
Thank you very much for spending time with us.
The final problem enjoy with you. It may not look hard.
Let’s view the problem from another angle.
We were presented with a web-page containing a number of functions. After clicking around for a bit it was clear the goal is to login to the board as ‘Baron zzingzzing’.
The access to the board is protected using a ‘certificate’. The site offers the possibility to obtain a certificate for ‘citizen’ but will only allow access to the board as baron, king or queen.