27
Jan
2012

MozillaCTF 2012 – Joe’s Fish Shop

Go, get some tasty dinner over at Joe’s Fish Shop!
If you know how to play the admin, you’ll get free desert! πŸ™‚

We follow the link to the restaurant. As appetizer, we get four free cookies. Lets take a look at them:

ID=current_user
_tmp=d0f0elfe
access=none
Role=bm9uX2FkbWlu

Since bm9uX2FkbWlu is base64 for non_admin, we set it to admin (YWRtaW4=). The result: Welcome Administrator. Please take your flag: x0sld0ef0d

27
Jan
2012

MozillaCTF 2012 – Interesting Lineage

This was a http post challenge. To solve it, you had to check the source of http://ocean.mozillactf.org/en-US/home. This would give you the URL of the form where you could submit the e-mail address of the person that referred you to spark. By using a tool to do http POSTs directly, you could submit POST data

csrfmiddlewaretoken=8aecdae525fb0cb91e1fcbe89c4b7a31&identifier=sdf@sdf.net

to http://ocean.mozillactf.org/en-US/m/boost2 and then submit POST data

csrfmiddlewaretoken=8aecdae525fb0cb91e1fcbe89c4b7a31&identifier=sdf@sdf.org

That would give you the flag: “Go team AnglerFish! You have absorbed the sparks of multiple parents!”

27
Jan
2012

MozillaCTF 2012 – Hail Atlantian

“Deep beneath the Kritiko Pelagos lie the ruins of lost Atlantis… one who wrote this challenge will reward those who hail from his fair city!”

Challenge 9 was more about cryptic words and smart searching, than about technology. We first thought that we had to work with the Kritiko Pelagos location. Since it was a promotion for a mobile web browser, we figured we might get lucky if we used a mobile browsing device with the (fake) GPS locations for the little bit of sea outside Santorini Island. This did not when just browsing the site, but it took us a long time to find that out, since the server platform was constantly unavailable. We then re-examined the original challenge text and came up with the idea that Yvan Boily, who wrote it, might be referring to his own home town. After some frantic web searches on duckduckgo, we discovered he lived either in, or very near Vancouver Canada. Setting GPS locations to somewhere in Vancouver did not give us the results we hoped for either. We then decided they might actually wanted us to use the exact GPS locations for the Mozilla office building in Vancouver. Again, no success with just a plain visit of the home page.

We then decided that creating an account on the web site where we would fill in our location manually in the register/boost section as either Kritiko Pelagos, Santorini Island or Vancouver would possibly work. It still took us over an hour to get a successful entrance in for all three. Of course, Murhphy was hard at work and our last attempt, Vancouver, finally yielded us with the flag:

“Welcome, fellow Atlantean!”

Afterwards, we learned via IRC that if we would have registered for the boost while browsing with GPS location Vancouver, it would work as well, but we gave up browsing around and trying things on the overloaded server before we got there. Also, examining the source, would have given us a http POST form https://ocean.mozillactf.org/en-US/m/boost1 where we could have filled in the GPS locations of Vancouver. All three solutions should work. Obviously, more experienced team members working on this challenge and a better working server would have yielded results much faster.

27
Jan
2012

MozillaCTF 2012 – Hidden Challenge

We were a bit thrown off by this challenge. We shouldn’t have been, but because one of our members already tried most of the obvious hostnames for the mozillactf.org domain, we thought we had to look for other hidden clues. After we finished all the other challenges, we decided to do a brain storm session and go over all previously checked things once more. Some of us tried to see if there was a link between challenge 12 and challenge 21, since everyone that solved 21 also had 12. We figured it might be something on the challenge12 server that we didn’t find while working there. Some of us started looking there, while others started looking at possible missed cookie tricks, since that was the solution for 12.

Once we decided there was nothing there, we finally took another look at obvious host names and we came up with the http://challenge0.mozillactf.org website. Some of us started looking for obvious files and directories and someone else dove into the source of the home page.

<!-- tihihi, you found it πŸ™‚
80DJeUKwAqH2FbrkY8BIEY1cg
-->

Of course, the flag was hidden right in the first page, and we finished our last challenge with a little time left to catch some sleep.

26
Jan
2012

MozillaCTF 2012 – Awesome Corp. Secured Ranges

This challenge entails reversing two (packed) Windows executables in order to retrieve an encrypted message. Once the algorithm and key generation method have been determined, a bruteforce search within a limited keyspace yields the valid key.

{Read More}

26
Jan
2012

MozillaCTF 2012 – SecureFileLock

This very secure locking mechanism encloses files and only gives them to you when you know the passphrase. Find it and you will have the flag.

This challenge requires us to reverse engineer an executable and subsequently retrieve the decryption key for an embedded file.

{Read More}

26
Jan
2012

MozillaCTF 2012 – JS shell exploit

In this challenge we were given an ssh login to a box which contained a commandline js tool and a .js file which made it crash. The tool was sgid, and there was a file owned by the same group named “secret” in the directory, so it seemed we would have to build a working exploit from the example .js and read the secret file.

This is the true, sordid story of how we solved it πŸ™‚

{Read More}

26
Jan
2012

MozillaCTF 2012 – Spark: Message in a Bottle (200)

Challenge:

A strangely formatted message has been given to us in a bottle. We know the person who sent the message likes to use cutting edge 3d debugging tools.

When we follow the bottle link, we end up on a page with a lot of 1’s on it. Nicely formatted in a 5×5 pattern. When we look at the source, we see a bunch of javascript:

<script type="text/javascript">
<!--
var s="=iunm? [ ... massive amounts of text cut away for this writeup ... ] =0iunm?";
m=""; for (i=0; i<s.length; i++) m+=String.fromCharCode(s.charCodeAt(i)-1); document.write(m);
//-->
</script>
<noscript>
You must enable JavaScript to see this text.
</noscript>

{Read More}

26
Jan
2012

MozillaCTF 2012 – Swimsuit up! (50)

Challange 22: – Swimsuit up!

The challenge 22 description was as follows:

For this challenge you will have to dress up in a sea related fashion. We do not necessarily require that your whole team dresses up, but the more the merrier. There are no further suggestions, no boundaries, no limits! Just try to fit into our oceanic theme. Upload your picture on twitter and send a message that contains #SwimSuitUp and @MozillaCTF to earn 50 points. The deadline to send pictures is therefore one hour before the ending of our competition.
Update:
Remember to put some proof in your pictures. A sign that contains your team name, the scoreboard on a screen in the background etc.

{Read More}

26
Jan
2012

MozillaCTF 2012 – Text Transformation Puzzle (50)

In this challenge we received the first paragraph of the book Flatland and the the key 49665857477f4b40304276. There are two interesting things about this; the paragraph was full of spelling errors and the key translates to mostly ASCII:

[dutchy@azer ~]$ echo "49665857477f4b40304276" | xxd -p -r -
IfXWGK@0Bv

The spelling errors in the text result in this string: pTldwFsySqD. Same length as the key in ASCII, could this be related? Let’s find out!
The usual approach of finding an answer which requires a key is xor, so let’s try that:
{Read More}