01
May
2012

Plaid CTF 2012 – Torrent

It turns out that robots, like humans, are cheap and do not like paying for their movies and music. We were able to intercept some torrent downloads but are unsure what the file being downloaded was. Can you figure it out?

{Read More}

26
Feb
2012

CODEGATE 2012 – Network 100

Challenge Description

Someone have leaked very important documents. We couldn’t find any proof without one PCAP file. But this file was damaged.

¡Ø The password of disclosure document is very weakness and based on Time, can be found easily.
Cryptographic algorithm is below.

Msg = ¡°ThisIsNotARealEncryption!SeemToEncoding¡±
Key = 0x20120224 (if date format is 2012/02/24 00:01:01)
Cryto = C(M) = Msg * Key = 0xa92fd3a82cb4eb2ad323d795322c34f2d809f78

{Read More}

26
Feb
2012

CODEGATE 2012 – Network 400

Challenge Description

Because of vulnerability of site in Company A, database which contains user’s information was leaked. The file is dumped packet at the moment of attacking.
Find the administrator’s account information which was leaked from the site.
For reference, some parts of the packet was blind to XXXX.

Answer : strupr(md5(database_name|table_name|decode(password_of_admin)))

So, we got a PCAP file with a nice SQL Injection attack on some web application. As it turns out this is a blind/boolean based injection, so we can’t easily tell what data got extracted. Time to write a little tool..

{Read More}

26
Feb
2012

CODEGATE 2012 – Network 200

Challenge description

To whom it may concern to DoS attack.

What is the different between attack and normal traffic?
Attached PCAP file is from suspicious client PC which may be infected.
If you find TOP 4 targeting address, let me know exactly information such as below.

Answer: COUNTRY_NAME_TOP1(3)COUNTRY_NAME_TOP2(13)COUNTRY_NAME_TOP3(2)COUNTRY_NAME_TOP4(5)_1.1.1.1_2.2.2.2_3.3.3.3_4.4.4.4

EX)
kind_1.1.1.1_2.2.2.2_3.3.3.3_4.4.4.4
TOP1 1.1.1.1 __k___
TOP2 2.2.2.2 ____________i___
TOP3 3.3.3.3 _n___
TOP4 4.4.4.4 ____d____

{Read More}