CSAW 2012 – Trivia

There were 5 Trivia questions, each worth 100 points:

    What is the first step of owning a target?
    What is the name of the Google’s dynamic malware analysis tool for Android applications?
    What is the x86 opcode for and al, 0x24? Put your answer in the form 0xFFFF.
    Who was the first security researcher to publish the DEP bypass that utilized WriteProcessMemory()?
    What is the name of Microsoft’s sophisticated distributed fuzzing system that utilizes automated debugging, taint analysis, model building, and constaint solving?

{Read More}


Plaid CTF 2012 – Addition is Hard

Addition is hard!
0x0+0x7068703f = ?
Answer in decimal

This is an easy trivia question, it even comes with a hint hidden in the second operand:

$ python2 -c "print ('%x' % 0x7068703f).decode('hex')"

Which refers to PHP bug.

Using an affected PHP binary to compute the sum yields: 3771785342

More info on the PHP bug: https://bugs.php.net/bug.php?id=61095

In case you do not have the affected PHP version you can just do this by hand as well:

7068703f = 1885892671
2 x 1885892671 = 3771785342


Plaid CTF 2012 – Shoulder Surfing

What’s a password that polaroid head got from inside Ellingson?

A quick google reveals this question refers to the movie “Hackers” (1995). Luckily, someone was kind enough to post the full movie script online, in which we find the following passage explicitly mentioning “shoulder surfing”:

{Read More}