This very secure locking mechanism encloses files and only gives them to you when you know the passphrase. Find it and you will have the flag. Ok, let’s see. It’s a 64bit ELF binary, which means no easy “Press F5 in IDA”. Let’s run it Ok, let’s see what it does in strace if we enter [...]
Get access to the system of the communication buoy (pwned feds, international waters) and steal the private key that is located in /home/buoy/private.key It might help you that our intelligence has found the source code. Looking at the source, we see that there should be a way to register using /?m=register – it is however disabled. So, we [...]
The description states The kraken is an evil creature that needs to be put down. So, we found that there is a user called kraken in Spark. Killing the kraken probably means deleting the account. How can we delete an account? Yes, we can generate the recovery token if we know the e-mail address. But [...]
The description to the challenge was given as: Find something the developer forgot about. So, we are looking for something that was not meant to be on the website. As we know from experience, typically things aren’t removed from the HTML source but just commented out. So, let’s look at the website’s source – oh [...]
One of the challenges in MozillaCTF was to determine the way of how the Password Recovery Token was generated. There’s something fishy about the generation of recovery token. Find out how to generate them for other accounts! The token could be viewed directly after logging in and looking at the user details. To gather some [...]
For all of you who are waiting for a RuCTFe Walkthrough: It’s in the queue… We will put some stuff together (especially for the probably most interesting simple-service), but due to the upcoming iCTF, we are quite busy. Since the iCTF even outreaches the 43 Teams of the RuCTFe, we are pretty sure to see [...]
… our first first place! Yesterday, we were able to score the first place at RuCTFE 2009! A detailed review will come! Big thanks go to the organizers, all participants and our greatest team in the world! Thank you also very much for your congratulations!
Tomorrow, the first RuCTFE takes place. This capture the flag competition will be organized and implemented by the Russian team HackerDom of the Ural State University. In the past Hackerdom organized a few RuCTFs, but exclusively teams of Russian universities were allowed to attend to these CTF contests. This time it will be the first [...]
Since this blog gets more and more hits concerning common CTF information, we are switching to english We will participate in HARCTF, which is a CTF contest organised by hcesperer and taking place at the Hacking At Random security conference. Since hc organised the da-op3n contests for the last years, we are looking forward to [...]
Since we missed some CTF contests in the past, we decided to host a common mailinglist for information about CTF contests. It would be great if team members of all CTF teams register to the list to create such a common source of CTF information. The list is at ctf[at]lists.ctf-hacking.de, web-based registration is possible, too: [...]
/ 
/ 