CSAW14 – Fluffy no more (Forensic 300)

September 24, 2014

Description OH NO WE’VE BEEN HACKED!!!!!! — said the Eye Heart Fluffy Bunnies Blog owner. Life was grand for the fluff fanatic until one day the site’s users started to get attacked! Apparently fluffy bunnies are not just a love of fun furry families but also furtive foreign governments. The notorious “Forgotten Freaks” hacking group […]

2

CSAW14 – Hashes (Web 300)

September 24, 2014

Writeup by mooh Description: location, location, location http://54.86.199.163:7878/ Written by ColdHeat     We have a website with 3 links which show pictures of cats and dogs when we click on them. There is a form as well where we can enter an url and the bot will click on it. It sounds like a XSS […]

0

HITCON CTF 2014: Puzzle

August 18, 2014

This is the picture we got: After downloading, I opened the picture with an image viewer and saved it again, only to compare the file sizes. As expected the original is much larger than the just saved one. Then I opened it in stegesolve to make sure I don’t miss anything. By looking at the […]

0

ASIS CTF 2014: forensic

May 13, 2014

After extracting in this challenge we get an arguably big pcap file. As usual the problem here is to look for just anything helpful. A valid option in challenges like this, is just looking for all the files that were downloaded, which you can either do with wireshark by “Exporting objects” which is quite tiresome […]

2

ASIS CTF 2014: Tortureous sound

May 11, 2014

After downloading and extracting we got a file which was identified as: Ok this looks like an audio or video file. Lets try to open it with a media player. Great we can open it, and hear that typical SSTV sound. Ok let’s open RX-SSTV and replay the audio file. Because we did this part […]

0

VolgaCTF 2014 Writeup: crypto100

April 2, 2014

In this task, we have got a ciphertext and an oracle that we can use to encrypt data. Looking at the ciphertext we can see that is a big big number. Time to test the oracle: connect to the server and we’re greeted with “enter your text”. After entering some text, the ciphertext is diplayed […]

0

codegate 2014 Write-up: 120

February 28, 2014

The website for this challenge said “120 times left” and had only a password field and a submit button. Trying something random we get False als response, go back to the main page and see we now have “118 times left”, so each POST or GET to the page decreases the number by one. The […]

0

codegate 2014 Write-up: dodoCrackme

February 26, 2014

The first challenge of the codegate 2014 ctf was a reversing challenge. Linux file command showed us: Ok it’s a 64Bit ELF binary, which means no “F5 in IDA”. Opening with IDA64, an alert popped up that there are more then 1000 Nodes to show. WTF? After changing the node limit the graph showed a […]

1

forbiddenBits 2013 Write-Up: Old

March 21, 2013

This challenge’s target was a binary with just 512 byte total size, named “bin.bin” and could be identified as “x86 boot sector”. So our first thought was: maybe it’s bootable – and it is! After booting up a VM with this file as disk (for VirtualBox: mount on loop, then VBoxManage createrawvmdk) we were confronted […]

1

forbiddenBits 2013 Write-Up: Poir

March 21, 2013

The poir challenge was given as a binary file. It’s a “pcap-ng capture file – version 1.0”, so we opened it in wireshark to have a look at the data. It consists of about 10k pakets, mostly HTTP traffic, some SSDP searches. A closer look revealed: the HTTP pakets are request and responses on a […]

0