forbiddenBits 2013 WriteUp: ment0rpwnage

March 21, 2013

Write up: Ment0rPwnage Part 1 TLDR: Downloading the wallpaper reveals hidden PHP-code which allows to inject SQL-statements. This enables guessing username and password char by char for the login-area found in the robots.txt Ok this challenge was a fun one, it combined a lot of different aspects of IT-sec. First things first: When starting the […]

2

forbiddenBits 2013 Write-Up: NaziWar

March 20, 2013

TLDR: Password is derived from username. Password collision for characters above 7-bit ASCII, i.e. we can easily find two usernames with the same password and there is a pattern in that. I liked the service quite much and almost punched myself when I realized I had been looking at the solution for hours but failed […]

0

rwthCTF 2012 Write-Up: ezpz

December 8, 2012

TLDWTR (Too long, don’t want to read): Great service, many little bugs, great CTF! Otherwise: please continue reading ūüôā Although it was quite some time ago, I wanted to do a complete write-up on ezpz as I liked the service quite a bit ūüėČ There is one from Team Lobotomy and one from Fluxfingers, but […]

0

ruCTFe 2012 Write-Up: buster

November 25, 2012

Update: Thanks to ius from team Eindbazen¬†I cleared up a small error in the blog post. Buster was a compiled java service, that used a sqlite backend to store the flags. The gameserver communicated with the server by sending serialized objects. To secure the communication, the server sends the authentication token in an encrypted form […]

0

PoliCTF Write-Up: bin-pwn 400

November 19, 2012

For this challenge, we were supposed to connect via SSH to a server hosted by the organizers. When connected, we were greated with the string “loS”, then a couple of dots (one new dot per second) and finally ghItlh pIqaD (a..y) As we all know, Google is a hackers greatest weapon, so let’s throw that […]

3

PoliCTF Write-Up Forensics 200

November 19, 2012

The challenge was given as BMP-File and had the description: The file is big 54+PixelArraySize. The description is hinting at the wikipedia entry for the BMP file format. Although the category was called “Forensics”, this seemed like a steganography challenge right from the start. We opened the file in StegSolve to get a first look. […]

6

MozillaCTF Write-Up SecureFileLock (250)

January 27, 2012

This very secure locking mechanism¬†encloses files and only gives them to you when you know the passphrase. Find it and you will have the flag. Ok, let’s see. It’s a 64bit ELF binary, which means no easy “Press F5 in IDA”. Let’s run it Ok, let’s see what it does in strace if we enter […]

0

MozillaCTF Write-Up Buoy (250)

January 27, 2012

Get access to the system of the¬†communication buoy¬†(pwned feds, international waters) and steal the private key that is located in /home/buoy/private.key It might help you that our intelligence has found the¬†source code. Looking at the source, we see that there should be a way to register using /?m=register – it is however disabled. So, we […]

0

MozillaCTF Write-Up Kill the Kraken (200)

January 27, 2012

The description states The kraken is an evil creature that needs to be put down. So, we found that there is a user called kraken in Spark. Killing the kraken probably means deleting the account. How can we delete an account? Yes, we can generate the recovery token if we know the e-mail address. But […]

0

MozillaCTF Write-Up Things long forgotten (200)

January 27, 2012

The description to the challenge was given as: Find something the developer forgot about. So, we are looking for something that was not meant to be on the website. As we know from experience, typically things aren’t removed from the HTML source but just commented out. So, let’s look at the website’s source – oh […]

0