Deva [ Me , Myself & InfoSec]

c4ca4238a0b923820dcc509a6f75849b - 100 Points
http://128.238.66.216/c4ca4238a0b923820dcc509a6f75849b/
Lara Anderton needs to break into PreCrime to free her husband, but they just installed a fancy new security system. Help her break into it!
Solutions:
http://eindbazen.net/2012/09/csaw-2012-web-100/

c81e728d9d4c2f636f067f89cc14862c - 200 Points
http://128.238.66.216/c81e728d9d4c2f636f067f89cc14862c/
Solutions:
http://eindbazen.net/2012/09/csaw-2012-web-200/

217 - 300 Points
http://128.238.66.217/
This is a website belonging to a horse-fighting gang. Even with an account, it's not clear what they're up to. Your task is to get administrator access and see if you can figure anything out. Your account is csaw_challenger/letmein123.
Solutions:
http://isisblogs.poly.edu/2012/09/30/csaw-ctf-horseforce-writeup/

CryptoMat - 400 Points
http://128.238.66.214/
CryptoMat is a site where you can send encrypted messages to other users. Dog is a user on the site and has the key. Figure out how to get into his account and obtain it.
Solutions:
http://blog.lse.epita.fr/articles/29-csaw-ctf-2012-web-400-writeup.html

Noderper - 500 Points
Derpsoft
Hello, QA personnel! As you know, we here at Noderpsoft are desperately trying to put the finishing touches on our Noderper web UI, and although we're super mega confident in the awesomness of our Web 12.0-centric strategy, we had some security consultant jerk tell us that our diagnostic interface was a Pastebin in the making.What a load of baloney! There isn't anything wrong with it, but just to satisfy the derpiest of derps, we thought we'd let you all prove us RIGHT! What better way to check the status of your system than with common Lunix commands, and even offer an awesome Web 2.5-3.0 (depending on who we're marketing to that day) friendly extensible interface?!?!??!?!?!?!?!??!?!?!
We hope you like Noderper as much as we do, and find zero bugs or mythical, so-called security vulnerabilities in it. Otherwise, you're fired.
Sincerely, and with all the hopes for the most ludicrous of V.C. money,
Roberto J. Quinetana
Solutions:
http://eindbazen.net/2012/09/csaw-2012-web-500/
http://blog.lse.epita.fr/articles/27-csaw-ctf-2012-web-500-writeup.html
https://github.com/quine/csaw2012/tree/master/noderp
eccbc87e4b5ce2fe28308fd9f2a7baf3 - 600 Points
http://128.238.66.216/eccbc87e4b5ce2fe28308fd9f2a7baf3/
Solutions:
http://eindbazen.net/2012/09/csaw-2012-web-600/

Reversing

csaw2012reversing.exe - 100 Points

csaw2012reversing.exe
csaw2012reversing.pdb

Solutions:

http://eindbazen.net/2012/09/csaw-2012-reversing-100/

CSAWQualificationEasy.exe - 200 Points

CSAWQualificationEasy.exe

Solutions:

http://eindbazen.net/2012/09/csaw-2012-reversing-200/

CSAWQualification.exe - 300 Points

CSAWQualification.exe

Solutions:

http://eindbazen.net/2012/09/csaw-2012-reversing-300/

csaw2012reversing - 400 Points

csaw2012reversing

Solutions:

http://eindbazen.net/2012/09/csaw-2012-reversing-400/

8086100f.mrom - 500 Points

8086100f.mrom

8086100f.mrom.tmp

Solutions:
http://eindbazen.net/2012/09/csaw-2012-reversing-500/
http://blog.lse.epita.fr/articles/26-csaw-ctf-2012-reverse-engineering-500-writeup.html

Exploitation

54321 - 200 Points
nc 128.238.66.218 54321
exploitation1-release
Read the key out of ./key in the current working directory.
Solutions :
http://xelenonz.blogspot.in/2012/10/csaw-ctf-exploit200-write-up.html
http://ppp.cylab.cmu.edu/wordpress/?p=954

4842 - 300 Points
nc 128.238.66.218 4842
Read the key out of ./key in the current working directory.
This binary has been changed to update the server.
Solutions :
http://eindbazen.net/2012/09/csaw-2012-exploitation-300/
http://ppp.cylab.cmu.edu/wordpress/?p=968

23456 - 400 Points
nc 128.238.66.213 23456
Read the key out of ./key in the current working directory.
Solutions :
http://ppp.cylab.cmu.edu/wordpress/?p=985

12345 - 500 Points
nc 128.238.66.213 12345
Read the key out of ./key in the current working directory
Solutions :
http://ppp.cylab.cmu.edu/wordpress/?p=1015
http://blog.lse.epita.fr/articles/31-csaw-ctf-2012-exploitation-200300400500-writeups.html

Forensics

version1.png - 200 Points

version1.png

Solutions :

http://eindbazen.net/2012/09/csaw-2012-forensics-200-1/

version2.png - 200 Points

version2.png

Solutions :
http://eindbazen.net/2012/09/csaw-2012-forensics-200-2/

core - 500 Points

core

Solutions :
http://eindbazen.net/2012/09/csaw-2012-forensics-500/

Networking

telnet.pcap - 100 Points

telnet.pcap

lemieux.pcap - 200 Points

lemieux.pcap

Some dude I know is planning a party at some bar in New York! I really want to go but he's really strict about who gets let in to the party. I managed to find this packet capture of when the dude registered the party but I don't know what else to do. Do you think there's any way you can find out the secret password to get into the party for me? By the way, my favorite hockey player ever is mario lemieux.

Solutions:
http://eindbazen.net/2012/09/csaw-2012-networking-200/

dongle.pcap - 300 Points

dongle.pcap

Solutions:
http://blog.lse.epita.fr/articles/32-csaw-ctf-2012-donglepcap-net300.html

timewave-zero.pcap - 400 Points

timewave-zero.pcap

According to Terence McKenna, the universe has a teleological attractor at the end of time that increases interconnecte dness, eventually reaching a singularity of infinite complexity in 2012, at which point anything and everything imaginable will occur simultaneously. He conceived this idea over several years in the early to mid-1970s while using psilocybin mushrooms and DMT.

Once you get the key, truncate it to 128 characters.
Solutions:
http://blog.lse.epita.fr/articles/30-csaw-ctf-2012-timewave-zeropcap-net400.html

Writeup Collections :
https://docs.google.com/document/d/1CUX0KD-IJhOzHMLmxoJXGZH-r_IcI3665cLWiOewNxY/edit
http://blog.lse.epita.fr/articles/31-csaw-ctf-2012-exploitation-200300400500-writeups.html
http://blog.lse.epita.fr/articles/28-csaw-ctf-2012-for200-500net100-200re100-400web100-.html
http://ppp.cylab.cmu.edu/wordpress/?p=1003

Repository :

http://repo.shell-storm.org/CTF/CSAW-2012/

Sunday, June 03, 2012

Defcon 20 - Quals Writeup Collection

forensics
f100
http://sysexit.wordpress.com/2012/06/03/defcon-20-ctf-prequals-2012-forensics-300-writeup/#comments
f200
http://sysexit.wordpress.com/2012/06/03/defcon-20-ctf-prequals-2012-forensics-300-writeup/#comments
f300
http://sysexit.wordpress.com/2012/06/03/defcon-20-ctf-prequals-2012-forensics-300-writeup/
http://research.shell-storm.org/files/research-28-en.php
http://www.blizz.se/dc20_ctf_f300.html
f400
http://www.routards.org/2012/06/defcon-20-quals-forensics-400.html
http://blog.lse.epita.fr/articles/15-defcon2k12-prequals-for400-writeup.html
f500
http://blog.lse.epita.fr/articles/13-defcon2k12-prequals-for500-writeup.html
pwnables
p100
http://pastebin.com/eqzdtwmw
http://blog.lse.epita.fr/articles/17-defcon2k12-prequals-pwn100-writeup.html
p200
http://pastebin.com/hZRjypSH
http://blog.oxff.net/#jmjgjxh7rng7hgjyd7hq
http://pastebin.com/hvAxGMWM
p300
http://blog.oxff.net/#z44b5paapelzyn46rjea
http://blog.lse.epita.fr/articles/14-defcon2k12-prequals-pwn300-writeup.html
p400
http://blog.oxff.net/#anvszwpmjdyizhsqgngq
p500
binary l33tness
b100
http://securityblackswan.blogspot.co.uk/2012/06/defcon-20-ctf-qualifiers-b100.html
http://squidzrus.schleppingsquid.net/wiki/index.php?title=Binary_l33tness_100
b200
http://www.blizz.se/dc20_ctf_quals_bin200.html
b300
http://insight-labs.org/?p=368
b400
http://bit.ly/NyqP7a
http://x-n2o.com/bin400-dc20
b500
/urandom
r100
http://squidzrus.schleppingsquid.net/wiki/index.php?title=Urandom_100
r200
http://devtrixlabs.com/blog/2012/06/defcon-2012-urandom-200-writeup/
r300
http://www.routards.org/2012/06/defcon-20-quals-urandom-300.html
http://blog.sigsegv.in/2012/06/defcon-ctf-quals-2012-urandom-300.html
r400
http://secdef.cs.washington.edu/dc20-quals-urandom-400.html
r500
grab bag
gb100
gb200
http://adversec.com/docs/defcon_ctf_quals_2012_grab_bag_200_writeup.txt
http://www.routards.org/2012/06/defcon-20-quals-grab-bag-200.html
gb300
http://pastie.org/4023158
http://blog.lse.epita.fr/articles/16-defcon2k12-prequals-gb300-writeup.html
www.rajatswarup.com/blog/2012/06/03/defcon-ctf-quals-grabbag-300-writeup/
gb400
http://sysexit.wordpress.com/2012/06/03/defcon-20-ctf-prequals-2012-grab-bag-400-writeup/
http://www.rajatswarup.com/blog/2012/06/03/defcon-ctf-quals-grabbag400-writeup/http://www.rajatswarup.com/blog/2012/06/03/defcon-ctf-quals-grabbag400-writeup/

gb500

Writeups Collection :
http://d.hatena.ne.jp/Kango/20120604/1338815574
http://blog.lse.epita.fr/articles/18-defcon2k12-prequals.html
https://sites.google.com/site/ctfcentralorg/home/defcon-20-ctf-quals
Quals files dumps :
http://repo.shell-storm.org/CTF/Defcon-20-quals/

Monday, April 30, 2012

Plaid CTF 2012 Writeups Collection

Bunyan

200

Pwnables

We found a simple web application that robots made to serve tmp files for debugging purposes. SSH into the machine as your_user@174.129.69.147 and exploit the web app to read their secret.

Solutions
http://www.bases-hacking.org/bunyan-plaidctf2012.html

Chest

300

Pwnables

Robots are running secret service that aims to mill down diamonds into fairy dust, and use it to take over our world! Help us please!
23.22.1.14:1282

Solutions
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/chest.html

Format

Pwnables

Up on a hill, far away, sits the robot king of old. While he was once great, he recently has seemed to just offer simple challenges. Vanquish him and bring honor to your team!
23.20.104.208:56345

Solutions
http://x86overflow.blogspot.in/2012/04/plaidctf-pwnable-99.html
http://leetmore.ctf.su/wp/plaidctf-2012-format-99-pwnables/
http://pastebin.com/T1g4YYD4
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/format.html

FPU

600

Pwnables

At the core of Robot city lies a giant robotic orb who gives orders to all the robots. Bringing down this behemoth robot would strike a great victory for all humankind.
50.17.111.209:9999

Solutions
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/fpu.html

Secure FS

600

Pwnables

At the heart of the robot operating system lies a super secure file system. If this flaw could be found, we could potentially create a Weapon of Mass Robot Destruction!
72.44.33.97:37008

Solutions
http://auntitled.blogspot.fr/2012/05/plaid-ctf-2012-secure-fs.html

RPO

150

Password Guessing

Ok, so we think we intercepted some robot pr0n but we are not entirely sure. Can you help us decide what it is?

Solutions

RSA

200

Password Guessing

We recently intercepted a plethora of robot transmissions but they are all encrypted with some strange scheme we just can't quite figure out. Can you crack it?

Solutions
http://leetmore.ctf.su/wp/plaidctf-2012-rsa-200-password-guessing/

RoboDate

100

Password Guessing

So apparently robots, despite their lack of hormones, still have an underlying desire to mate. We stumbled upon a robot dating site, RoboDate. Hack it for us!

Solutions
http://0xbadf00d.co.uk/plaid-ctf-robo-date/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/robodate.html

Stego

150

Password Guessing

We are a little unsure what the robots fascination with Star Trek is but it would seem from the amount of accesses this image has been getting that it holds something interesting for them. Can you figure out what it is?

Solutions
http://blog.lse.epita.fr/articles/11-plaidctf-2012-stego-writeup.html

Nuclear Launch Detected

150

Password Guessing

Our spies intercepted communications and a file between 5 of the top 10 robo-generals and their nuclear bomb server. We must recover the final launch code from the 5 robo-general's secret codes, so we can stop the detonation!

Solutions
http://leetmore.ctf.su/wp/plaidctf-2012-nuclear-launch-detected-150-password-guessing/
http://eindbazen.net/2012/05/plaid-ctf-2012-nuclear-launch-detected/

Robot Testing Framework

350

Pirating

We have discovered a robot testing framework that appears to take a robot module and determine whether or not it is acceptable. Can you help us figure out what the criterion for acceptance are? Framework is found at pwning.net:8009.
This challenge was made by our friends at ManTech. If you enjoyed it, you might be interested in working for them.

Solutions
https://sysexit.wordpress.com/2012/05/03/plaidctf-2012-robot-testing-framework-350-pirating-writeup/

Editors

100

Pirating

We recently gained access to a log of a robot operative interacting with computer. We are unsure what he was up to but we know it is of the upmost importance to figure it out.

Solutions
http://int3pids.com/2012/05/plaidctf-2012-editors-100-pts.html
http://eindbazen.net/2012/05/plaid-ctf-2012-editors/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/editors.html

Traitor

200

Pirating

Top operative laser mic'd a room where a robot conspirator was logging into the robot governments secret interface. We were able to clean up the audio file significantly, but have no clue anymore.

Solutions
http://www.int3pids.com/2012/05/plaidctf-2012-traitor-200-pts.html

Mess

300

Pirating

The biggest event of the robot year is happening this week! Robot invitations are cool in that they are just a password that validates at the door. We acquired the validator to be used. Can you find an invitation for us in time?

Solutions
http://smokedchicken.org/2012/05/plaidctf-2012---mess-300.html
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/mess.html

Shoulder Surfing

Puzzles

What's a password that polaroid head got from inside Ellingson?

Solutions
http://sysexit.wordpress.com/2012/04/29/plaidctf-2012-shoulder-surfing-25-puzzles-writeup/
http://eindbazen.net/2012/04/plaid-ctf-2012-shoulder-surfing/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/shouldersurfing.html

Addition is Hard

Puzzles

Addition is hard!
0x0 +0x7068703f = ?
Answer in decimal

Solutions
http://x86overflow.blogspot.in/2012/04/plaidctf-addition-is-hard.html
http://khr0x40sh.wordpress.com/2012/04/30/plaid-ctf-2012-write-ups-addition-is-hard-and-torrents/
http://eindbazen.net/2012/04/plaid-ctf-2012-addition-is-hard/

Twitter

100

Puzzles

First team to get access to the Twitter account PPP and send us the password wins.
www.twitter.com/ppp
Go!

(Just kidding. Please don't get arrested.)

Solutions

Torrents

200

Practical Packets

It turns out that robots, like humans, are cheap and do not like paying for their movies and music. We were able to intercept some torrent downloads but are unsure what the file being downloaded was. Can you figure it out?

Solutions
https://h4des.org/blog/index.php?/archives/325-PlaidCtf-2012-write-up-Torrent-200.html
http://codezen.fr/2012/04/30/plaidctf-2012-practical-packets-200-torrents-writeup/
http://mweissbacher.com/blog/2012/04/30/plaidctf-2012-challenge-torrent-practical-packets-writeup-200-points/
http://eindbazen.net/2012/05/plaid-ctf-2012-torrent/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/torrents.html

80s Thinking

250

Practical Packets

We saw two robots dressed in sweater dresses, leggings and press on nails and decided we had to listen in. But, these robots were speaking an unintelligible language. Can you figure out what they were saying?

Solutions
http://codezen.fr/2012/04/30/plaidctf-2012-practical-packets-250-80s-thinking-writeup/
http://0xbadf00d.co.uk/plaidctf-80s-thinking/
http://eindbazen.net/2012/05/plaid-ctf-2012-80s-thinking/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/80sthinking.html

Paste

100

Practical Packets

Robot hackers, like their human counter parts, have a largely unmet need to dump large amounts of text to their peers. We recently got access to one of their servers and are providing you with the files. What have they been talking about?

Solutions
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/paste.html

Bouncer

250

Practical Packets

In a recent battle we took an enemy robot hostage and examined his operating system. During the examination we found a piece of robot malware that we don't quite understand. Can you enumerate its targets?
This challenge was made by our friends at ManTech. If you enjoyed it, you might be interested in working for them.

Solutions
http://leetmore.ctf.su/wp/plaidctf-2012-bouncer-250-practical-packets/
http://eindbazen.net/2012/05/plaid-ctf-2012-bouncer/

SIMD

250

Pirating

After examining some code retrieved by our operative we are unsure whether it was written by an evil genius or a google employee. We will let you decide.

Solutions
http://leetmore.ctf.su/wp/simd-250-pirating/
http://eindbazen.net/2012/05/plaid-ctf-2012-simd/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/simd.html

Encryption Service

300

Password Guessing

We found the source code for this robot encryption service, except the key was redacted from it. The service is currently running at 23.21.15.166:4433

Solutions
http://leetmore.ctf.su/wp/plaidctf-2012-encryption-service-300-password-guessing/
http://codezen.fr/2012/05/01/plaidctf-2012-password-guessing-300-encryption-service-writeup/
http://www.pentester.es/2012/05/encryption-service-del-plaidctf.html
http://codezen.fr/2012/05/01/plaidctf-2012-password-guessing-300-encryption-service-writeup/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/encryptionservice.html

Demo Time

350

Pirating

Pop some popcorn, grab a seat and be ready to listen to your favorite robotic chiptunes. It's an old fashioned robot party!

Solutions
http://eindbazen.net/2012/05/plaid-ctf-2012-demo-time/

ECE's Revenge II

500

Potpourri

Our aerial reconnaissance drones recently sighted these new robot prototypes but we cannot figure out how to turn them on (INSERT INAPPROPIATE JOKE). Can you help us solve the mystery and get their electrons flowing?

Solutions
http://eindbazen.net/?p=918
http://eindbazen.net/2012/04/plaid-ctf-2012-ece/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/ecesrevenge.html

QCE's Revenge

400

Potpourri

Maths are hard. Quantum maths are even harder.

Solutions

The Game

100

Potpourri

Robots enjoy some strange games and we just can't quite figure this one out. Maybe you will have better luck than us.
23.22.16.34:6969

Solutions
http://0xbadf00d.co.uk/plaid-ctf-the-game/
http://secgroup.ext.dsi.unive.it/2012/04/30/plaidctf-2012-write-up-the-game/
http://tasteless.se/2012/04/pctf-2012-the-game-writeup/
http://codezen.fr/2012/04/30/plaidctf-2012-potpourri-100-the-game-writeup/
http://smokedchicken.org/2012/05/plaidctf-2012---game-100.html
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/thegame.html

There Once Was A

200

Pirating

Turns out iPhones are just as cool to robots as they are to us! They all seem to have this app installed but it looks pretty boring to us. Any ideas?

Solutions
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/thereoncewasa.html

Debit or Credit

200

Potpourri

Ca-Ching! Do you think robots have headphone jacks?

Solutions
http://eindbazen.net/2012/05/plaid-ctf-2012-debit-or-credit/
http://smokedchicken.org/2012/05/plaidctf-2012---debit-or-credit-200.htm
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/debitorcredit.html

100

Potpourri

The robots appear to be testing some kind of new camera technology but we haven't quite figured it out yet. Understanding this imaging could be crucial to our understanding the enemy and winning the war.

Solutions
http://eindbazen.net/2012/05/plaidctf-2012-3d/
http://www.joshuagauthier.com/2012/05/pctf-2012-3d/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/3d.html

Simple

250

Pirating

Our lead scientist was really close to cracking this problem before a robot assassin took his life and stole all his work. All that was left was a posted saying 'simple'.

Solutions
http://blog.lse.epita.fr/articles/9-plaidctf-2012-simple-writeup.html
http://eindbazen.net/?p=901
http://eindbazen.net/2012/04/plaid-ctf-2012-simple/

JIT

450

Pwnables

Shoot to the left, break to the right and slide into the bunker 'just in time'.
23.21.39.14:52608 (BTW, administrator disabled /bin/sh... damn)

Solutions

Supercomputer 1

Pirating

Computing one big number is hard, but apparently the robots can do four? Please help us!
What is the first number?

Solutions
http://eindbazen.net/?p=890
http://eindbazen.net/2012/04/plaid-ctf-2012-supercomputer-1/

Supercomputer 2

Pirating

Computing one big number is hard, but apparently the robots can do four? Please help us!
What is the second number?

Solutions
http://wilrobertson.com/blog/2012/04/learning-to-robo-compute-at-plaidctf-2012
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/supercomputer.html

Supercomputer 3

100

Pirating

Computing one big number is hard, but apparently the robots can do four? Please help us!
What is the third number?

Solutions
http://wilrobertson.com/blog/2012/04/learning-to-robo-compute-at-plaidctf-2012

Supercomputer 4

300

Pirating

Computing one big number is hard, but apparently the robots can do four? Please help us!
What is the LAST number?

Solutions

Size Doesn't Matter

250

Password Guessing

We found a pair of robot command execution services running at 23.20.239.9 ports 8888 and 8889. Can you break into it?

Solutions
http://eindbazen.net/2012/04/plaid-ctf-2012-size-doesnt-matter/

Override
http://eindbazen.net/2012/05/plaid-ctf-2012-override/
http://smokedchicken.org/2012/05/plaidctf-2012---override-300.html
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/override.html

Repositories
http://repo.shell-storm.org/CTF/PlaidCTF-2012/
http://www.techbrunch.fr/securite/plaid-ctf-2012-writeups-collection/
http://captf.com/2012/PlaidCTF/HatesIrony-Writeups/
http://www.techbrunch.fr/securite/plaid-ctf-2012-writeups-collection/