Sunday, March 16, 2014

RuCTF Quals Writeups Collection

admin
100. iip
http://lights-out-ctf.ghost.io/ructf-quals-2014-admn-100-iip/
200. Troubleshooting
http://tasteless.se/2014/03/ructf-quals-2014-for200-and-admin200-writeup/
300. Strange image
400. Compile

crypto
100. MD5
http://xrekkusu.hatenablog.jp/entry/2014/03/11/214753
200. Mary Queen
http://quangntenemy.blogspot.in/2014/03/ructf-quals-2014.html
http://xrekkusu.hatenablog.jp/entry/2014/03/11/224338
300. TLS
http://blog.dragonsector.pl/2014/03/ructf-2014-quals-tls-crypto-300.html
400. RuCTFCoin
500. Decrypt message
https://rdot.org/forum/showthread.php?t=3053&langid=1

forensics
100. Secret host
http://peterpen-ctf.net/?p=915
http://ctfwriteups.blogspot.in/2014/03/ructf-2014-quals-forensics-100-secret.html
200. Nosql
http://tasteless.se/2014/03/ructf-quals-2014-for200-and-admin200-writeup/
http://akaminsky.net/ructf-2014-forensics-200-nosql/
300. Secure data storage
400. So close
http://peterpen-ctf.net/?p=899

hardware
100. IR dump
200. hw_reverse
300. ADC
400. Microcontroller
https://stratum0.org/blog/posts/2014/03/11/ructf-quals-2014-microcontroller/

misc
100. Shredder
http://nullify-ctf.blogspot.in/2014/03/ructf-quals-misc-100-shredder-writeup.html
200. RuCTF radio
http://ctfwriteups.blogspot.in/2014/03/ructf-2014-quals-misc-100-shredder-misc.html
300. Bluetooth
http://blackcon.tistory.com/97
500. GSM
http://piggybird.net/2014/03/ructf-2014-quals-misc-500-gsm-writeup/

ppc
200. Maze
http://nullify-ctf.blogspot.in/2014/03/ructf-quals-2014-ppc-200-maze.html
300. Secret string
400. Minesweeper

recon
100. Favourite book
http://onthesystemsoftheworld.blogspot.in/2014/03/ructf-2014-qualifiers-recon-100300400.html
200. Stolen camera
300. Get the message
http://tasteless.se/2014/03/ructf-quals-2014-vuln100-and-recon300-writeup/
400. Landlord
http://onthesystemsoftheworld.blogspot.in/2014/03/ructf-2014-qualifiers-recon-100300400.html
500. The Card

reverse
10. Harm
100. Bad lib
200. No harm
300. Erl
400. PIN code
500. Arcfour
http://piggybird.net/2014/03/ructf-2014-quals-reverse-500-arcfour/

stegano
100. Cat's eye
http://nullify-ctf.blogspot.in/2014/03/ructf-quals-2014-stegano-100-cats-eye.html
200. HP
https://stratum0.org/blog/posts/2014/03/10/ructf-quals-2014-HP/
300. Nyan-task
400. Pixel video

vuln
100. Guess the flag
http://tasteless.se/2014/03/ructf-quals-2014-vuln100-and-recon300-writeup/
http://blog.0xdeffbeef.com/2014/03/ructf-quals-2014-guess-flag-vuln-100.html
200. Log aggregator
http://v0ids3curity.blogspot.in/2014/03/ructf-quals-2014-aggregator-vuln-200.html
300. Posts
400. Quest server
500. Sample mixer

web
100. php
http://nullify-ctf.blogspot.in/2014/03/ructf-quals-2014-web-100-php.html
200. es
http://tasteless.se/2014/03/ructf-quals-2014-web100-and-web200-writeup/
https://hackucf.org/blog/web-200-2/
300. Messengerrr
http://mage-ctf-writeup.blogspot.jp/2014/03/ructf-quals-2014-web300.html
400. irRSA
https://rdot.org/forum/showthread.php?t=3053&langid=1
500. Secritter

Other interesting links:
http://shell-storm.org/repo/CTF/RuCTF-quals-2014/
https://github.com/HackerDom
https://github.com/zed-0xff/ctf/tree/master/2014.ructf-quals

Monday, January 27, 2014

GiTS CTF 2014 Quals writeups collection

Trivia
lugkist
http://tasteless.se/2014/01/gits-2014-lugkist-trivia-150/
http://commandlinewani.blogspot.in/2014/01/ghostintheshellcode-write-up-lugkist.html

inview
http://digitaloperatives.blogspot.in/2014/01/ghost-in-shellcode-2014-trivia-150.html

Crypto
Dogecrypt
http://digitaloperatives.blogspot.in/2014/01/ghost-in-shellcode-2014-crypto-75.html
http://commandlinewani.blogspot.in/2014/01/ghostintheshellcode-write-up-dogecrypt.html

CTF247
http://insertco.in/2014/01/19/ctf247-gits-2014/
http://blogs.tunelko.com/2014/01/19/ghost-in-the-shellcode-2014-write-up-ctf247/

phpcrypto
http://tasteless.se/2014/01/gits-2014-phpcrypto-recon-100/
https://github.com/ctfs/write-ups/blob/master/ghost-in-the-shellcode-2014/phpcrypto/README.md

Forensics

Revenge of Imgception
http://pastebin.com/q8Lf8M0w

Choose your Pwn Adventure 2

A Boaring Quest
http://tasteless.se/2014/01/gits-2014-a-boaring-quest-pwn-adventure-150/

Long live the queen 

Cave of Nope

Unbearable
http://lockboxx.blogspot.in/2014/01/ghost-in-shellcode-2014-ctf-writeup.html
http://tasteless.se/2014/01/gits-2014-unbearable-pwn-adventure-75/

Rabbit of Caerbannog
http://tasteless.se/2014/01/gits-2014-rabbit-of-caerbannog-pwn-adventure-75/

Snow Down

DOS Attack

Ad Subtract
http://tasteless.se/2014/01/gits-2014-ad-substract-pwn-adventure-75/

Moon Boots

Portal

Pillowtalk
https://systemoverlord.com/blog/2014/01/19/ghost-in-the-shellcode-2014-pillowtalk/

Radioactive
http://tasteless.se/2014/01/gits-2014-radioactive-crypto-250/

Gitzino
http://ppp.cylab.cmu.edu/wordpress/?p=1140

Reverse Engineering

TrustMeMore
http://blog.zachorr.com/trustmemore/

PapSmear
http://balidani.blogspot.in/2014/01/ghost-in-shellcode-2014-papsmear-writeup.html

Pwnable

TI-1337
http://delogrand.blogspot.in/2014/01/ghost-in-shellcode-2014-ti-1337.html

gitsmsg
http://ppp.cylab.cmu.edu/wordpress/?p=1152

Fuzzy
http://ppp.cylab.cmu.edu/wordpress/?p=1146

Byte Sexual

Writeups collection @ http://digitaloperatives.blogspot.in/2014/01/gits-2014-write-up-collection.html

Wednesday, January 01, 2014

30C3 CTF writups collection

PWN
cwitscher 350
http://pastebin.com/jMbTX521
bittorrent 400
https://rzhou.org/~ricky/30c3/bittorrent.py
todos 300
http://codezen.fr/2013/12/30/30c3-ctf-pwn-300-todos-write-up-sql-injection-ret2libc/
http://balidani.blogspot.in/2013/12/30c3-ctf-todos-writeup.html
bigdata 400
https://rzhou.org/~ricky/30c3/bigdata.tx
DOGE1 100
http://thehackerblog.com/such-ctf-very-wow-30c3-doge1-writeup/
http://tasteless.se/2013/12/30c3-ctf-doge1-writeup/
DOGE2 400
http://pastebin.com/81CY5Pg2
HolyChallenge 500
http://blog.dragonsector.pl/2013/12/30c3-ctf-holychallenge-pwn-500.html

SANDBOX
int80 300
http://blog.dragonsector.pl/2013/12/30c3-ctf-int80-sandbox-300.html
yass 400

PyExec 300
http://blog.dragonsector.pl/2013/12/30c3-ctf-pyexec-sandbox-300.html
http://delimitry.blogspot.in/2013/12/30c3-ctf-2013-sandbox-300-pyexec-writeup.html

MISC
notesEE 400
https://johannes.user.aachen.ccc.de/notesee.sh
rsync 200
http://tasteless.se/2013/12/30c3-ctf-rsync-writeup/
http://dr0x0n.blogspot.in/2013/12/writeup-30c3-ctf-2013-rsync-200-rsync.html
cableguy 100

NUMBERS
fourier 200
http://d.hatena.ne.jp/waidotto/20131230
guess 100
http://tasteless.se/2013/12/30c3-ctf-guess-writeup/
matsch 300
https://p.6core.net/p/aNV32Brb8OszIDtnP3r9X9Kp
angler 300
http://blog.zachorr.com/30C3-CTF-Numbers-300-angler/

Writeups Collection :
Lovely collection of writeups @ https://pads.ccc.de/wfijnKiUA4
**Thanks to @hellman and @Gunther_AR for pointing this nice treasure trove ;)

Monday, April 22, 2013

Plaid CTF 2013 Writeups Collection

BINARY
100 - three_eyed_fish
http://broot.ca/blog/plaidctf-three-eyed-fish-binary-100
http://f00l.de/blog/?p=1781
_________________________________________________________________________________
100 - hypercomputer-1
http://f00l.de/blog/?p=1803
_________________________________________________________________________________
250 - cone
http://pastie.org/private/wpxsvcxllyryl9s8ffslqw#7
http://pastie.org/private/wpxsvcxllyryl9s8ffslqw
http://seg.fault.in/2013/04/plaidctf-2013-cone-250-write-up.html
_________________________________________________________________________________
250 - drmless
http://int3pids.blogspot.in/2013/04/plaidctf-2013-drmless-binary-250-write.html
_________________________________________________________________________________
400 - kavihk
http://int3pids.blogspot.in/2013/04/plaidctf-2013-kavihk-binary-400-write-up.html
http://pwnies.dk/post/kavihk-plaidctf-2013/
_________________________________________________________________________________
450 - cnot
http://www.skullsecurity.org/blog/2013/epic-cnot-writeup-plaidct
_________________________________________________________________________________
CRYPTOGRAPHY
100 - cyrpto
http://r3dey3.com/2013/04/plaidctf-crypto100/
http://scoding.de/plaidctf-2013-writeup-cyrpto/
_________________________________________________________________________________
200 - blech
http://leetmore.ctf.su/wp/plaidctf-2013-blech-crypto-200/
_________________________________________________________________________________
250 - compression
http://www.rajatswarup.com/blog/2013/04/21/plaidctf-2013-crypto-250-compression-writeup/
http://dave.frop.net/plaid_ctf_2013_writeup_crypto_250_compression
http://broot.ca/blog/plaidctf-compression-crypto-250
_________________________________________________________________________________
250 - giga
http://r3dey3.com/2013/04/plaid-ctf-giga-crypto-250/
http://pwnies.dk/post/giga-plaidctf-2013/
_________________________________________________________________________________
FORENSICS
150 - cat_rar
http://www.mikelisi.me/2013/04/plaid-ctf-2013-catrar-write-up.html
http://eindbazen.net/2013/04/pctf-2013-cat_rar-forensics-150/
_________________________________________________________________________________
350 - usbdude

_________________________________________________________________________________
PWNABLE
150 - secure_reader
http://pwnies.dk/post/securereader-plaidctf-2013/
_________________________________________________________________________________
200 - ropasauru
http://codezen.fr/2013/04/22/plaidctf-2013-pwnable-200-ropasaurusrex-write-up/
http://pastie.org/7693791
http://bases-hacking.org/ropasaurusrex-pctf2013.html
http://hackerschool.org/temp/pctf2013/ropasaurusrex_exp.py
_________________________________________________________________________________
250 - dynrpn
http://pwnies.dk/post/dynrpn-plaidctf-2013/
_________________________________________________________________________________
250 - pork
http://pastie.org/7693773
http://bases-hacking.org/pork-pctf2013.html
http://pwn3r.tistory.com/entry/Plaid-CTF-2013-pork
_________________________________________________________________________________
250 - e1000-1
https://github.com/moralfag/ctf/tree/master/pctf2013-e1000
_________________________________________________________________________________
WEB
150 - charsheet
http://www.cubalo.com/blog/?p=110
________________________________________________________________________________
400 - servr
This might come in handy. 
http://bases-hacking.org/servr-pctf2013.html
_________________________________________________________________________________
20 - Unnnnlucky
http://magic-hat.ru/forum/viewtopic.php?pid=341#p341
_________________________________________________________________________________
100 - cheap
http://pwnies.dk/post/cheap-plaidctf-2013/
_________________________________________________________________________________
150 - Prove It
http://eindbazen.net/2013/04/pctf-2013-prove-it-misc-150/
_________________________________________________________________________________
400 - pyjail
http://darksaber.tk/wapiflapi/pyjail_escape.py
http://blog.pnuts.tk/2013/04/plaidctf-pyjail-story-of-pythons-escape.html

Repository/Miscellaneous collection:
http://shell-storm.org/repo/CTF/PlaidCTF-2013/
http://pwn3r.tistory.com/entry/Plaid-CTF-2013-Write-up-collection


Monday, October 01, 2012

CSAW 2012 Quals - writeup collection

Trivia


http://eindbazen.net/2012/09/csaw-2012-trivia/http://the-ctf-guy.blogspot.in/2012/10/csaw-2012-trivia-challenges.html


Recon 


Web 

c4ca4238a0b923820dcc509a6f75849b - 100 Points
http://128.238.66.216/c4ca4238a0b923820dcc509a6f75849b/
Lara Anderton needs to break into PreCrime to free her husband, but they just installed a fancy new security system. Help her break into it!
Solutions:
http://eindbazen.net/2012/09/csaw-2012-web-100/

c81e728d9d4c2f636f067f89cc14862c - 200 Points
http://128.238.66.216/c81e728d9d4c2f636f067f89cc14862c/
Solutions:
http://eindbazen.net/2012/09/csaw-2012-web-200/

217 - 300 Points
http://128.238.66.217/
This is a website belonging to a horse-fighting gang. Even with an account, it's not clear what they're up to. Your task is to get administrator access and see if you can figure anything out. Your account is csaw_challenger/letmein123.
Solutions:
http://isisblogs.poly.edu/2012/09/30/csaw-ctf-horseforce-writeup/

CryptoMat - 400 Points
http://128.238.66.214/
CryptoMat is a site where you can send encrypted messages to other users. Dog is a user on the site and has the key. Figure out how to get into his account and obtain it.
Solutions:
http://blog.lse.epita.fr/articles/29-csaw-ctf-2012-web-400-writeup.html

Noderper - 500 Points
Derpsoft
Hello, QA personnel! As you know, we here at Noderpsoft are desperately trying to put the finishing touches on our Noderper web UI, and although we're super mega confident in the awesomness of our Web 12.0-centric strategy, we had some security consultant jerk tell us that our diagnostic interface was a Pastebin in the making.What a load of baloney! There isn't anything wrong with it, but just to satisfy the derpiest of derps, we thought we'd let you all prove us RIGHT! What better way to check the status of your system than with common Lunix commands, and even offer an awesome Web 2.5-3.0 (depending on who we're marketing to that day) friendly extensible interface?!?!??!?!?!?!?!??!?!?!
We hope you like Noderper as much as we do, and find zero bugs or mythical, so-called security vulnerabilities in it. Otherwise, you're fired.
Sincerely, and with all the hopes for the most ludicrous of V.C. money,
Roberto J. Quinetana
Solutions:
http://eindbazen.net/2012/09/csaw-2012-web-500/
http://blog.lse.epita.fr/articles/27-csaw-ctf-2012-web-500-writeup.html
https://github.com/quine/csaw2012/tree/master/noderp
eccbc87e4b5ce2fe28308fd9f2a7baf3 - 600 Points
http://128.238.66.216/eccbc87e4b5ce2fe28308fd9f2a7baf3/
Solutions:
http://eindbazen.net/2012/09/csaw-2012-web-600/

Reversing

csaw2012reversing.exe - 100 Points
csaw2012reversing.exe
csaw2012reversing.pdb

Solutions:


CSAWQualificationEasy.exe - 200 Points
CSAWQualificationEasy.exe
Solutions:
CSAWQualification.exe - 300 Points
CSAWQualification.exe
Solutions:
csaw2012reversing - 400 Points
csaw2012reversing
Solutions:
8086100f.mrom - 500 Points
8086100f.mrom
8086100f.mrom.tmp

Exploitation

54321 - 200 Points
nc 128.238.66.218 54321
exploitation1-release
Read the key out of ./key in the current working directory.
Solutions :
http://xelenonz.blogspot.in/2012/10/csaw-ctf-exploit200-write-up.html
http://ppp.cylab.cmu.edu/wordpress/?p=954

4842 - 300 Points
nc 128.238.66.218 4842
Read the key out of ./key in the current working directory.
This binary has been changed to update the server.
Solutions :
http://eindbazen.net/2012/09/csaw-2012-exploitation-300/
http://ppp.cylab.cmu.edu/wordpress/?p=968

23456 - 400 Points
nc 128.238.66.213 23456
Read the key out of ./key in the current working directory.
Solutions :
http://ppp.cylab.cmu.edu/wordpress/?p=985

12345 - 500 Points

nc 128.238.66.213 12345
Read the key out of ./key in the current working directory
Solutions :
http://ppp.cylab.cmu.edu/wordpress/?p=1015
http://blog.lse.epita.fr/articles/31-csaw-ctf-2012-exploitation-200300400500-writeups.html

Forensics

version1.png - 200 Points

version1.png

Solutions :
version2.png - 200 Points
version2.png
core - 500 Points
core

Networking

telnet.pcap - 100 Points
telnet.pcap

lemieux.pcap - 200 Points
lemieux.pcap
Some dude I know is planning a party at some bar in New York! I really want to go but he's really strict about who gets let in to the party. I managed to find this packet capture of when the dude registered the party but I don't know what else to do. Do you think there's any way you can find out the secret password to get into the party for me? By the way, my favorite hockey player ever is mario lemieux.
dongle.pcap - 300 Points
dongle.pcap
timewave-zero.pcap - 400 Points
timewave-zero.pcap
According to Terence McKenna, the universe has a teleological attractor at the end of time that increases interconnecte dness, eventually reaching a singularity of infinite complexity in 2012, at which point anything and everything imaginable will occur simultaneously. He conceived this idea over several years in the early to mid-1970s while using psilocybin mushrooms and DMT.
Once you get the key, truncate it to 128 characters.
Solutions:
http://blog.lse.epita.fr/articles/30-csaw-ctf-2012-timewave-zeropcap-net400.html