CSAW 2015 Finals: Blox (Pwn Adventure Z RE250)

Posted on by and filed under CSAW Finals 2015.

This year at CSAW Finals, Vector35 contributed an entire NES/Famicom RPG as a challenge category. One challenge was solving the puzzle of the mysterious “Blox Cave” – a room of 24 urns that need to be activated in a certain combination in order to open the door to the flag.

CSAW 2014 :: Forensics 300 :: Fluffy No More

Posted on by and filed under CSAW 2014.

I think forensics challenges are generally horrible no fun zones, but Fluffy No More is actually a fun little scavenger hunt through a filesystem. @brad_anton gives us a tarball of the relevant parts of a compromised webserver – a MySQL database dump, /var/log/ , /var/www/ , and all of /etc/. Co-credit for this challenge goes to Alex… Read more »

DEF CON CTF Qualifier 2014 :: routarded

Posted on by and filed under DEF CON CTF Qualifier 2014.

routarded starts you out with a hint in the challenge description that the target webpage is a router with default credentials. After trying a bunch of default router combinations, @jonathansinger found a working combination of <blank>:admin. This pops you into the management site of this fake router, which has a promising diagnostics page. We went… Read more »

DEF CON CTF Qualifier 2014 :: hackertool

Posted on by and filed under DEF CON CTF Qualifier 2014.

hackertool had a torrent with a single large file: every_ip_address.txt. After downloading a few chunks, I opened it in a text editor and found that it the file was a consecutive list of IP addresses going from to (presumably) Instead of waiting for it to download, Alex Lynch had the idea for us to generate it… Read more »

Write-up :: pfSense at [email protected]

Posted on by and filed under Write-ups.

[email protected] (or more formally, the Collegiate Cyber Defense Club at UCF) now has a multi-server environment, but we started out with little to no inventory to speak of. Our club was founded about a year and a half ago, and we’ve slowly acquired more and more hardware for our strapping little environment. Some of our… Read more »

ATAST 2012 :: Web 11270

Posted on by and filed under ATAST 2012.

So we accidentally discovered a flag submission bug in the ATAST 2012 flag submission system after I submitted the first 20 point flag for web100 (23a952b7674e0c2d602bde4ba6367b93), not knowing that club member Jonathan Singer submitted it earlier.

PHDays 2012 :: PWN 300

Posted on by and filed under PHDays 2012.

Pwn300 was a Python Twisted site that served a page with a single form to kill, arrest, or bankrupt the kids of South Park. The organizers provided the source code for the challenge, which included the web service and a compiled Python module. The source to the page tells us that the flag is in… Read more »