ATAST 2012 :: Web 11270

Posted by and filed under ATAST 2012.

So we accidentally discovered a flag submission bug in the ATAST 2012 flag submission system after I submitted the first 20 point flag for web100 (23a952b7674e0c2d602bde4ba6367b93), not knowing that club member Jonathan Singer submitted it earlier.

29c3CTF 2012 :: Highandlow 100

Posted by and filed under 29c3CTF 2012.

For this 29c3 CTF challenge, we are given a WAV. Upon first listening, one can hear DTMF tones, phone tones. There is still an abundance of high pitched noise too. First check with Audacity in the spectrogram:

29c3CTF 2012 :: Regexdb 100

Posted by and filed under 29c3CTF 2012.

This challenge gave the description: Ever played Googlewhack? Well, this is a bit easier and gives you more power, enjoy. Googlewhack is when only one result comes up from two words being searched. In this case, they have their own database of strings and we can search to find something that returns only one result.

PHDays 2012 :: PWN 300

Posted by and filed under PHDays 2012.

Pwn300 was a Python Twisted site that served a page with a single form to kill, arrest, or bankrupt the kids of South Park. The organizers provided the source code for the challenge, which included the web service and a compiled Python module. The source to the page tells us that the flag is in… Read more »

PHDays 2012 :: Misc 400

Posted by and filed under PHDays 2012.

This was a fun challenge. We are given “I am lost” and a remote host to connect to. Connecting via netcat gives us Hi there! Stupid CAPTCHA: enter your name, user40319 Entering the username gives us a bunch of mazes in this format…

PoliCTF 2012 :: Grabbag 300

Posted by and filed under PoliCTF 2012.

The challenge in this problem was pretty clearly JavaScript unpacking. There was an image in base64 format in the html file given, and thus there was also the possibility of a steganography challenge. Here’s the block we were given:

Hack.LU 2012 :: 5 Tux Bomb

Posted by and filed under Hack.LU 2012.

At the beginning of this problem, we’re given a Windows binary(.exe). Running it gives some inane output about a username and product key. This is a clue that it could be a keygenme or something more difficult(but it isn’t, yay!) So, we open the executable up in IDA. Taking a quick look at the string… Read more »

Hack.LU 2012 :: 23 Spambots

Posted by and filed under Hack.LU 2012.

The trick here was to spot the vulnerability. The scripts loads html from a controlled webpage with @file_get_contents(). It then parses the html for forms with regex to solves a basic math problem, with unescaped eval(). Finally the page submits a post request to the controlled webpage with file_get_contents(). With that information determined from the… Read more »