Hack.lu 2010 CTF Challenge #18 Writeup
Digital Treasure Chest (300) You were asked to pentest the 1.1 beta-version of the digital treasure chest. Finding an authentication bypass appears to be trivial to you. pirates.fluxfingers.net...
View ArticleHack.lu 2010 CTF Challenge #19 Writeup
Magicwall (400) Captain Hook found the following link after looting his last frigate. He heard that the file flag on this system is worth 400 coins. Give him this file and he will reward you! ssh:...
View ArticleClik here to view.
Hack.lu 2010 CTF Challenge #10 Writeup
#10 – Chip Forensic To solve this task we have something like this (original image is lost) and hex string: 0B 12 0F 0F 1C 4A 4C 0D 4D 15 12 0A 08 15. What we see on image? Some USB device. Those who...
View ArticleHack.lu 2010 CTF Challenge #7 Writeup
Breiers Deathmatch (150) Schnuce Breier has challenged you to a cryptographer’s deathmatch. Connect to pirates.fluxfingers.net 8007/tcp and get the secret number. $ nc pirates.fluxfingers.net 8007 Hi....
View ArticleClik here to view.
Hack.lu 2010 CTF Challenge #8 Writeup
Sad Little Pirate (150) Our sad little pirate haes lost his password. It is known that the pirate has just one hand left; his left hand. So the paessword input is quite limited. Also he can still...
View ArticleClik here to view.
IFSF CTF #8 (X98) Write-up
we know it’s about some secret agents , but we need more than that 208.64.122.234 PORT 3000 X98 is a remote CTB task with a shell injection vuln. The auth When connected to the service, we get an auth...
View ArticleClik here to view.
IFSF CTF Small Challenges (#4, #5, #6, #14, #15)
Contents #4 ER #5 Change #6 Call me #14 Seek me #15 Embedded docs #4 ER Uhg uevn “dqsxpivacb yleqsy” kt uwfe vt nndmcawj e ncsrcuizf hgswe tlat lsglweeu b bvpbf xjlegtirs sf (ppt pfcittcwnly veldyid)...
View ArticleIFSF CTF #7 (X99) Write-up
this is one of their machines which have very sensitive informations , try to get for us the password 208.64.122.27 PORT : 3000 X99 carries a synthetic vulnerability that allows a char-by-char password...
View ArticleCodeGate 2012 Quals Net400 Write-up
Because of vulnerability of site in Company A, database which contains user’s information was leaked. The file is dumped packet at the moment of attacking. Find the administrator’s account information...
View ArticleClik here to view.
CodeGate 2012 Quals Vuln500 Write-up
1.234.41.7:22 ID : yesMan PWD : ohyeah123 Download vulnerable binary. Vuln500 was a hardened format-string vuln with ASLR, NX-stack, no-DTORs, RO .dynamic The vuln Simple format-string vulnerability:...
View ArticleCodeGate 2012 Quals Forensic 500 Write-up
This file is Forensic file format which is generally used. Check the information of imaged DISK, find the GUIDs of every partition. Answer: strupr((part1_GUID) XOR (part2_GUID) XOR …) Download :...
View ArticleOlympic CTF 2014 GuessGame (300)
Be careful, it’s cheating! nc 109.233.61.11 3126 Summary: discrete logarithm with group oracle This challenge was in FigureCrypting category in Olympic CTF 2014. At first, there was some proof of work...
View ArticleVolgaCTF Quals 2015 – CPKC (Crypto 400) writeup
cpkc A home-brewed cryptosystem, should be easy to break. Its keyspace seems to be rather large though… challenge.tar Summary: LLL-based attack on NTRUEncrypt-like cryptosystem. 1. Cryptosystem The...
View ArticleBoston Key Party CTF 2016 – HMAC-CRC (Crypto 5pts)
[3] : hmac_crc – 5 – 36 solves : crypto: We’re trying a new mac here at BKP—HMAC-CRC. The hmac (with our key) of “zupe zecret” is ‘0xa57d43a032feb286’. What’s the hmac of “BKPCTF”? hmac-task.py...
View ArticleClik here to view.
Boston Key Party CTF 2016 – GCM (Crypto 9pts)
[8] : gsilvis counting magic – 9 – 4 solves : crypto: Here’s a verification/decryption server: gcm.ctf.bostonkey.party:32768 . Get the GCM MAC key (the thing the server prints out on startup). We’ve...
View ArticleClik here to view.
Boston Key Party CTF 2016 – Feistel (Crypto 5pts)
feistel – 5 – 15 solves : crypto: I just made a brand new cipher! Can you recover the key? 52.86.232.163:32785 feistel.go Summary: slide with a twist attack In this challenge we have access to an...
View Article0CTF 2016 Quals – RSA? (Crypto 2 pts)
It seems easy, right? rsa.zip Tip: openssl rsautl -encrypt -in FLAG -inkey public.pem -pubin -out flag.enc Summary: factoring 300-bit modulus into 3 primes, extracting cube roots. $ openssl rsa -in...
View ArticleClik here to view.
0CTF 2016 Quals – Equation (Crypto 2 pts)
Here is a RSA private key with its upper part masked. Can your recover the private key and decrypt the file? equation.zip Summary: recovering RSA key from part of the private key. In the picture we...
View ArticlePlaidCTF 2016 – sexec (Crypto 300)
If you need to securely grant execution privileges, what better way to do it than sexec? This is running on sexec.pwning.xxx:9999 sexec.tar.gz Summary: attacking a small instance of Ring-LWE based...
View ArticleGoogle CTF – Wolf Spider (Crypto 125)
Continuing on from Eucalypt Forest – can you break Message Authentication in Wolf Spider wolf.py Summary: forging signatures by exploiting CBC padding oracle and hash length extenstion This challenge...
View Article