We have intercepted communication in a private network. It is used a strange protocol based on RSA cryptosystem. Can you still prove that it is not secure enough and get the flag? We have a pcap files with multiples TCP sessions and a python script: #!/usr/bin/python import sys import struct […]
HackYou 2014 – Crypto 300 – Do you like math? Write-up
Do you like math? We have an encrypted flag.wmv.out file and this python script: #!/usr/bin/python import random from struct import pack def Str2matrix(s): #convert string to 4×4 matrix return [map(lambda x : ord(x), list(s[i:i+4])) for i in xrange(0, len(s), 4)] def Matrix2str(m): #convert matrix to string […]
Hackyou 2014 – Net400 – gsmd.sh Write-up
30C3 CTF – PWN 300 – Todos Write-up : SQL injection + ret2libc
Orbit Downloader PE DDoS Memory Module Configuration File Decryptor
PE is downloaded in memory during Orbit Downloader startup. This memory module will then fetch a crypted configuration file with targets to DDoS. This short Python program will fetch this crypted configuration file from the source server and display its content. # Orbit Downloader Memory Module PE Payload # Configuration […]
ebCTF 2013 – Web400 (crypto/aes/cbc/hmac) Write-Up
This Web challenge was part of the ebCTF competition. It’s actually more crypto than web. We get a simple web site driving the famous cowsay binary: define(’MY_AES_IV’, CENSORED); define(’MY_AES_KEY’, CENSORED); define(’MY_HMAC_KEY’, CENSORED); define("FLAG","CENSORED"); function aes($data, $encrypt) { $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, ”, MCRYPT_MODE_CBC, ”); mcrypt_generic_init($aes, MY_AES_KEY, MY_AES_IV); return […]
SIGINT 2013 CTF – Pwning 300 – tr0llsex Write-up (SCTP challenge)
server: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x66661e417e6b4037e552b904c755f2e4a7ecf934, stripped tr0llsex was a Linux ELF 64-bit binary from the SIGINT 2013 CTF’s Pwning category. It’s a fun little easy challenge with a twist: it’s using SCTP protocol for the network transport […]
PlaidCTF 2013 – Pwnable 200 – ropasaurusrex Write-up
$ file ropasaurusrex ropasaurusrex: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped $ eu-readelf -l ropasaurusrex Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000034 0x08048034 0x08048034 0x0000e0 0x0000e0 R E 0x4 INTERP 0x000114 0x08048114 0x08048114 0x000013 […]
iCTF 2013 CTF – Nuclearboom Writeup
$ file nuclearboom nuclearboom: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, not stripped Nuclearboom was a service binary in the iCTF 2013 Attack & Defense CTF. You use it to manage your various nuclear plants. $ nc localhost 4444 Control […]