We have intercepted communication in a private network. It is used a strange protocol based on RSA cryptosystem. Can you still prove that it is not secure enough and get the flag? We have a pcap files with multiples TCP sessions and a python script: #!/usr/bin/python import sys import struct […]
Do you like math? We have an encrypted flag.wmv.out file and this python script: #!/usr/bin/python import random from struct import pack def Str2matrix(s): #convert string to 4×4 matrix return [map(lambda x : ord(x), list(s[i:i+4])) for i in xrange(0, len(s), 4)] def Matrix2str(m): #convert matrix to string […]
Welcome to Microsoft Security Assessment Lab. As far as we are concerned, you are once again applying for an information security job at our vacancy. Our policy has changed. We’re not making our products secure anymore — we’re now providing bugs to NSA. They have run out of their CYCLONE […]
$ file server server: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x61abf52683bfa2cf645da3e96ba84f8cdf4842d2, stripped $ checksec.sh –file server RELRO STACK CANARY NX PIE […]
PE is downloaded in memory during Orbit Downloader startup. This memory module will then fetch a crypted configuration file with targets to DDoS. This short Python program will fetch this crypted configuration file from the source server and display its content. # Orbit Downloader Memory Module PE Payload # Configuration […]
This Web challenge was part of the ebCTF competition. It’s actually more crypto than web. We get a simple web site driving the famous cowsay binary: define(’MY_AES_IV’, CENSORED); define(’MY_AES_KEY’, CENSORED); define(’MY_HMAC_KEY’, CENSORED); define("FLAG","CENSORED"); function aes($data, $encrypt) { $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, ”, MCRYPT_MODE_CBC, ”); mcrypt_generic_init($aes, MY_AES_KEY, MY_AES_IV); return […]
server: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x66661e417e6b4037e552b904c755f2e4a7ecf934, stripped tr0llsex was a Linux ELF 64-bit binary from the SIGINT 2013 CTF’s Pwning category. It’s a fun little easy challenge with a twist: it’s using SCTP protocol for the network transport […]
$ file ropasaurusrex ropasaurusrex: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped $ eu-readelf -l ropasaurusrex Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000034 0x08048034 0x08048034 0x0000e0 0x0000e0 R E 0x4 INTERP 0x000114 0x08048114 0x08048114 0x000013 […]
$ file nuclearboom nuclearboom: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, not stripped Nuclearboom was a service binary in the iCTF 2013 Attack & Defense CTF. You use it to manage your various nuclear plants. $ nc localhost 4444 Control […]
This is a quick post to give my solution for the IMAFREAK challenge. What you need to succeed: – A JPEG file with EXIF CameraModel tag sets to “.php” so that the file is created with filename secretstoreddata/.php – Same JPEG file with the *RAW* Red plane containing a PHP […]