From Technologia Incognita
Jump to: navigation, search
Date 2014/07/07
Location ACTA
Type Workshop
Contact Melanie

Capture The Flag evening - Part 21

  • 7 July, 2014 - 7 PM
  • Please bring along a laptop with you!!!

General CTF Info

Pwnium CTF Retrospective

Walk throughs

  • Dimitris is discussing the challenges solved by Team Knuffelhackers in the Pwnium CTF last weekend
  • Kernel land (150 points):
    • Static binary - Dimitris loaded it into QEMU
    • When he runs it it produces ticks - the hint: the flag is on the 3rd ticket
    • He added a debugger to the VM
    • He put a breakpoint on timer tick - and there's also a variable called 'flag'
    • He needed to add the symbols to GDB
    • He single stepped through the "ticks" , through the 3rd tick, and then examine the flag variable in memory at Tick 3
  • USB is fun (100 points):
    • We're given a pcap file with a USB transaction
    • He was able to find the flag just by running strings on it!
  • Look closer (50 points)
    • We got a rar file that is actually a jpeg
    • If you look at the jpg file, you can see the flag
  • Break me (100 points)
    • Dimitris base 64 decoded it - it's a bzip2 file
    • Dimitris decompressed it w/ bunzip
    • This gave the flag value
  • So basic (75 points)
    • He is given a zip file containing 2 byte strings
    • Each of these hashes represents a number 1-40
    • He wrote a bash script that puts these things in order
    • It's a chain of MD5 hashes
    • If it's present in the directory, you copy this to flag.txt
    • If you hex decode this (i.e. in Python) then you get the flag value
  • Altered code
    • We're given a main.c file with some computations, rotations, and a secret code
    • He noticed 2 places where indentation was broken (somebody had modified the files)
    • He commented these lines out, and then the program gave the flag when run
  • ROT (300 points)
    • A URL and port # gave a base 64 string, it expected an answer for about 5 seconds, and then closed down
    • If he decodes the string, it gives you a string - but you only have 5 seconds to extract the text and submit it as a flag!
    • He started looking into image transformations w/ Python
    • He used Python to clean up the image - then he needed OCR to extract the text
    • He converted the image to black and white
    • He was using an OCR program called "cuneiform"(?)
  • Baybe crackme
    • You get the flag by adding an arbitrary command line parameter
  • Find the owner:
    • This binary was connecting to a Tunesian government website
    • He concatenated the ip address and port, and that was a flag
  • Be a robot
    • Buffer overflow - jump to a function - get a shell from there
    • Dimitris solved it locally but not remotely