Revision as of 18:31, 7 July 2014

Capture The Flag evening - Part 21

Dimitris is discussing the challenges solved by Team Knuffelhackers in the Pwnium CTF last weekend
Kernel land (150 points):
- Static binary - Dimitris loaded it into QEMU
- When he runs it it produces ticks - the hint: the flag is on the 3rd ticket
- He added a debugger to the VM
- He put a breakpoint on timer tick - and there's also a variable called 'flag'
- He needed to add the symbols to GDB
- He single stepped through the "ticks" , through the 3rd tick, and then examine the flag variable in memory at Tick 3
USB is fun (100 points):
- We're given a pcap file with a USB transaction
- He was able to find the flag just by running strings on it!
Look closer (50 points)
- We got a rar file that is actually a jpeg
- If you look at the jpg file, you can see the flag
Break me (100 points)
- Dimitris base 64 decoded it - it's a bzip2 file
- Dimitris decompressed it w/ bunzip
- This gave the flag value
So basic (75 points)
- He is given a zip file containing 2 byte strings
- Each of these hashes represents a number 1-40
- He wrote a bash script that puts these things in order
- It's a chain of MD5 hashes
- If it's present in the directory, you copy this to flag.txt
- If you hex decode this (i.e. in Python) then you get the flag value
Altered code
- We're given a main.c file with some computations, rotations, and a secret code
- He noticed 2 places where indentation was broken (somebody had modified the files)
- He commented these lines out, and then the program gave the flag when run

@@ Line 42: / Line 42: @@
 ** If it's present in the directory, you copy this to flag.txt
 ** If you hex decode this (i.e. in Python) then you get the flag value
+* Altered code
+** We're given a main.c file with some computations, rotations, and a secret code
+** He noticed 2 places where indentation was broken (somebody had modified the files)
+** He commented these lines out, and then the program gave the flag when run