Capture The Flag evening - Part 21

• 7 July, 2014 - 7 PM
• Please bring along a laptop with you!!!

General CTF Info

• See the page for the Ctf-evenings
• Link to the Tech Inc Challenge Website Scoreboard

Pwnium CTF Retrospective

• Dimitris is discussing the challenges solved by Team Knuffelhackers in the Pwnium CTF last weekend
• Kernel land (150 points):
  • Static binary - Dimitris loaded it into QEMU
  • When he runs it it produces ticks - the hint: the flag is on the 3rd ticket
  • He added a debugger to the VM
  • He put a breakpoint on timer tick - and there's also a variable called 'flag'
  • He needed to add the symbols to GDB
  • He single stepped through the "ticks" , through the 3rd tick, and then examine the flag variable in memory at Tick 3
• USB is fun (100 points):
  • We're given a pcap file with a USB transaction
  • He was able to find the flag just by running strings on it!
• Look closer (50 points)
  • We got a rar file that is actually a jpeg
  • If you look at the jpg file, you can see the flag
• Break me (100 points)
  • Dimitris base 64 decoded it - it's a bzip2 file
  • Dimitris decompressed it w/ bunzip
  • This gave the flag value
• So basic (75 points)
  • He is given a zip file containing 2 byte strings
  • Each of these hashes represents a number 1-40
  • He wrote a bash script that puts these things in order
  • It's a chain of MD5 hashes
  • If it's present in the directory, you copy this to flag.txt
  • If you hex decode this (i.e. in Python) then you get the flag value