Difference between revisions of "CTF-practice-evening:2014-07-07"
(Created page with "{{Event |Date=2014/07/07 |Location=ACTA |EventType=Workshop |Contact=Melanie, }} blah") |
|||
| (14 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
|Location=ACTA | |Location=ACTA | ||
|EventType=Workshop | |EventType=Workshop | ||
| − | |Contact=Melanie, | + | |Contact=Melanie, |
}} | }} | ||
| − | + | = Capture The Flag evening - Part 21 = | |
| + | |||
| + | * 7 July, 2014 - 7 PM | ||
| + | * Please bring along a laptop with you!!! | ||
| + | |||
| + | = General CTF Info = | ||
| + | |||
| + | * See the page for the [[Ctf-evenings]] | ||
| + | * Link to the Tech Inc [[TechInc-CTF-Scoreboard | Challenge Website Scoreboard]] | ||
| + | |||
| + | = Pwnium CTF Retrospective = | ||
| + | |||
| + | * Link to Dimitris' Etherpad | ||
| + | ** https://pad.riseup.net/p/7fe081c3612b3dbd33ff954fe378826d | ||
| + | |||
| + | * Link to download the challenges: | ||
| + | ** https://pad.riseup.net/redirect#https%3A//t.co/0IW2JAehKR | ||
| + | |||
| + | == Walk throughs == | ||
| + | |||
| + | * Dimitris is discussing the challenges solved by Team Knuffelhackers in the Pwnium CTF last weekend | ||
| + | * Kernel land (150 points): | ||
| + | ** Static binary - Dimitris loaded it into QEMU | ||
| + | ** When he runs it it produces ticks - the hint: the flag is on the 3rd ticket | ||
| + | ** He added a debugger to the VM | ||
| + | ** He put a breakpoint on timer tick - and there's also a variable called 'flag' | ||
| + | ** He needed to add the symbols to GDB | ||
| + | ** He single stepped through the "ticks" , through the 3rd tick, and then examine the flag variable in memory at Tick 3 | ||
| + | * USB is fun (100 points): | ||
| + | ** We're given a pcap file with a USB transaction | ||
| + | ** He was able to find the flag just by running strings on it! | ||
| + | * Look closer (50 points) | ||
| + | ** We got a rar file that is actually a jpeg | ||
| + | ** If you look at the jpg file, you can see the flag | ||
| + | * Break me (100 points) | ||
| + | ** Dimitris base 64 decoded it - it's a bzip2 file | ||
| + | ** Dimitris decompressed it w/ bunzip | ||
| + | ** This gave the flag value | ||
| + | * So basic (75 points) | ||
| + | ** He is given a zip file containing 2 byte strings | ||
| + | ** Each of these hashes represents a number 1-40 | ||
| + | ** He wrote a bash script that puts these things in order | ||
| + | ** It's a chain of MD5 hashes | ||
| + | ** If it's present in the directory, you copy this to flag.txt | ||
| + | ** If you hex decode this (i.e. in Python) then you get the flag value | ||
| + | * Altered code | ||
| + | ** We're given a main.c file with some computations, rotations, and a secret code | ||
| + | ** He noticed 2 places where indentation was broken (somebody had modified the files) | ||
| + | ** He commented these lines out, and then the program gave the flag when run | ||
| + | * ROT (300 points) | ||
| + | ** A URL and port # gave a base 64 string, it expected an answer for about 5 seconds, and then closed down | ||
| + | ** If he decodes the string, it gives you a string - but you only have 5 seconds to extract the text and submit it as a flag! | ||
| + | ** He started looking into image transformations w/ Python | ||
| + | ** He used Python to clean up the image - then he needed OCR to extract the text | ||
| + | ** He converted the image to black and white | ||
| + | ** He was using an OCR program called "cuneiform"(?) | ||
| + | * Baybe crackme | ||
| + | ** You get the flag by adding an arbitrary command line parameter | ||
| + | * Find the owner: | ||
| + | ** This binary was connecting to a Tunesian government website | ||
| + | ** He concatenated the ip address and port, and that was a flag | ||
| + | * Be a robot | ||
| + | ** Buffer overflow - jump to a function - get a shell from there | ||
| + | ** Dimitris solved it locally but not remotely | ||
| + | |||
| + | * Esoteric programming language used in one of the challenges: http://compsoc.dur.ac.uk/whitespace/ | ||
| + | ** Another (unrelated) esoteric programming language: http://www.dangermouse.net/esoteric/hq9plusplus.html | ||
Latest revision as of 19:55, 7 July 2014
| CTF-practice-evening:2014-07-07 | |
|---|---|
| Date | 2014/07/07 |
| Time | |
| Location | ACTA |
| Type | Workshop |
| Contact | Melanie |
Contents
Capture The Flag evening - Part 21
- 7 July, 2014 - 7 PM
- Please bring along a laptop with you!!!
General CTF Info
- See the page for the Ctf-evenings
- Link to the Tech Inc Challenge Website Scoreboard
Pwnium CTF Retrospective
- Link to Dimitris' Etherpad
- Link to download the challenges:
Walk throughs
- Dimitris is discussing the challenges solved by Team Knuffelhackers in the Pwnium CTF last weekend
- Kernel land (150 points):
- Static binary - Dimitris loaded it into QEMU
- When he runs it it produces ticks - the hint: the flag is on the 3rd ticket
- He added a debugger to the VM
- He put a breakpoint on timer tick - and there's also a variable called 'flag'
- He needed to add the symbols to GDB
- He single stepped through the "ticks" , through the 3rd tick, and then examine the flag variable in memory at Tick 3
- USB is fun (100 points):
- We're given a pcap file with a USB transaction
- He was able to find the flag just by running strings on it!
- Look closer (50 points)
- We got a rar file that is actually a jpeg
- If you look at the jpg file, you can see the flag
- Break me (100 points)
- Dimitris base 64 decoded it - it's a bzip2 file
- Dimitris decompressed it w/ bunzip
- This gave the flag value
- So basic (75 points)
- He is given a zip file containing 2 byte strings
- Each of these hashes represents a number 1-40
- He wrote a bash script that puts these things in order
- It's a chain of MD5 hashes
- If it's present in the directory, you copy this to flag.txt
- If you hex decode this (i.e. in Python) then you get the flag value
- Altered code
- We're given a main.c file with some computations, rotations, and a secret code
- He noticed 2 places where indentation was broken (somebody had modified the files)
- He commented these lines out, and then the program gave the flag when run
- ROT (300 points)
- A URL and port # gave a base 64 string, it expected an answer for about 5 seconds, and then closed down
- If he decodes the string, it gives you a string - but you only have 5 seconds to extract the text and submit it as a flag!
- He started looking into image transformations w/ Python
- He used Python to clean up the image - then he needed OCR to extract the text
- He converted the image to black and white
- He was using an OCR program called "cuneiform"(?)
- Baybe crackme
- You get the flag by adding an arbitrary command line parameter
- Find the owner:
- This binary was connecting to a Tunesian government website
- He concatenated the ip address and port, and that was a flag
- Be a robot
- Buffer overflow - jump to a function - get a shell from there
- Dimitris solved it locally but not remotely
- Esoteric programming language used in one of the challenges: http://compsoc.dur.ac.uk/whitespace/
- Another (unrelated) esoteric programming language: http://www.dangermouse.net/esoteric/hq9plusplus.html
