Blog

Expertise gained during Capture The Flag competitions to support the security research community

boot2brainfuck

Points: 150 Category: PWN Description You are still trying to get code execution on your own? Hahaha. There is an app for that! We are now introducing Remote Code Execution as a Service (RCEaaS). Pro tips: +[--->++<]>.++++[->++++<]>+.++++++++++.----------.+++++++++++.[---->+<]>+++.-[--->++<]>--.++++++++++++..----.[-->+<]>++.-----------..[--->+<]>+++.[--->+<]>.--------.[->+++++<]>--.+[--->+<]>++++.++++++.[--->+<]>-----.---[->++<]>.++[--->++<]>+.>++++++++++. Flag is at A:\FLAG.TXT

Read more ›

Tagged with:

Read more

Zwiebel

Points: 50 Category: re Description I found this onion in my kitchen, may I ask you to dissect it? https://www.youtube.com/watch?v=LowwCyZHBBk download Solution The file we downloaded is an ELF 64-bit executable. First, let’s try running it:

So our task will be

Read more ›

Tagged with:

Read more

Defective RAID

Link: https://score.ctf.westerns.tokyo/problems/38 (only for logged in users) Points: 300 Category: forensic, PPC Description The stupid RAID NAS fails after two disks are crashed. Please rescue our exploit source code. Incomplete RAID emulator is attached. defective-raid.7z tl;dr Provided archive contains custom RAID implementation

Read more ›

Read more

Deadnas

Link: https://score.ctf.westerns.tokyo/problems/5 (only for logged in users) Points: 50 Category: forensic, warmup Description Today, our 3-disk NAS has failed. Please recover flag. deadnas.7z Hint 1: The NAS used RAID. Hint 2: RAID-5 Solution

From above output we know that disk1 is missing.

Read more ›

Read more

Ninth

Link: https://score.ctf.westerns.tokyo/problems/22 (only for logged in users) Points: 100 Category: Misc Description Find the flag. This problem is not image based on steganography. tl;dr Take data from IDAT chunk, decompress it and grep for TWCTF. Solution explanation The first step

Read more ›

Read more

Greeting

Description Host : pwn2.chal.ctf.westerns.tokyo Port : 16317 Note: To prevent from DoS attacks, output length is limited in 131072 characters. As always our task is to obtain the flag on the remote server and as always we will try to

Read more ›

Tagged with:

Read more

Zozo

Link: https://wargame.whitehat.vn/Challenges/DetailContest/136 Author: WhiteHat Wargame Points: 100 Category: pwn Description ssh pwnguest@118.70.80.143 1094 68bZ$wRn Resources the binary (gzipped) Walkthrough part 1 We have been given shell access to a remote machine. The pwnguest user was extremely limited – no access

Read more ›

Tagged with:

Read more

WYGINWYS(what you get is not what you see)

Link: https://wargame.whitehat.vn/Challenges/DetailContest/143 Points: 200 Category: Forensics Description http://material.wargame.whitehat.vn/contests/11/for1_206e72e52f2f73fa1a1080b70d528657.zip nc 118.70.80.143 7337 tl;dr https://codisec.com/veles/. Zip archive containing disk image. Mount it with ntfs-3g. There is a binary file and after looking for deleted files you can also find a .pyc file. Turns out the

Read more ›

Read more