-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwriteups.html
400 lines (365 loc) · 32.7 KB
/
writeups.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="ie6 ie" lang="en" dir="ltr"> <![endif]-->
<!--[if IE 7]> <html class="ie7 ie" lang="en" dir="ltr"> <![endif]-->
<!--[if IE 8]> <html class="ie8 ie" lang="en" dir="ltr"> <![endif]-->
<!--[if IE 9]> <html class="ie9 ie" lang="en" dir="ltr"> <![endif]-->
<!--[if !IE]> --> <html lang="en" dir="ltr"> <!-- <![endif]-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="shortcut icon" href="sites/all/themes/open_framework/favicon.ico" type="image/vnd.microsoft.icon" />
<meta name="Generator" content="Drupal 7 (http://drupal.org)" />
<!-- Set the viewport width to device width for mobile -->
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Writeups | BalalaikaCr3w</title>
<style type="text/css" media="all">
@import url("https://ctfcrew.org/modules/system/system.base.css?qtecp0");
@import url("https://ctfcrew.org/modules/system/system.menus.css?qtecp0");
@import url("https://ctfcrew.org/modules/system/system.messages.css?qtecp0");
@import url("https://ctfcrew.org/modules/system/system.theme.css?qtecp0");
</style>
<style type="text/css" media="all">
@import url("https://ctfcrew.org/modules/comment/comment.css?qtecp0");
@import url("https://ctfcrew.org/modules/field/theme/field.css?qtecp0");
@import url("https://ctfcrew.org/modules/node/node.css?qtecp0");
@import url("https://ctfcrew.org/modules/search/search.css?qtecp0");
@import url("https://ctfcrew.org/modules/user/user.css?qtecp0");
@import url("sites/all/modules/views/css/views.css%3Fqtecp0.css");
@import url("sites/all/modules/ckeditor/css/ckeditor.css%3Fqtecp0.css");
</style>
<style type="text/css" media="all">
@import url("sites/all/modules/ctools/css/ctools.css%3Fqtecp0.css");
@import url("sites/all/libraries/syntaxhighlighter_3.0.83/styles/shCore.css%3Fqtecp0.css");
@import url("sites/all/libraries/syntaxhighlighter_3.0.83/styles/shThemeDefault.css%3Fqtecp0.css");
</style>
<style type="text/css" media="all">
@import url("sites/all/themes/open_framework/bootstrap/css/bootstrap.min.css%3Fqtecp0.css");
@import url("sites/all/themes/open_framework/bootstrap/css/bootstrap-responsive.min.css%3Fqtecp0.css");
@import url("sites/all/themes/open_framework/css/open_framework.css%3Fqtecp0.css");
@import url("sites/all/themes/open_framework/css/ie.css%3Fqtecp0.css");
@import url("sites/all/themes/open_framework/jquery.minicolors/jquery.minicolors.css%3Fqtecp0.css");
@import url("sites/all/themes/open_framework/css/jquery.themizer.css%3Fqtecp0.css");
@import url("sites/all/themes/open_framework/css/universal.css%3Fqtecp0.css");
@import url("sites/all/themes/open_framework/font-awesome-4.0.3/css/font-awesome.min.css%3Fqtecp0.css");
</style>
<style type="text/css" media="print">
@import url("sites/all/themes/open_framework/css/open_framework_print.css%3Fqtecp0.css");
</style>
<script type="text/javascript" src="sites/all/modules/jquery_update/replace/jquery/1.8/jquery.min.js%3Fv=1.8.3"></script>
<script type="text/javascript" src="https://ctfcrew.org/misc/jquery.once.js?v=1.2"></script>
<script type="text/javascript" src="https://ctfcrew.org/misc/drupal.js?qtecp0"></script>
<script type="text/javascript" src="sites/all/libraries/syntaxhighlighter_3.0.83/scripts/shCore.js%3Fqtecp0"></script>
<script type="text/javascript" src="sites/all/libraries/syntaxhighlighter_3.0.83/scripts/shAutoloader.js%3Fqtecp0"></script>
<script type="text/javascript" src="sites/default/files/syntaxhighlighter.autoloader.js%3Fqtecp0"></script>
<script type="text/javascript" src="sites/all/themes/open_framework/bootstrap/js/bootstrap.min.js%3Fqtecp0"></script>
<script type="text/javascript" src="sites/all/themes/open_framework/js/open_framework.js%3Fqtecp0"></script>
<script type="text/javascript" src="sites/all/themes/open_framework/js/override.js%3Fqtecp0"></script>
<script type="text/javascript" src="sites/all/themes/open_framework/jquery.minicolors/jquery.minicolors.min.js%3Fqtecp0"></script>
<script type="text/javascript" src="sites/all/themes/open_framework/js/jquery.themizer.js%3Fqtecp0"></script>
<script type="text/javascript" src="sites/all/themes/open_framework/js/universal.js%3Fqtecp0"></script>
<script type="text/javascript">
<!--//--><![CDATA[//><!--
jQuery.extend(Drupal.settings, {"basePath":"\/","pathPrefix":"","ajaxPageState":{"theme":"open_framework","theme_token":"8HetOBuSu2RbCcsrmlBwc31uUNvsZmPCLOaWeN4hta4","js":{"sites\/all\/modules\/syntaxhighlighter\/syntaxhighlighter.min.js":1,"sites\/all\/modules\/jquery_update\/replace\/jquery\/1.8\/jquery.min.js":1,"misc\/jquery.once.js":1,"misc\/drupal.js":1,"sites\/all\/libraries\/syntaxhighlighter_3.0.83\/scripts\/shCore.js":1,"sites\/all\/libraries\/syntaxhighlighter_3.0.83\/scripts\/shAutoloader.js":1,"sites\/default\/files\/syntaxhighlighter.autoloader.js":1,"sites\/all\/themes\/open_framework\/bootstrap\/js\/bootstrap.min.js":1,"sites\/all\/themes\/open_framework\/js\/open_framework.js":1,"sites\/all\/themes\/open_framework\/js\/override.js":1,"sites\/all\/themes\/open_framework\/jquery.minicolors\/jquery.minicolors.min.js":1,"sites\/all\/themes\/open_framework\/js\/jquery.themizer.js":1,"sites\/all\/themes\/open_framework\/js\/universal.js":1},"css":{"modules\/system\/system.base.css":1,"modules\/system\/system.menus.css":1,"modules\/system\/system.messages.css":1,"modules\/system\/system.theme.css":1,"modules\/comment\/comment.css":1,"modules\/field\/theme\/field.css":1,"modules\/node\/node.css":1,"modules\/search\/search.css":1,"modules\/user\/user.css":1,"sites\/all\/modules\/views\/css\/views.css":1,"sites\/all\/modules\/ckeditor\/css\/ckeditor.css":1,"sites\/all\/modules\/ctools\/css\/ctools.css":1,"sites\/all\/libraries\/syntaxhighlighter_3.0.83\/styles\/shCore.css":1,"sites\/all\/libraries\/syntaxhighlighter_3.0.83\/styles\/shThemeDefault.css":1,"sites\/all\/themes\/open_framework\/bootstrap\/css\/bootstrap.min.css":1,"sites\/all\/themes\/open_framework\/bootstrap\/css\/bootstrap-responsive.min.css":1,"sites\/all\/themes\/open_framework\/fontawesome\/css\/font-awesome.min.css":1,"sites\/all\/themes\/open_framework\/css\/open_framework.css":1,"sites\/all\/themes\/open_framework\/css\/ie.css":1,"sites\/all\/themes\/open_framework\/jquery.minicolors\/jquery.minicolors.css":1,"sites\/all\/themes\/open_framework\/css\/jquery.themizer.css":1,"sites\/all\/themes\/open_framework\/css\/universal.css":1,"sites\/all\/themes\/open_framework\/font-awesome-4.0.3\/css\/font-awesome.min.css":1,"sites\/all\/themes\/open_framework\/css\/open_framework_print.css":1}},"syntaxhighlighter":{"useAutoloader":true}});
//--><!]]>
</script>
<!--[if IE 7]>
<link rel="stylesheet" href="/sites/all/themes/open_framework/fontawesome/css/font-awesome-ie7.min.css">
<![endif]-->
<!-- IE Fix for HTML5 Tags -->
<!--[if lt IE 9]>
<script src="/sites/all/themes/open_framework/js/html5shiv.js"></script>
<![endif]-->
<style type="text/css" media="all">@import url("sites/all/themes/open_framework/css/page.css");</style>
<script type="text/javascript" src="sites/all/themes/open_framework/js/page.js"></script>
</head>
<body class="main-body html not-front not-logged-in one-sidebar sidebar-second page-writeups content-first " >
<a href="writeups.html#content" class="element-invisible element-focusable">Skip to content</a>
<a href="writeups.html#main-nav" class="element-invisible element-focusable" data-target=".nav-collapse" data-toggle="collapse">Skip to navigation</a>
<!-- /#skipnav -->
<!-- /#admin-shortcuts -->
<div id="header" class="clearfix header" role="banner">
<div class="container">
<div class="row">
<div class="span12">
<div id="logo" class="site-logo"> <a href="index.html" title="Home" rel="home"> <img src="sites/default/files/logo.png" alt="BalalaikaCr3w" role="presentation" /> </a></div>
<!-- /#logo -->
<div id="name-and-slogan">
<div id="site-name" class="site-name"><a href="index.html" title="Home" rel="home">BalalaikaCr3w</a></div>
<div id="site-slogan" class="site-slogan">Russian CTF team</div>
</div>
<!-- /#name-and-slogan -->
</div>
</div>
<div class="social">
<a href="http://twitter.com/BalalaikaCr3w" class="social-item twitter">
<i class="fa fa-twitter"></i>
</a>
</div>
</div>
</div>
<!-- /#header --><div id="main" class="clearfix main" role="main">
<div class="container">
<div id="main-content" class="row main-content">
<div id="content" class="mc-content span9">
<div class="color-pane bg-0D"></div>
<div id="content-wrapper" class="content-wrapper">
<div id="content-head" class="row-fluid content-head">
<h1 class="title" id="page-title"> Writeups </h1>
</div>
<div id="content-body" class="row-fluid content-body"> <div class="region region-content clearfix">
<div id="block-system-main" class="clearfix block block-system"> <div class="content"> <div class="view view-writeups view-id-writeups view-display-id-page view-dom-id-68bd8723159e84d8fe97e82d42ed3dd0">
<div class="view-content">
<div class="views-row views-row-1 views-row-odd views-row-first">
<article id="node-104" class="node node-writeup node-promoted node-teaser clearfix"> <div class="bookmark-wrapper">
<div class="type bg-0B">writeup</div>
<div class="bookmark">
<span class="day">23</span>
<span class="month">Jan</span>
</div>
<a href="writeups.html#node-104" class="link"><i class="fa fa-link"></i></a>
</div>
<div class="node-wrapper">
<h2><a href="writeup/104.html">Isomni'hack 2017 teaser mindreader writeup</a></h2>
<div class="submitted">
23.01.2017 16:46, by <i class="fa fa-user"></i><span class="username">russtone</span> </div>
<div class="content">
<div class="field field-name-field-category field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Category: </div><div class="field-items"><div class="field-item even"><a href="categories/mobile.html">mobile</a></div><div class="field-item odd"><a href="categories/web.html">web</a></div></div></div><div class="field field-name-field-event field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Event: </div><div class="field-items"><div class="field-item even"><a href="event/38.html">Isomni'hack teaser 2017</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p> </p>
<p><em>Machines infected lots of Android smartphones and try to collect information on human behaviour... Have a look to their application and try to steal information on them.</em></p>
<p>So we have an android application file. Let's decompile its code!</p>
<p>First, we need to translate Dalvik bytecode to equivalent Java bytecode. I used <a href="https://github.com/google/enjarify">enjarify</a> for this:</p></div></div></div> </div>
<ul class="links inline"><li class="node-readmore first last"><a href="writeup/104.html" rel="tag" title="Isomni'hack 2017 teaser mindreader writeup">Read more<span class="element-invisible"> about Isomni'hack 2017 teaser mindreader writeup</span></a></li>
</ul> </div>
</article>
</div>
<div class="views-row views-row-2 views-row-even">
<article id="node-101" class="node node-writeup node-promoted node-teaser clearfix"> <div class="bookmark-wrapper">
<div class="type bg-0B">writeup</div>
<div class="bookmark">
<span class="day">08</span>
<span class="month">May</span>
</div>
<a href="writeups.html#node-101" class="link"><i class="fa fa-link"></i></a>
</div>
<div class="node-wrapper">
<h2><a href="writeup/101.html">Web2 writeup</a></h2>
<div class="submitted">
08.05.2015 20:41, by <i class="fa fa-user"></i><span class="username">the_storm</span> </div>
<div class="content">
<div class="field field-name-field-category field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Category: </div><div class="field-items"><div class="field-item even"><a href="categories/web.html">web</a></div></div></div><div class="field field-name-field-event field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Event: </div><div class="field-items"><div class="field-item even"><a href="event/34.html">Volga CTF 2015 Quals</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>This is the Web2 problem</p><p>The challenge simply states "Find the key!" and it gives us the challenge URL.<br />The first thing I usually do with a web challenge is to run dirbuster, spider the target and check the it with Nmap. </p><p>Checking with Nmap didn't result in anything interesting. However dirbuster did. I found two interesting folders.<br />The first one is "SecretAdminPanel" and the second one was "logs"</p><p>I visited "SecretAdminPanel" and I saw this.</p></div></div></div> </div>
<ul class="links inline"><li class="node-readmore first last"><a href="writeup/101.html" rel="tag" title="Web2 writeup">Read more<span class="element-invisible"> about Web2 writeup</span></a></li>
</ul> </div>
</article>
</div>
<div class="views-row views-row-3 views-row-odd">
<article id="node-99" class="node node-writeup node-promoted node-teaser clearfix"> <div class="bookmark-wrapper">
<div class="type bg-0B">writeup</div>
<div class="bookmark">
<span class="day">24</span>
<span class="month">Mar</span>
</div>
<a href="writeups.html#node-99" class="link"><i class="fa fa-link"></i></a>
</div>
<div class="node-wrapper">
<h2><a href="writeup/99.html">Infosec mini ctf writeup </a></h2>
<div class="submitted">
24.03.2015 02:09, by <i class="fa fa-user"></i><span class="username">the_storm</span> </div>
<div class="content">
<div class="field field-name-field-category field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Category: </div><div class="field-items"><div class="field-item even"><a href="categories/web.html">web</a></div><div class="field-item odd"><a href="categories/stego.html">stego</a></div><div class="field-item even"><a href="categories/forensics.html">forensics</a></div></div></div><div class="field field-name-field-event field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Event: </div><div class="field-items"><div class="field-item even"><a href="event/33.html">Infosec Institute CTF</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><div class="page" title="Page 3"><div class="layoutArea"><div class="column"><p><span style="font-size: 24.000000pt; font-family: 'Helvetica'; font-weight: bold; color: rgb(17.254900%, 43.529410%, 58.431380%);"><span style="color: #333333; font-size: 16px; font-weight: normal;">This is the InfoSec CTF writeup.</span></span></p></div></div></div></div></div></div> </div>
<ul class="links inline"><li class="node-readmore first last"><a href="writeup/99.html" rel="tag" title="Infosec mini ctf writeup ">Read more<span class="element-invisible"> about Infosec mini ctf writeup </span></a></li>
</ul> </div>
</article>
</div>
<div class="views-row views-row-4 views-row-even">
<article id="node-98" class="node node-writeup node-promoted node-teaser clearfix"> <div class="bookmark-wrapper">
<div class="type bg-0B">writeup</div>
<div class="bookmark">
<span class="day">04</span>
<span class="month">Mar</span>
</div>
<a href="writeups.html#node-98" class="link"><i class="fa fa-link"></i></a>
</div>
<div class="node-wrapper">
<h2><a href="writeup/98.html">Wood Island (Crypto - 150)</a></h2>
<div class="submitted">
04.03.2015 11:58, by <i class="fa fa-user"></i><span class="username">Triff</span> </div>
<div class="content">
<div class="field field-name-field-category field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Category: </div><div class="field-items"><div class="field-item even"><a href="categories/crypto.html">crypto</a></div></div></div><div class="field field-name-field-event field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Event: </div><div class="field-items"><div class="field-item even"><a href="event/32.html">Boston Key Party 2015</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><strong>Task:</strong></p><p>You can try to sign messages and send them to the server, 52.0.217.48 port 60231. Sign the right message and you\'ll get the flag! Only problem---you don\'t have the signing key. I will give you this, though: sigs.txt is a file containing a bunch of signatures. I hope it helps. (P.S. Don\'t try and send the exact signatures in that file---that\'s cheating!)</p><p>Given archieve attached below.</p><p><strong>Solution:</strong></p><p></div></div></div> </div>
<ul class="links inline"><li class="node-readmore first last"><a href="writeup/98.html" rel="tag" title="Wood Island (Crypto - 150)">Read more<span class="element-invisible"> about Wood Island (Crypto - 150)</span></a></li>
</ul> </div>
</article>
</div>
<div class="views-row views-row-5 views-row-odd">
<article id="node-97" class="node node-writeup node-promoted node-teaser clearfix"> <div class="bookmark-wrapper">
<div class="type bg-0B">writeup</div>
<div class="bookmark">
<span class="day">02</span>
<span class="month">Mar</span>
</div>
<a href="writeups.html#node-97" class="link"><i class="fa fa-link"></i></a>
</div>
<div class="node-wrapper">
<h2><a href="writeup/97.html">Kendall (pwn - 300)</a></h2>
<div class="submitted">
02.03.2015 14:00, by <i class="fa fa-user"></i><span class="username">Dor1s</span> </div>
<div class="content">
<div class="field field-name-field-category field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Category: </div><div class="field-items"><div class="field-item even"><a href="categories/pwn.html">pwn</a></div></div></div><div class="field field-name-field-event field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Event: </div><div class="field-items"><div class="field-item even"><a href="event/32.html">Boston Key Party 2015</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Description of task is pretty small:</p><p>52.0.164.37:8888</p><p>And <a href="sites/default/files/writeups/kendall.tar_.gz">link</a> to file (ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, stripped).</p><p> </p><p><strong>Solution</strong></p><p>After connecting to the server we receive the following menu:</p></div></div></div> </div>
<ul class="links inline"><li class="node-readmore first last"><a href="writeup/97.html" rel="tag" title="Kendall (pwn - 300)">Read more<span class="element-invisible"> about Kendall (pwn - 300)</span></a></li>
</ul> </div>
</article>
</div>
<div class="views-row views-row-6 views-row-even">
<article id="node-96" class="node node-writeup node-promoted node-teaser clearfix"> <div class="bookmark-wrapper">
<div class="type bg-0B">writeup</div>
<div class="bookmark">
<span class="day">21</span>
<span class="month">Jan</span>
</div>
<a href="writeups.html#node-96" class="link"><i class="fa fa-link"></i></a>
</div>
<div class="node-wrapper">
<h2><a href="writeup/96.html">cloudfs forensics(200)</a></h2>
<div class="submitted">
21.01.2015 16:24, by <i class="fa fa-user"></i><span class="username">the_storm</span> </div>
<div class="content">
<div class="field field-name-field-category field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Category: </div><div class="field-items"><div class="field-item even"><a href="categories/forensics.html">forensics</a></div></div></div><div class="field field-name-field-event field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Event: </div><div class="field-items"><div class="field-item even"><a href="event/31.html">Ghost in the Shellcode CTF Quals 2015</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>We have just finished Ghost in the Shell code CTF in 12th place. Though GITS CTF is usually one of the best CTFs, but this year they weren't that good. The web task had a good idea but wan't correctly implemented, some people got the flag right away from others' exploitations. Forensics tasks wasn't really PURE forensic. Yet, I personally enjoyed the CTF and enjoyed cloudfs challenge. </p></div></div></div> </div>
<ul class="links inline"><li class="node-readmore first last"><a href="writeup/96.html" rel="tag" title="cloudfs forensics(200)">Read more<span class="element-invisible"> about cloudfs forensics(200)</span></a></li>
</ul> </div>
</article>
</div>
<div class="views-row views-row-7 views-row-odd">
<article id="node-95" class="node node-writeup node-promoted node-teaser clearfix"> <div class="bookmark-wrapper">
<div class="type bg-0B">writeup</div>
<div class="bookmark">
<span class="day">30</span>
<span class="month">Dec</span>
</div>
<a href="writeups.html#node-95" class="link"><i class="fa fa-link"></i></a>
</div>
<div class="node-wrapper">
<h2><a href="writeup/95.html">Rick (malware 15)</a></h2>
<div class="submitted">
30.12.2014 00:16, by <i class="fa fa-user"></i><span class="username">azrael</span> </div>
<div class="content">
<div class="field field-name-field-category field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Category: </div><div class="field-items"><div class="field-item even"><a href="categories/admin.html">admin</a></div></div></div><div class="field field-name-field-event field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Event: </div><div class="field-items"><div class="field-item even"><a href="event/30.html">31C3 CTF Quals 2014</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Task description says that "seems like somebody got pwned <a style="box-sizing: border-box; color: #337ab7;" href="http://188.40.18.67/">http://188.40.18.67</a>". When I went to the link I was immediately rickrolled.</p><p></div></div></div> </div>
<ul class="links inline"><li class="node-readmore first last"><a href="writeup/95.html" rel="tag" title="Rick (malware 15)">Read more<span class="element-invisible"> about Rick (malware 15)</span></a></li>
</ul> </div>
</article>
</div>
<div class="views-row views-row-8 views-row-even">
<article id="node-93" class="node node-writeup node-promoted node-teaser clearfix"> <div class="bookmark-wrapper">
<div class="type bg-0B">writeup</div>
<div class="bookmark">
<span class="day">23</span>
<span class="month">Nov</span>
</div>
<a href="writeups.html#node-93" class="link"><i class="fa fa-link"></i></a>
</div>
<div class="node-wrapper">
<h2><a href="writeup/93.html">Collect as much as you can (Crypto 300)</a></h2>
<div class="submitted">
23.11.2014 04:06, by <i class="fa fa-user"></i><span class="username">Dil4rd</span> </div>
<div class="content">
<div class="field field-name-field-category field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Category: </div><div class="field-items"><div class="field-item even"><a href="categories/crypto.html">crypto</a></div></div></div><div class="field field-name-field-event field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Event: </div><div class="field-items"><div class="field-item even"><a href="event/29.html">CSCAMP CTF Quals 2014</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>The description contains ip address and port to connect to and hint: IVs.</p><p>When we connect to given ip and port we can find that the server gives us result of encryption and 3 numbers that incrementing sequentially:</p></div></div></div> </div>
<ul class="links inline"><li class="node-readmore first last"><a href="writeup/93.html" rel="tag" title="Collect as much as you can (Crypto 300)">Read more<span class="element-invisible"> about Collect as much as you can (Crypto 300)</span></a></li>
</ul> </div>
</article>
</div>
<div class="views-row views-row-9 views-row-odd">
<article id="node-91" class="node node-writeup node-promoted node-teaser clearfix"> <div class="bookmark-wrapper">
<div class="type bg-0B">writeup</div>
<div class="bookmark">
<span class="day">02</span>
<span class="month">Nov</span>
</div>
<a href="writeups.html#node-91" class="link"><i class="fa fa-link"></i></a>
</div>
<div class="node-wrapper">
<h2><a href="writeup/91.html">WireTap (Stegano 200)</a></h2>
<div class="submitted">
02.11.2014 22:37, by <i class="fa fa-user"></i><span class="username">Dor1s</span> </div>
<div class="content">
<div class="field field-name-field-category field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Category: </div><div class="field-items"><div class="field-item even"><a href="categories/stego.html">stego</a></div></div></div><div class="field field-name-field-event field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Event: </div><div class="field-items"><div class="field-item even"><a href="event/28.html">No cON Name CTF Finals 2014</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><span data-rz-clipboard="true"><strong>Description:</strong> Does it sound like a flag? Maybe... I don't know...</span></p><p><span data-rz-clipboard="true">File: <a href="https://cloud.mail.ru/public/fd1b20161fe5/wiretap.wav.tar.xz">wiretap.wav</a></span></p><p><strong>Solution:</strong></p><p>Let's quickly analyze the file:</p></div></div></div> </div>
<ul class="links inline"><li class="node-readmore first last"><a href="writeup/91.html" rel="tag" title="WireTap (Stegano 200)">Read more<span class="element-invisible"> about WireTap (Stegano 200)</span></a></li>
</ul> </div>
</article>
</div>
<div class="views-row views-row-10 views-row-even views-row-last">
<article id="node-90" class="node node-writeup node-promoted node-teaser clearfix"> <div class="bookmark-wrapper">
<div class="type bg-0B">writeup</div>
<div class="bookmark">
<span class="day">01</span>
<span class="month">Nov</span>
</div>
<a href="writeups.html#node-90" class="link"><i class="fa fa-link"></i></a>
</div>
<div class="node-wrapper">
<h2><a href="writeup/90.html">vodka (forensics 400)</a></h2>
<div class="submitted">
01.11.2014 22:13, by <i class="fa fa-user"></i><span class="username">the_storm</span> </div>
<div class="content">
<div class="field field-name-field-category field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Category: </div><div class="field-items"><div class="field-item even"><a href="categories/forensics.html">forensics</a></div></div></div><div class="field field-name-field-event field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Event: </div><div class="field-items"><div class="field-item even"><a href="event/28.html">No cON Name CTF Finals 2014</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><strong>Description:</strong> We were given a pcap file called vodka were asked to get out the flag.<br /><br /><strong>Solution:</strong></p><p>We opened the pcap file with wireshark and take a look the statistics of the pcap file, we saw that 100% of the packets in the file was mainly tftp protocol packets.</p><p><img src="sites/default/files/writeups/images/1_0.png" alt="" width="573" height="270" /></p></div></div></div> </div>
<ul class="links inline"><li class="node-readmore first last"><a href="writeup/90.html" rel="tag" title="vodka (forensics 400)">Read more<span class="element-invisible"> about vodka (forensics 400)</span></a></li>
</ul> </div>
</article>
</div>
</div>
<h2 class="element-invisible">Pages</h2><div class="item-list"><ul class="pager"><li class="pager-current first">1</li>
<li class="pager-item"><a title="Go to page 2" href="writeups%3Fpage=1.html">2</a></li>
<li class="pager-item"><a title="Go to page 3" href="writeups%3Fpage=2.html">3</a></li>
<li class="pager-item"><a title="Go to page 4" href="writeups%3Fpage=3.html">4</a></li>
<li class="pager-item"><a title="Go to page 5" href="writeups%3Fpage=4.html">5</a></li>
<li class="pager-item"><a title="Go to page 6" href="writeups%3Fpage=5.html">6</a></li>
<li class="pager-item"><a title="Go to page 7" href="writeups%3Fpage=6.html">7</a></li>
<li class="pager-next"><a title="Go to next page" href="writeups%3Fpage=1.html">next ›</a></li>
<li class="pager-last last"><a title="Go to last page" href="writeups%3Fpage=6.html">last »</a></li>
</ul></div>
</div> </div>
</div></div>
<!-- /.region -->
</div>
</div>
<!-- /#content-wrap -->
</div>
<!-- /#content -->
<div id="sidebar-second" class="sidebar span3 site-sidebar-second">
<div class="color-pane bg-0B"></div>
<div class="row-fluid row-block row-block-1">
<div class="region region-sidebar-second clearfix">
<div id="block-system-navigation" class="clearfix block block-system block-menu"> <div class="content"> <ul class="menu nav"><li class="first leaf"><a href="index.html"><i class="fa fa-home"></i>Home</a></li>
<li class="leaf active-trail"><a href="writeups.html" class="active"><i class="fa fa-file-text active-trail"></i>Writeups</a></li>
<li class="leaf"><a href="tools.html"><i class="fa fa-wrench"></i>Tools</a></li>
<li class="last leaf"><a href="blogs.html"><i class="fa fa-users"></i>Blog</a></li>
</ul> </div>
</div>
<div id="block-views-events-block-1" class="clearfix block block-views"> <h2>Last events</h2>
<div class="content"> <div class="view view-events view-id-events view-display-id-block_1 view-dom-id-5735e510b2789caaa3e183be59e7ba78">
<div class="view-content">
<div class="views-row views-row-1 views-row-odd views-row-first">
<div class="views-field views-field-name"> <span class="field-content"><a href="event/32.html">Boston Key Party 2015</a></span> </div> </div>
<div class="views-row views-row-2 views-row-even">
<div class="views-field views-field-name"> <span class="field-content"><a href="event/36.html">Boston Key Party CTF 2016</a></span> </div> </div>
<div class="views-row views-row-3 views-row-odd views-row-last">
<div class="views-field views-field-name"> <span class="field-content"><a href="event/35.html">EKOPARTY PRE-CTF 2015</a></span> </div> </div>
</div>
<div class="more-link">
<a href="events.html">
all events </a>
</div>
</div> </div>
</div>
</div>
<!-- /.region -->
</div>
<div class="color-pane bg-09"></div>
<div class='row-fluid row-block row-block-2'>
<ul class="nav">
<li><a href="user.html"><i class="fa fa-sign-in"></i>Sign in</a></li>
</ul>
</div>
</div>
<!-- /#sidebar-second --> </div>
</div>
</div>
<!-- /#main, /#main-wrapper -->
<script type="text/javascript" src="sites/all/modules/syntaxhighlighter/syntaxhighlighter.min.js%3Fqtecp0"></script>
</body>
</html>