RSA Mistakes was a 200 points cryptography master challenge in picoCTF. The final objective was to recover the encrypted message.
Important Day was a 100 points challenge where you were provided with a pcap file, and asked to determine when the system was powered on.
By looking at the pcap file it really looked like a portscan, and by a quick google search i ran into a post from back in 2006 on seclists.org discussing about the possibility to guess the time of the last system reboot, by looking at the TCP protocol TSVAL option.
Second CTF for the VulnHub team, and lots of fun with these puzzles.
This writeup is all about an interesting forensics and web game named “Personalized captcha” where the players were challenged to discover the value of a captcha string by analizing a provided pcap file.
Only a couple of hours have past since Persistence VulnHub competition ended.
Of course, again, as a VulnHub addict as i am, i couldn’t refrain my urge to partecipate and feel the pain :)
I really enjoyed playing this vulnerable VM, and the reward for such an high amount of frustration was a lot and lot of fun.
Many people partecipated this time, way more then the ones who took part in the Hades challenge, and this is a demonstration that VulnHub is getting more and more popular every day.
The CSAW CTF 2014 wasn’t only exploitation and reverse engineering, within the challenges a whole category was focused on forensics puzzles.
Fluffy No More was a 300 points worth challenge for which the solution could have been achieved by conducting a full scope forensics analysis of a compromised system.
The players were provided with an archive containing
- a database dump
- the content of /var/log
- the content of /var/www/html
- the content of /etc
All the informations were (badly imho) logically acquired from the compromised system, and the challenge was focused mostly on forensics methodology: if the player was good enaugh to understand what happened on the system, he’d find the hidden flag.
- Superkojiman as My brain runs assembly code
- Barrebas as The silent disassembler ninja
- Swappage as The mumbler and random guesser
Hello hello, Swappage here writing on behalf of the whole group that worked on this exploit dev :) please don’t kill me as my English is really terrible, although it might also be Koji and Bas’ fault for not reviewing this doc properly before publishing :p
During the past weekend me and a bunch of dudes from VulnHub decided to test ourselves and play the CSAW 2014 CTF challenge. Along wight he 300 point Forensics challenge, Saturn at exploitation 400 was one of the more interesting ones to solve. This is our writeup on it.
It looks like i made up my mind and started a blog!.
Ok ok, you are right… the truth is that i started playing around with Markdown and octopress, and i wanted to try publishing something :)
What’s going to be published here?
Well, pretty much everything that comes in my mind, things that i found interesting, reserches that I might be working on, games i play..
Oh right, I recently got an addiction for hacking games and competitions, so you will probably see some walkthroughs of challenges and problems from various CTF games..
mhh yep, pretty much it for now. See you soon :)