So word spread pretty quickly about the wireshark bugs being thrown around Defcon 20 CTF. After I got my hands on acme pharms packet capture I quickly set out to recover the evil packets and weaponize them :)

As a University research lab, we often have students who are not familiar with concepts that the professional security community finds second nature.

On Febuary 22nd, the Stripe company ran a straightforward 6 level CTF. The first level provides a single setuid binary and corresponding source and the task of obtaining the flag (a password to another user’s account) from a text file (/home/level02/.password) owned and only viewable by the next level’s account. In addition, we have a single directory which we can write to.

Being provided a txt file titled “long.txt” with the challenge title of “Count them all”, and the description “One important aspect of an inventory is to count all the swords you’ve got. Count them all.” was the premise for a challenge in the recent School CTF. Opening the file in a text editor (I used Notepad++) we can see that the file is comprised of a single line made up of a large amount of 1s. Using python we can easily open up the file and count the amount of 1s. It would be quite boring to do it manually.