CSAW CTF 2015 - Transfer

After quickly looking through the .pcap, we find two things: a python source file, and a large b64 string (‘2Mk16Sk5iakYx…’)

CSAW CTF 2015 - Sharpturn

We’re given a .tar.xz which contains a partially corrupted git repo. Running git log reveals 4 commits, which all primarily build out one main .c file:

CSAW CTF 2015 - Lawn Care Simulator

After browsing around the home page of the website given, we notice 2 suspect things: password MD5s are computed client side, and there is a version number at the bottom of the page. After inspecting in chrome dev tools, we see that the version number is dynamically pulled from /.git/refs/heads/master, meaning that the site’s .git is publically accessible. However, while we can read files, directory listings are turned off. After researching the basics of how git works, we grab /.git/index which contains the filenames and sha1 hashes of all files in the repo. Running this through a git index parser (e.g. gin), we get a list of all the files and hashes:

CSAW CTF 2015 - Precision


  • Overflow

CSAW CTF 2015 - Contacts


  • Overflow
  • Uninitialized Variable
  • Format String

CSAW CTF 2015 - Throwback

  1. We can see a recent bugfix to CTFd, preventing unauthed admin calls at https://github.com/CTFd/CTFd/commit/9578355143d7af675fc4776b0f2de802be91e261.

CSAW CTF 2015 - K_{Stairs}

The site has a maze game that you must navigate through. On the /play tab, it shows a login screen, so an account is needed to play. Registering for an account, it automatically logs you in. The hint is that you need a compass to iwn, which is 10 tokens. The first account made will have none. However, with each account created, three more tokens are added to the current account compared to your previous account, due to cookies. If someone else tries to login with your credentials, they will not have the same amount of tokens.

CSAW CTF 2015 - Alexander Taylor

The first part of the challenge is to find the initals of the club Alex was in university. Googling “Alexander Taylor Raytheon” brings up his LinkedIn, which shows that he went to the University of South Florida and was president of the Whitehatters Computer Security Club. Using the format: http://fuzyll.com/csaw2015/<initials here> http://fuzyll.com/csaw2015/wcsc is the first part. It says: