CSAW CTF: HorseForce Writeup

This time around, I’d written a challenge for CSAW CTF. There were 32 challenges, in all sorts of topics such as Web, Reversing, Exploitation, etc. The challenge I wrote was the 300 point Web challenge, HorseForce.

Tracing Bugs in Wireshark

So word spread pretty quickly about the wireshark bugs being thrown around Defcon 20 CTF. After I got my hands on acme pharms packet capture I quickly set out to recover the evil packets and weaponize them :)

Endianness

As a University research lab, we often have students who are not familiar with concepts that the professional security community finds second nature.

Stripe CTF Level01

On Febuary 22nd, the Stripe company ran a straightforward 6 level CTF. The first level provides a single setuid binary and corresponding source and the task of obtaining the flag (a password to another user’s account) from a text file (/home/level02/.password) owned and only viewable by the next level’s account. In addition, we have a single directory which we can write to.

School CTF: Count Them All

Being provided a txt file titled “long.txt” with the challenge title of “Count them all”, and the description “One important aspect of an inventory is to count all the swords you’ve got. Count them all.” was the premise for a challenge in the recent School CTF. Opening the file in a text editor (I used Notepad++) we can see that the file is comprised of a single line made up of a large amount of 1s. Using python we can easily open up the file and count the amount of 1s. It would be quite boring to do it manually.

Pop Pop Ret Finder

If you’ve attempt to write an SEH Record exploit, you know that it could be a little time consuming to find a pop pop ret instruction sequence inside a module that has SafeSEH off. This is because first you’d need to find which modules, if any, has SafeSEH off, and then search the sequence within those memory address. You could find the pop instruction for most registers, like “pop esp”, “pop eax”, “pop edx”, etc. Also, theres a good chance you don’t know the opcodes for these, so you’d probably assemble each of them to figure out the opcodes and then proceed to search for matches individually. The most frustrating part is that, after doing all this, it is very likely that there wasn’t any match to begin with.

iCTF 2011: Android Market Challenge

Not all applications on the Android market can be installed by all Android devices. More specifically, each Android device only allows the user to choose from the subset of applications that are considered suitable to be installed on that device. For example, if you visit the Android Market with your browser, you get a list of over 200 applications in the communications (top free) category. Using the Market on a Nexus One lists more then 100 Applications for that very same category. However, using the Android Market on the Android SDK simulator (API level 10, platform 2.3.3) only lists two applications. Give their names in alphabetical order separated by a comma.

SchoolCTF: Deadlamps

The Key Is superline. (Image taken down; http://blackbox.sibears.ru/uploads/6/school-ctf-2011-files/deadlamps.gif)