Monday, August 29, 2011

Binjitsu III, game scoring

By the way, at the beginning of the CTF, we were given the following sheets explaining the CTF and game scoring:

Friday, August 12, 2011

Defcon 19 CTF - Sheepster

sheepster: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD),
dynamically linked (uses shared libs), for FreeBSD 8.2, stripped

This service classically listens on port 5775 and drops to privileges of user "sheepster". For every connection, a child is forked and handler function is called.

Thursday, August 11, 2011

Defcon 19 CTF - Castle

castle: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), 
dynamically linked (uses shared libs), for FreeBSD 8.2, stripped

This service listens in IPv6 on port 7629. When connecting, the service drops its privileges and forks to call the function at offset 0x08049340. This function begins reading a buffer sent to the socket, ending by "EOF\n". The read buffer is then written in a temporary file, created by a call to the mkstemp() function with the "/tmp/castleXXXXXXXX" template. Finally, castle redirects stdin, stdout and stderr to the socket, using the dup2() function and the "/usr/local/bin/sandy" binary is called with "-o <our ipv6> -d -s " and the temporary file as parameters.

Defcon 19 CTF - Bunny

bunny: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD),
dynamically linked (uses shared libs), for FreeBSD 8.2, stripped

This service classically listens on port 15323 and drops to privileges of user "bunny". For every connection, a child is forked and handler function is called.

Wednesday, August 10, 2011

Defcon 19 CTF - CTF Inside

ddtek ran their third contest since they took over the CTF's organization: "Binjitsu III" (or as the scoreboard had it "binjutsu" ;)

This edition was located for the first time at the Rio and ddtek teased us with an authentication passphrase related to the casino switch.

Organizing such an event represents a heavy workload as there are in fact two separate contests to run: the quals - online - and the CTF itself - in Vegas. Although not perfect in all aspects, ddtek is doing quite a good job at making this happen. Thanks to them.


One picture...