Tuesday, September 4, 2012

Defcon 20 CTF - CTF Inside

Well, that was hell of a game.

Lollers would have bet that DDTEK would screw this up but guess what... After herding all year long, they invoked their sheep for rescue to save their bad ass' smelly screwing power reputation.

They ruled it! Special Kudos for running a game of 20 teams x 8 individuals so smoothly. This was a big "first time ever" for the "Capture the Flag" exercise. Not to tell that there wasn't some fuck up but DDTEK were back with good binaries quality, much harder and pretty well thought compared to last year. Almost no problem all game long except the traditional "We R in Late..."

Monday, August 6, 2012

Defcon 20 CTF - Semem

semem: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), 
statically linked, for FreeBSD 9.0 (900044), stripped

This service listens on port 6941 on interface em1 on the first ipv6 address found. For every connection, a child is forked, privileges are dropped to the semem user and this user home is used for the chroot.

Monday, June 4, 2012

Defcon 20 QUALS - urandom 300

Connect to the given host and port, with the provided password.

The problem is as follow:
  Here come 100000 uint16_t, please tell me how to sort them into
  ascending order by sending me pairs of indicies to exchange, one
  per line, in the format: <index1>:<index2>
  For example to exchange elements 123 and 9821 you should send:
  Valid indicies are in the range 0..99999 inclusive. Send a blank
  line when you are done. If you correctly sort the array in
  sufficiently few moves I will give you a key!
  You have about 10 seconds to finish, and a 5 minute wait between
  successive connections.

Defcon 20 QUALS - Grab Bag 200

We have a jpeg file and its __MACOSX AppleDouble encoded Macintosh friend:

  • 115e0ba3c3d72647fcb9a53ae90e47a6.jpg
  • __MACOSX/._115e0ba3c3d72647fcb9a53ae90e47a6.jpg

The second file tells us that the jpeg comes from http://ircimages.com/ircimages/1/1/115e0ba3c3d72647fcb9a53ae90e47a6.jpg

Defcon 20 QUALS - Forensics 400

Execute photorec on the memory dump:
$ photorec for400/memory.dmp
Scan for Intel/Whole Disk/Other

During the recovery, notice some gpg files recovered:
$ find . -name "*.gpg"

$ file ./recup_dir.5/f1459128.gpg
./recup_dir.5/f1459128.gpg: PGP key security ring

This seems very good!