HackLu CTF 2012 – Mini Zombie Business (100) Write-up

22 – Mini Zombie Business

As time passes by and the zombie apocalypse seems to stay for a while businesses have to adapt to survive. Food store chains offer brains and biscuits for their limping customers and fox on Fire seems to be a all-time-zombie-favourite, too. Since a lot of zombies have a broad band connection businesses strive to get online stores back up again. It’s just that webdesign seems to be quite hard for zombie employees.
They obfuscate all their code (god knows why).

Here is an example of a miserable attempt to create a working website. https://ctf.fluxfingers.net:2076/mini/

This webpage had some heavily obfuscated Javascript, with an escaped sequence of about 1 Mb:

Continue reading

HackLu CTF 2012 – Python jail (200) Write-up

Python jail
You are surrounded by zombies. You heard there’s a safe house nearby, but climbing fences is hard with a beer belly. Thank god, there’s another surviver over there. “Hey! Help me!”, you shout. He just laughs and shakes you off the fence. Asshole. Later, you see his dead body lying in front of a high security door secured by automated weapons. Heh… karma is a bitch. But that means you’ll have to find another way in. In this nerd area, all the doors are secured with stupid computer puzzles. So, what the heck.

Better try this one:
https://ctf.fluxfingers.net/challenges/python_jail/chal.py
ctf.fluxfingers.net tcp/2045

Hint: You’ll find the entrance in “./key”

This is the source code of the Python jail service:

Continue reading

HackLu CTF 2012 – Tux-Bomb! (150) Write-up

5 – TUX-BOMB! (150)
Yeah! We control a zombie server which is connected to a TUX-Bomb. These servers are located in the head of the organization. This bomb can destroy a lot of their servers and employees. But we have no access since we are not in possession of a valid user name and activation key. So here’s your job: Find a way to detonate the TUX-BOMB!

https://ctf.fluxfingers.net/challenges/tux_bomb.exe

Hint: There is a small typo on your way to the flag – don’t get confused about it. Just use your intuition and everything should work fine!

We are provided with a Windows .exe binary. This binary needs to be run with 22 arguments:

Continue reading

HackLu CTF 2012 – Zombie AV (150) Write-up

2 – zombie AV
Some people try to fight the zombie apocalypse by selling pseudo antidote.
We need the secret formula in config.php to destroy their snake oil business…

Source: https://ctf.fluxfingers.net:2070/zombieav.zip
Page: https://ctf.fluxfingers.net:2070

This challenge is a web page that allows us to upload Linux ELF 32 binaries. The site will scan the uploaded executables looking for zombie viruses. If a binary is detected as infected, it will be executed on the server in order to clean it, and the output generated by the infected binary will be shown.

As we can see in the source code of scan.php, a binary is infected if it has the following entrypoint:

Continue reading

HackLu CTF 2012 – Zombie Reminder (200) Write-up

19 – Zombie Reminder

Zombies love brains. But zombies forget, so they have a tool where they can enter the location of brains they found. In a heroic mission someone managed to obtain both the source code and the information that a critical file can be found at ‘/var/www/flag’. Your mission is to obtain the contents of this file by any means and avenge your fallen friend!

Service: https://ctf.fluxfingers.net:2073/
Source: https://ctf.fluxfingers.net/challenges/zombie_reminder.py

This is the source code of the challenge:

Continue reading

CSAW CTF 2012 Quals: Write-ups

CSAW CTF 2012 Quals is over. As always, thanks go to my teammate Archie.
In my opinion there were too many too-easy levels. Here you have the write ups for the challenges we managed to solve:

Trivia

  • Trivia1 – 100 Points

What is the first step of owning a target?

Answer: recon

  • Trivia2 – 100 Points

What is the name of the Google’s dynamic malware analysis tool for Android applications?

Answer: bouncer

  • Trivia3 – 100 Points

What is the x86 opcode for and al, 0x24? Put your answer in the form 0xFFFF.

Answer: 0x2424

  • Trivia4 – 100 Points

Who was the first security researcher to publish the DEP bypass that utilized WriteProcessMemory()?

Answer: Spencer Pratt

  • Trivia5 – 100 Points

What is the name of Microsoft’s sophisticated distributed fuzzing system that utilizes automated debugging, taint analysis, model building, and constaint solving?

Answer: SAGE
Continue reading