22 – Mini Zombie Business
As time passes by and the zombie apocalypse seems to stay for a while businesses have to adapt to survive. Food store chains offer brains and biscuits for their limping customers and fox on Fire seems to be a all-time-zombie-favourite, too. Since a lot of zombies have a broad band connection businesses strive to get online stores back up again. It’s just that webdesign seems to be quite hard for zombie employees.
They obfuscate all their code (god knows why).
Here is an example of a miserable attempt to create a working website. https://ctf.fluxfingers.net:2076/mini/
You are surrounded by zombies. You heard there’s a safe house nearby, but climbing fences is hard with a beer belly. Thank god, there’s another surviver over there. “Hey! Help me!”, you shout. He just laughs and shakes you off the fence. Asshole. Later, you see his dead body lying in front of a high security door secured by automated weapons. Heh… karma is a bitch. But that means you’ll have to find another way in. In this nerd area, all the doors are secured with stupid computer puzzles. So, what the heck.
Better try this one:
Hint: You’ll find the entrance in “./key”
This is the source code of the Python jail service:
5 – TUX-BOMB! (150)
Yeah! We control a zombie server which is connected to a TUX-Bomb. These servers are located in the head of the organization. This bomb can destroy a lot of their servers and employees. But we have no access since we are not in possession of a valid user name and activation key. So here’s your job: Find a way to detonate the TUX-BOMB!
Hint: There is a small typo on your way to the flag – don’t get confused about it. Just use your intuition and everything should work fine!
We are provided with a Windows .exe binary. This binary needs to be run with 22 arguments:
2 – zombie AV
Some people try to fight the zombie apocalypse by selling pseudo antidote.
We need the secret formula in config.php to destroy their snake oil business…
This challenge is a web page that allows us to upload Linux ELF 32 binaries. The site will scan the uploaded executables looking for zombie viruses. If a binary is detected as infected, it will be executed on the server in order to clean it, and the output generated by the infected binary will be shown.
As we can see in the source code of scan.php, a binary is infected if it has the following entrypoint:
19 – Zombie Reminder
Zombies love brains. But zombies forget, so they have a tool where they can enter the location of brains they found. In a heroic mission someone managed to obtain both the source code and the information that a critical file can be found at ‘/var/www/flag’. Your mission is to obtain the contents of this file by any means and avenge your fallen friend!
This is the source code of the challenge:
CSAW CTF 2012 Quals is over. As always, thanks go to my teammate Archie.
In my opinion there were too many too-easy levels. Here you have the write ups for the challenges we managed to solve:
What is the first step of owning a target?
What is the name of the Google’s dynamic malware analysis tool for Android applications?
What is the x86 opcode for and al, 0x24? Put your answer in the form 0xFFFF.
Who was the first security researcher to publish the DEP bypass that utilized WriteProcessMemory()?
Answer: Spencer Pratt
What is the name of Microsoft’s sophisticated distributed fuzzing system that utilizes automated debugging, taint analysis, model building, and constaint solving?
About a week late, but here you have my writeups for Stripe CTF 2.0, levels 0 to 6. There were two more levels, but I wasn’t able to complete them.
Congrats to the Stripe guys for the nice work organizing this web-oriented CTF!
Level 0 (SQL Injection)
This level was a web application written using node.js. It was possible to inject SQL code into a vulnerable query, as seen below:
As usual, let me start this write up by saying thank you to my teammates, NCR and Archie!
In the Beast challenge of the SecuInside CTF 2012, we were presented with the following web page:
Note that I’ve added in red color the name of the fields for convenience.
The source code of this page was available:
In the Grab Bag 400 challenge of Defcon 20 CTF Prequals 2012 we had the following mission: “What is Jeff Moss’ checking account balance?“, and we were provided with a user and a password:
- User: blacksheep
- Password: luvMeSomeSheep
So we were presented with the following fake bank website:
So Defcon 20 CTF Prequals 2012 has finished! As in PlaidCTF, I’d like to say thank you to my teammate, Archie!
Let’s start with the Forensics 300 writeup.
The description of the challenge was just “Please get my key back!“, and we were provided with a file named for300-47106ef450c4d70ae95212b93f11d05d.
Let’s start examining the file:
francisco@sherminator:~/Downloads$ file for300-47106ef450c4d70ae95212b93f11d05d