Entries by David Kutik

WRITEUP – DEFCAMP2015 – The hylian dude – Web 200

In this challenge we are given a file hosting service. We can upload a zipped file, and the application provides the extracted files for download. We found a comment in the HTML source, that shell_execute has been used. We tried to upload a zip file, with a symbolic link to /var/www/html/index.php, and we were able […]

WRITEUP – DEFCAMP2015 – crypto 200

In this challenge a plaintext, the AES-CBC-128 encrypted cipher text of the plaintext and the used IV are given. The task is to change the IV or the ciphertext in such a way that the ciphertext/IV-combination would decrypt to a new message. The catch is that the key is not given in this context. The […]

WRITEUP – DEFCAMP2015 – exploit 300

This challenge did not provide the binary right away, we had to connect to an ssh-server with the binary. In the hints was stated that we have to do a cat /flag with the appropriate rights to get the flag. The binary has the s-bit set so if we can exploit it we can read […]

WRITEUP – DEFCAMP2015 – reversing 200

Reverse 200 shows a file r200: r200: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=22e68980e521b43c90688ed0693df78150b10211, stripped When executing this file it also wants some password which is presumably the flag. After some file exploring the function where the password is validated is found and decompiled: […] […]

WRITEUP – DEFCAMP2015 – Crypto 50

In this challenge a text file is given with 11 rows. Each row is an encrypted hex string. The given hint was that each of the 11 ciphertexts were encrypted using the same stream cipher. A quick search for weaknesses in stream ciphers reveals a key reuse attack. In stream ciphers the plaintexts are xor'd […]

WRITEUP – DEFCAMP2015 – Reversing 100

We get a file called r100, let’s check it out: h0rst@ctf:rev100$ file r100 r100: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0f464824cc8ee321ef9a80a799c70b1b6aec8168, stripped When we execute it, it asks us for a password: h0rst@ctf:rev100$ ./r100 Enter the password: AAAA Incorrect password! Let’s fire up IDApro and […]

MRMCD – CTF

Das Brutewoorse CTF-Team ist beim diesjährigen MRMCD vertreten und veranstaltet für euch einen Jeopardy-Style CTF-Wettkampf. Weitere Infos zum MRMCD findet ihr hier und den Link zu unseren CTF-Challenges findet ihr, wenns soweit ist, hier. Wir halten euch über Twitter @brutewoorse oder im IRC unter #ctf@hda auf freenode auf dem Laufenden. Viel Spaß!

CTF Kickoff-Meeting SS2015

Das Auftakttreffen des CTF-Teams fand am vergangenen Montag (20.04.2015) statt. Nach einer Vorstellung unseres Team und den geplanten Abläufen für dieses Sommersemester durch Florian und einem Vortrag für CTF-Einsteiger, wurden fünf Challenges unseres diesjährigen CTF-Events von ihren jeweiligen Autoren aufgelöst. Florian – Kostenlose Kekse Johanna – Salt & Pepper Daniel – Verschachtelt Fabrice – Wer hats erfunden David […]