-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
370 lines (267 loc) · 17 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
<!DOCTYPE html>
<html lang="en">
<head>
<title>Krebs CTF Writeups</title>
<meta charset="utf-8" />
<link href="http://krebsco.de/atom.xml" type="application/atom+xml" rel="alternate" title="Krebs CTF Writeups Full Atom Feed" />
<!-- Mobile viewport optimized: j.mp/bplateviewport -->
<meta name="viewport" content="width=device-width,initial-scale=1, maximum-scale=1">
<link rel="stylesheet" type="text/css" href="./theme/gumby.css" />
<link rel="stylesheet" type="text/css" href="./theme/style.css" />
<link rel="stylesheet" type="text/css" href="./theme/pygment.css" />
<script src="./theme/js/libs/modernizr-2.6.2.min.js"></script>
</head>
<body id="index" class="home">
<div class="container">
<div class="row">
<header id="banner" class="body">
<h1><a href="./">Krebs CTF Writeups <strong></strong></a></h1>
</header><!-- /#banner -->
<div id="navigation" class="navbar row">
<a href="#" gumby-trigger="#navigation > ul" class="toggle"><i class="icon-menu"></i></a>
<ul class="columns">
<li><a href="./">Home</a></li>
<li><a href="/writeups/atom.xml">RSS</a></li>
<li><a href="./pages/contact.html">Contact</a></li>
</ul>
</div>
<section id="content">
<div class="row">
<div class="eleven columns">
<ol id="post-list">
<li><article class="hentry">
<header> <h2 class="entry-title"><a href="./sha1lcode.html" rel="bookmark" title="Permalink to sha1lcode">sha1lcode</a></h2> </header>
<footer class="post-info">
<abbr class="published" title="2014-08-18T00:00:00"> Mon 18 August 2014 </abbr>
<address class="vcard author">By
<a class="url fn" href="./author/samuirai.html"> samuirai</a>
</address>
</footer><!-- /.post-info -->
<div class="entry-content"> <ul>
<li><strong>Solved by</strong>: samuirai</li>
<li><strong>Writeup Author</strong>: samuirai</li>
</ul>
<p>The name of the challange <code>sha1lcode</code> already hints on the overall idea - writing shellcode that has something todo with sha1 hashes.</p>
<p>So let's have a first look at the provided binary file:</p>
<div class="highlight"><pre><span class="err">$</span> <span class="n">file</span> <span class="n">sha1lcode</span><span class="o">-</span><span class="mi">5</span><span class="n">b43cc13b0fb249726e0ae175dbef3fe</span>
<span class="n">sha1lcode</span><span class="o">-</span><span class="mi">5</span><span class="n">b43cc13b0fb249726e0ae175dbef3fe</span><span class="o">:</span> <span class="n">ELF</span> <span class="mi">64</span><span class="o">-</span><span class="n">bit</span> <span class="n">LSB ...</span></pre></div> </div><!-- /.entry-content -->
<div class="medium primary btn"><a href="./sha1lcode.html" rel="bookmark" title="Permalink to sha1lcode">Read more <i class="icon-arrow-right"></i></a></div>
<div class="row tag-row">
<span>Tagged as : </span>
<a class="danger label" href="./tag/sha1lcode.html">sha1lcode</a>
<a class="danger label" href="./tag/hitconctf2014.html">hitconctf2014</a>
</div>
</article></li>
<li><article class="hentry">
<header> <h2 class="entry-title"><a href="./be-a-robot.html" rel="bookmark" title="Permalink to Be a Robot">Be a Robot</a></h2> </header>
<footer class="post-info">
<abbr class="published" title="2014-07-30T00:00:00"> Wed 30 July 2014 </abbr>
<address class="vcard author">By
<a class="url fn" href="./author/makefu.html"> makefu</a>
</address>
</footer><!-- /.post-info -->
<div class="entry-content"> <ul>
<li><strong>Solved by</strong>: makefu</li>
</ul>
<h2>Intro</h2>
<p>First of all, this is a post-mortem solution for pwn200 as we failed to finish
it within ctf time both because the challenge was offline alot of the time and
that we were not experienced enough to find a solution.</p>
<p>The challenge was to elevate privileges ...</p> </div><!-- /.entry-content -->
<div class="medium primary btn"><a href="./be-a-robot.html" rel="bookmark" title="Permalink to Be a Robot">Read more <i class="icon-arrow-right"></i></a></div>
<div class="row tag-row">
<span>Tagged as : </span>
<a class="danger label" href="./tag/crackme.html">crackme</a>
<a class="danger label" href="./tag/pwnium2014.html">pwnium2014</a>
<a class="danger label" href="./tag/post-mortem.html">post-mortem</a>
</div>
</article></li>
<li><article class="hentry">
<header> <h2 class="entry-title"><a href="./rot.html" rel="bookmark" title="Permalink to ROT">ROT</a></h2> </header>
<footer class="post-info">
<abbr class="published" title="2014-07-21T00:00:00"> Mon 21 July 2014 </abbr>
<address class="vcard author">By
<a class="url fn" href="./author/makefu.html"> makefu</a>
<a class="url fn" href="./author/momorientes.html"> momorientes</a>
</address>
</footer><!-- /.post-info -->
<div class="entry-content"> <ul>
<li><strong>Solved by</strong>: momorientes, exco, ttb, makefu</li>
<li><strong>Author First Part</strong>: momorientes</li>
<li><strong>Author Second Part</strong>: makefu</li>
</ul>
<h2>Introduction</h2>
<p>We got a raw-socket ip and port and when connecting to it we received an ASCII
clob. After cracking the code you have to send the passcode back within 2 seconds.</p>
<p>The == at the end ...</p> </div><!-- /.entry-content -->
<div class="medium primary btn"><a href="./rot.html" rel="bookmark" title="Permalink to ROT">Read more <i class="icon-arrow-right"></i></a></div>
<div class="row tag-row">
<span>Tagged as : </span>
<a class="danger label" href="./tag/crackme.html">crackme</a>
<a class="danger label" href="./tag/pwnium2014.html">pwnium2014</a>
<a class="danger label" href="./tag/captcha.html">captcha</a>
</div>
</article></li>
<li><article class="hentry">
<header> <h2 class="entry-title"><a href="./2048.html" rel="bookmark" title="Permalink to 2048">2048</a></h2> </header>
<footer class="post-info">
<abbr class="published" title="2014-07-18T00:00:00"> Fri 18 July 2014 </abbr>
<address class="vcard author">By
<a class="url fn" href="./author/exco.html"> exco</a>
</address>
</footer><!-- /.post-info -->
<div class="entry-content"> <ul>
<li><strong>Solved by</strong>: exco, ttb</li>
<li><strong>Writeup Author</strong>: exco</li>
</ul>
<h2>Introduction</h2>
<p>The task was to connect to some ip port 2048 with nc
$ nc <ip> 2048
and solve 2048, the game in less than 6 minutes.
The time was later reduced to 3.5 minutes.</p>
<p>2048 on that server looked roughly like this:</p>
<p><img alt="2048 bash example" src="data/2048/2048_ascii.jpeg" /></p>
<p>u ...</p> </div><!-- /.entry-content -->
<div class="medium primary btn"><a href="./2048.html" rel="bookmark" title="Permalink to 2048">Read more <i class="icon-arrow-right"></i></a></div>
<div class="row tag-row">
<span>Tagged as : </span>
<a class="danger label" href="./tag/2048.html">2048</a>
<a class="danger label" href="./tag/pwnium2014.html">pwnium2014</a>
</div>
</article></li>
<li><article class="hentry">
<header> <h2 class="entry-title"><a href="./crackme-fast.html" rel="bookmark" title="Permalink to Crackme Fast">Crackme Fast</a></h2> </header>
<footer class="post-info">
<abbr class="published" title="2014-07-18T00:00:00"> Fri 18 July 2014 </abbr>
<address class="vcard author">By
<a class="url fn" href="./author/makefu.html"> makefu</a>
</address>
</footer><!-- /.post-info -->
<div class="entry-content"> <ul>
<li><strong>Solved by</strong>: ttb,exco,makefu</li>
<li><strong>Writeup Author</strong>: makefu</li>
</ul>
<h2>Introduction</h2>
<p>We got an url, and are being told to return the password of the crackme in 3
seconds to http://41.231.53.44:9393/check.php?p=<strong>Password</strong>.</p>
<h2>Analyse what we've got</h2>
<p>at first, look what we receive:</p>
<div class="highlight"><pre><span class="nv">$ </span>curl ...</pre></div> </div><!-- /.entry-content -->
<div class="medium primary btn"><a href="./crackme-fast.html" rel="bookmark" title="Permalink to Crackme Fast">Read more <i class="icon-arrow-right"></i></a></div>
<div class="row tag-row">
<span>Tagged as : </span>
<a class="danger label" href="./tag/crackme.html">crackme</a>
<a class="danger label" href="./tag/pwnium2014.html">pwnium2014</a>
</div>
</article></li>
<li><article class="hentry">
<header> <h2 class="entry-title"><a href="./crack-me.html" rel="bookmark" title="Permalink to Crack me">Crack me</a></h2> </header>
<footer class="post-info">
<abbr class="published" title="2014-07-17T00:00:00"> Thu 17 July 2014 </abbr>
<address class="vcard author">By
<a class="url fn" href="./author/momorientes.html"> momorientes</a>
</address>
</footer><!-- /.post-info -->
<div class="entry-content"> <ul>
<li><strong>Solved by</strong>: exco, ttb, makefu</li>
<li><strong>Author</strong>: momorientes</li>
</ul>
<p><code>QlpoOTFBWSZTWTxSmOAAAAsJAF/gOwAgADEAAAiZMNT0JbKzhCQcyQtA2gNbvXgSvxdyRThQkDxSmOA=</code> was the only information avaliable.<br />
The trailing <code>=</code> is always a good hint for base64, so we'll try that:</p>
<div class="highlight"><pre><span class="nb">echo</span> -n QlpoOTFBWSZTWTxSmOAAAAsJAF/gOwAgADEAAAiZMNT0JbKzhCQcyQtA2gNbvXgSvxdyRThQkDxSmOA<span class="o">=</span> | base64 -d
BZh91AY&SY<Rà
_à; 0Ôô%²³<span class="nv">$É</span>
@Ú<span class="o">[</span>½x¿rE8P<R
</pre></div>
<p>While this might look like ...</p> </div><!-- /.entry-content -->
<div class="medium primary btn"><a href="./crack-me.html" rel="bookmark" title="Permalink to Crack me">Read more <i class="icon-arrow-right"></i></a></div>
<div class="row tag-row">
<span>Tagged as : </span>
<a class="danger label" href="./tag/crackme.html">crackme</a>
<a class="danger label" href="./tag/pwnium2014.html">pwnium2014</a>
</div>
</article></li>
<li><article class="hentry">
<header> <h2 class="entry-title"><a href="./for1-usb-dump.html" rel="bookmark" title="Permalink to for1 USB Dump">for1 USB Dump</a></h2> </header>
<footer class="post-info">
<abbr class="published" title="2014-07-17T00:00:00"> Thu 17 July 2014 </abbr>
<address class="vcard author">By
<a class="url fn" href="./author/makefu.html"> makefu</a>
</address>
</footer><!-- /.post-info -->
<div class="entry-content"> <ul>
<li><strong>Solved by</strong>: momorientes, makefu</li>
<li><strong>Author</strong>: makefu</li>
</ul>
<h2>Finding the needle in the haystack</h2>
<p>We received an dump file which was loadable via wireshark. The dump looks like
some usb-traffic between a computer and a USB-SATA Hard Disk.</p>
<p>Normally it is a good idea to sort traces by size as bigger packets ...</p> </div><!-- /.entry-content -->
<div class="medium primary btn"><a href="./for1-usb-dump.html" rel="bookmark" title="Permalink to for1 USB Dump">Read more <i class="icon-arrow-right"></i></a></div>
<div class="row tag-row">
<span>Tagged as : </span>
<a class="danger label" href="./tag/crackme.html">crackme</a>
<a class="danger label" href="./tag/pwnium2014.html">pwnium2014</a>
<a class="danger label" href="./tag/captcha.html">captcha</a>
</div>
</article></li>
</ol><!-- /#posts-list -->
</div><!-- /.eleven.columns -->
<div class="three columns">
<h4>Pages</h4>
<ul>
<li><a href="/writeups/atom.xml">RSS</a></li>
<li><a href="./pages/contact.html">Contact</a></li>
</ul>
<!--<h4>Categories</h4>
<ul>
<li><a href="./category/posts.html">posts</a></li>
</ul>
-->
<h4>Tags</h4>
<ul>
<li class="tag-2"><a href="./tag/captcha.html">captcha</a></li>
<li class="tag-0"><a href="./tag/pwnium2014.html">pwnium2014</a></li>
<li class="tag-4"><a href="./tag/hitconctf2014.html">hitconctf2014</a></li>
<li class="tag-4"><a href="./tag/2048.html">2048</a></li>
<li class="tag-4"><a href="./tag/post-mortem.html">post-mortem</a></li>
<li class="tag-1"><a href="./tag/crackme.html">crackme</a></li>
<li class="tag-4"><a href="./tag/sha1lcode.html">sha1lcode</a></li>
</ul>
<nav class="widget">
<h4>Social</h4>
<ul>
<li><a href="http://twitter.com/krebsbob">@krebsbob</a></li>
<li><a href="irc://irc.freenode.net#krebs">irc.freenode.net#krebs</a></li>
</ul>
</nav>
</div> </div><!-- /.row -->
<p class="paginator">
Page 1 / 1
</p>
</section><!-- /#content -->
</div><!-- /.row -->
</div><!-- /.container -->
<div class="container.nopad bg">
<footer id="credits" class="row">
<div class="seven columns left-center">
<address id="about" class="vcard body">
Proudly powered by <a href="http://getpelican.com/">Pelican</a>,
which takes great advantage of <a href="http://python.org">Python</a>.
<br />
Based on the <a target="_blank" href="http://gumbyframework.com">Gumby Framework</a>
</address>
</div>
<div class="seven columns">
<div class="row">
<ul class="socbtns">
</ul>
</div>
</div>
</footer>
</div>
<script src="./theme/js/libs/jquery-1.9.1.min.js"></script>
<script src="./theme/js/libs/gumby.min.js"></script>
<script src="./theme/js/plugins.js"></script>
</body>
</html>