HITCON CTF 2016::Handcrafted::Rev-50

Posted on by and filed under HITCON CTF 2016.

We were given a python file for this challege After looking at the decompressed data, I realized that the header had been removed, so I compiled a pyc file and got the correct header. Here is my Get_Bytecodes.py I then ran uncompyle2 ,which did not work completely due to some errors with ROT_2…. Read more »

HITCON CTF 2016::Flame::PPC-150

Posted on by and filed under HITCON CTF 2016.

This was my first encounter with Power PC, so this challenge was definitely fun learning experience for me. Here is my best attempt at the decompiled source code. There is a global array containing values that are checked against user input. View the rest of this post here.

TUM CTF 2016::lolcpp::pwn-250

Posted on by and filed under TUM CTF 2016.

We were given the source code for this challenge. There are two main bugs in this program. First, we have the strip_newline and fgets functions. From the fgets man page: So, if we add a NULL byte at the end of the password, strcpy will see the end of the string but fgets… Read more »

CSAW Qual 2016::Rock::Rev-100

Posted on by and filed under CSAW Quals 2016.

There is a struct in this program. Three interesting functions, which I have called init_struct, check_len_and_xor, and is_valid_key See the rest of this writeup here.

CSAW Qual 2016::Warmup::Pwn-50

Posted on by and filed under CSAW Quals 2016.

This was a very easy challenge. Basically, there was a win function at the address that is bring printed : 0x40060D. This function can be called with a simple buffer overflow. Here is my Exploit.py Which gave me the flag View the original post here.

CSAW Qual 2016::Sleeping Guard::Crypto-50

Posted on by and filed under CSAW Quals 2016.

With this challenge, they gave us an encrypted png. After a bit of trial and error I realized all I had to do was xor the first few bytes of the encrypted file with the standard header of a png. I just downloaded a sample file. Here is my get_key.py Which gave me the… Read more »

MMA CTF 2016::Ninth::Misc-100

Posted on by and filed under MMA CTF 2016.

I thought this one was a bit easy for the amount of points it was worth. Just use some binwalk magic:

MMA CTF 2016::Palindrome::Prog-50

Posted on by and filed under MMA CTF 2016.

The challenge reads as follows: Here is my solution:

MMA CTF 2016::Reverse Box::Rev-50

Posted on by and filed under MMA CTF 2016.

I found an unintended solution to this one, so I was pretty happy about that. The contents of the flag leads me to believe that I was intended to reverse a substitution cypher. But anyways, here is my solution. It was pretty obvious that I was dealing with some kind of cypher. The most important… Read more »

MMA CTF 2016::Judgement::Pwn-50

Posted on by and filed under MMA CTF 2016.

After opening the binary up in IDA, it was pretty obvious that we needed to exploit a format string vulnerability. It looks like the flag was declared as a global variable, which means it will have a static address in the .bss Section. This definitely makes our lives easier. See the full writeup here.