So we accidentally discovered a flag submission bug in the ATAST 2012 flag submission system after I submitted the first 20 point flag for web100 (23a952b7674e0c2d602bde4ba6367b93), not knowing that club member Jonathan Singer submitted it earlier.
For this 29c3 CTF challenge, we are given a WAV. Upon first listening, one can hear DTMF tones, phone tones. There is still an abundance of high pitched noise too. First check with Audacity in the spectrogram:
This challenge gave the description: Ever played Googlewhack? Well, this is a bit easier and gives you more power, enjoy. Googlewhack is when only one result comes up from two words being searched. In this case, they have their own database of strings and we can search to find something that returns only one result.
Pwn300 was a Python Twisted site that served a page with a single form to kill, arrest, or bankrupt the kids of South Park. The organizers provided the source code for the challenge, which included the web service and a compiled Python module. The source to the page tells us that the flag is in… Read more »
At the beginning of this problem, we’re given a Windows binary(.exe). Running it gives some inane output about a username and product key. This is a clue that it could be a keygenme or something more difficult(but it isn’t, yay!) So, we open the executable up in IDA. Taking a quick look at the string… Read more »
The trick here was to spot the vulnerability. The scripts loads html from a controlled webpage with @file_get_contents(). It then parses the html for forms with regex to solves a basic math problem, with unescaped eval(). Finally the page submits a post request to the controlled webpage with file_get_contents(). With that information determined from the… Read more »