CSAW 2014 :: Exploitation 400 :: greenhornd.exe

Posted by and filed under CSAW 2014.

[gfm] For this challenge, we’re given an .exe file and a server that it’s running on. Running strings on the binary, we see that there’s a lot of text in the program. It’s all instructions on how to get started with Windows exploitation. One block that is particularly interesting is: ~~~ VULNERABLE FUNCTION ——————- Send… Read more »

CSAW 2014 :: Forensics 300 :: Fluffy No More

Posted by and filed under CSAW 2014.

I think forensics challenges are generally horrible no fun zones, but Fluffy No More is actually a fun little scavenger hunt through a filesystem. @brad_anton gives us a tarball of the relevant parts of a compromised webserver – a MySQL database dump, /var/log/ , /var/www/ , and all of /etc/. Co-credit for this challenge goes to Alex… Read more »

CSAW 2014 :: Forensics 100 :: dumpster diving

Posted by and filed under CSAW 2014.

For this challenge, we are given a ZIP archive containing a Mozilla Firefox memory dump. We unzip the archive and search the printable text for our flag: We locate our flag: flag{cd69b4957f06cd818d7bf3d61980e291}.

CSAW 2014 :: Recon 100 :: Kevin Chung

Posted by and filed under CSAW 2014.

For this challenge we must “Find a picture of me that’s from before I was a high school student.” We start by looking through his photos on Facebook and LinkedIn but came up empty. We turned to Google to find out more. We found his website, twitter, and github but they didn’t provide any useful… Read more »

CSAW 2014 :: Forensics 200 :: Obscurity

Posted by and filed under CSAW 2014.

For this challenge, we are given a PDF file named pdf.pdf. We check out the printable characters of the PDF file and notice that streams are being used. We attempt to decode the stream objects but shifted toward another approach when we realize that document objects (images, textboxes, etc.) could be stacked. Using Adobe Acrobat… Read more »