CSAW 2014 :: Forensics 100 :: dumpster diving

Posted by and filed under CSAW 2014.

For this challenge, we are given a ZIP archive containing a Mozilla Firefox memory dump. We unzip the archive and search the printable text for our flag: We locate our flag: flag{cd69b4957f06cd818d7bf3d61980e291}.

CSAW 2014 :: Recon 100 :: Kevin Chung

Posted by and filed under CSAW 2014.

For this challenge we must “Find a picture of me that’s from before I was a high school student.” We start by looking through his photos on Facebook and LinkedIn but came up empty. We turned to Google to find out more. We found his website, twitter, and github but they didn’t provide any useful… Read more »

CSAW 2014 :: Forensics 200 :: Obscurity

Posted by and filed under CSAW 2014.

For this challenge, we are given a PDF file named pdf.pdf. We check out the printable characters of the PDF file and notice that streams are being used. We attempt to decode the stream objects but shifted toward another approach when we realize that document objects (images, textboxes, etc.) could be stacked. Using Adobe Acrobat… Read more »

DEF CON CTF Qualifier 2014 :: routarded

Posted by and filed under DEF CON CTF Qualifier 2014.

routarded starts you out with a hint in the challenge description that the target webpage is a router with default credentials. After trying a bunch of default router combinations, @jonathansinger found a working combination of <blank>:admin. This pops you into the management site of this fake router, which has a promising diagnostics page. We went… Read more »

DEF CON CTF Qualifier 2014 :: hackertool

Posted by and filed under DEF CON CTF Qualifier 2014.

hackertool had a torrent with a single large file: every_ip_address.txt. After downloading a few chunks, I opened it in a text editor and found that it the file was a consecutive list of IP addresses going from 0.0.0.0 to (presumably) 255.255.255.255. Instead of waiting for it to download, Alex Lynch had the idea for us to generate it… Read more »

Write-up :: pfSense at Hack@UCF

Posted by and filed under Write-ups.

Hack@UCF (or more formally, the Collegiate Cyber Defense Club at UCF) now has a multi-server environment, but we started out with little to no inventory to speak of. Our club was founded about a year and a half ago, and we’ve slowly acquired more and more hardware for our strapping little environment. Some of our… Read more »

RuCTF Quals 2014 :: Web 200 :: ES

Posted by and filed under RuCTF Quals 2014.

For this challenge belonging to the 2014 RuCTF Qualifiers, we are provided with a hyperlink that takes us to a simplified web application. The web challenge for 200 points is titled ES, which we soon learn stands for the web application’s…

RuCTF Quals 2014 :: Recon 400 :: Property Owner

Posted by and filed under RuCTF Quals 2014.

Recon 400 – Landlord Along with the standard prompt we are given our focus for the challenge. To name the landlord of Olimpiada Balalaykina. With the information gathered from Recon 100 we return to our Launchpad, Vk.com and view our target’s profile. Viewing her profile we see under “House” in her information she has “garages.blocks.daisy”…. Read more »