Hack.LU 2012 :: 23 Spambots

Posted by and filed under Hack.LU 2012.

The trick here was to spot the vulnerability. The scripts loads html from a controlled webpage with @file_get_contents(). It then parses the html for forms with regex to solves a basic math problem, with unescaped eval(). Finally the page submits a post request to the controlled webpage with file_get_contents(). With that information determined from the… Read more »

CSAW 2012 :: Reversing 400

Posted by and filed under CSAW 2012.

After downloading the executable, we use file to get some information: >$ file csaw2012reversing csaw2012reversing: ELF 64-bit LSB executable, x86-64, … A quick run of the program prints the target key, but it’s encrypted. No command line arguments are accepted, therefore this problem requires a patch. >$ ./csaw2012reversing Encrypted Key: Å×

CSAW 2012 :: Forensics 500

Posted by and filed under CSAW 2012.

This challenge required use of basic utilities. Using the strings would show the results: >$ strings core CORE csaw2012forensi ./csaw2012forensics /lib64/ld-linux-x86-64.so.2 k3y{this_should_be_pretty_hard_unless_you_use_grep} /lib/x86_64-linux-gnu libc.so.6 linux-vdso.so.1 tls/x86_64/ x86_64

CSAW 2012 :: Recon 100.3

Posted by and filed under CSAW 2012.

The target for this Recon is Julian Cohen. The link to Google contains the handle of our target, HockeyInJune. This username is found to be on several sites, so we can assume continuity for this being his only handle that he uses for social media. A quick PeekYou (social media username scanner) returned several sites,… Read more »

CSAW 2012 :: Recon 400

Posted by and filed under CSAW 2012.

Yoda was our target for this challenge. The Google search for Yoda they give is a decoy. There is clearly too many results and this seems a bit obscure to find via this route. We know that we saw a “yoda” as a staff oper for CSAW IRC, so we accessed the isis.poly.edu IRC server… Read more »

CSAW 2012 :: Recon 100.2

Posted by and filed under CSAW 2012.

Jeff Jarmoc is the target for this Recon. Google searching turns up no results, so a quick read about his profile on the Judges page reveals some information. The text description does not contain any clues, but the image was found to have extra head data. The content contains “finger://jjarmoc@finger.offenseindepth.com:79” which is an old protocol…. Read more »

CSAW 2012 :: Recon 100.1

Posted by and filed under CSAW 2012.

Jordan Wiens is the target for this Recon. A quick Google search lands us with his handle “psifertex.” Only social media is coming up, so we search again for the handle name and find a site psifertex.com. The search reveals that a robots.txt file is blocking indexing. Upon further investigation of this file, we find… Read more »