Hacking Tube

CSAW CTF 2014 is the second CTF contest I've attended ( the first one was the HITCON CTF 2014 ) . Since this is the first time I've actually solved something in the contest, I decide to post my first own writeup .

First the challenge gave us a binary file (ELF for Intel-386). But we can't execute it, cause we don't have the required shared library "libchallengeresponse.so". So we will have to launch IDA Pro to see what's going on within the program.

Both challenges are kind of easy, so I decide to put their writeups together.

Description: Connect here and find the flag: nc asis-ctf.ir 12435

After we connect to the server, it show us the following message:

Description: Find flag in this file

SCTF is a CTF contest hold by XCTF ( seems like a Chinese version's CTFtime.org ). Teaming up with my labmates, we have a lot of fun solving the challenges, and scored 2161 pts with the final rank 13/659.

Similar with Pwn200, Pwn400 gave us a binary file, but no libc.so. Open it with IDA Pro and analyze it, we found some information:

Code400 gave us a python script

Talentyange gives lots of tedious apks and you know how bad he is now. Let's try some interesting geography knowledge.

nc 202.112.26.111 29995 / nc 202.112.28.118 29995

Different people see different me.
But I am always myself.
202.112.26.114:12321

Make the output of your program exactly the same as your source code.
All 5 correct required to get this flag (Only need 3 correct for BabyPolyQuine)

$python2 --version
Python 2.7.6

$python3 --version
Python 3.4.0

$gcc --version
gcc (Ubuntu 4.8.2-19ubuntu1) 4.8.2

$ruby --version
ruby 1.9.3p484 (2013-11-22 revision 43786) [x86_64-linux]

$perl --version
This is perl 5, version 18, subversion 2 (v5.18.2) built for x86_64-linux-gnu-thread-multi

BackdoorCTF 2015

For me, this is a challenge for CTF beginners. Most of the challenges are easy to solve, although some of them require some "imagination"...

In this writeup, I'll post the solutions of all the binary challenges and the misc challenges that I solved in the CTF.

Category: PPC
Points: 300

nc mathproblem.2015.volgactf.ru 8888

This problem remind me of HITCON CTF 2014 -- 24

Category: Pwn
Points: 250

Just another pwn task. Break in!
nc pwnie.2015.volgactf.ru 7777
my_little_pwnie

I solve the challenge after the end of the CTF, because I think this is a great challenge for practicing format string and sprintf BOF vulnerability. Special thanks to Lays for putting the exploit on the trello and let me have time to study the challenge.

Category: Programming
Points: 300

In each stage send the maximun size of area that can be covered by given points as a vertex of polygon in 2D.
nc 217.218.48.84 12433
mirror 1 : nc 217.218.48.84 12432
mirror 2 : nc 217.218.48.84 12434
mirror 2 : nc 217.218.48.84 12429

Category: pwn
Points: 100 (Saw this-1), 400 (Saw this-2)

Survive and get the flag!
Note: This challenge contains two flags, one of them is easier to fetch, the other is harder.
The easier flag will be clearly indicated as "Flag 1", the harder flag as "Flag 2"
nc 87.107.123.3 31337

Category: Baby's First
Points: 1

r0pbaby_542ee6516410709a1421141501f03760.quals.shallweplayaga.me:10436

Category: Baby's First
Points: 1

mathwhiz_c951d46fed68687ad93a84e702800b7a.quals.shallweplayaga.me:21249

Category: Coding Challenge
Points: 1

meow
catwestern_631d7907670909fc4df2defc13f2057c.quals.shallweplayaga.me 9999

Category: Pwnable
Points: 2

Wibbly Wobbly Timey Wimey
Don't blink!
wwtw_c3722e23150e1d5abbc1c248d99d718d.quals.shallweplayaga.me:2606

考量到參與 AIS3 2015 pre-exam 的人幾乎都是台灣人
這個 blog 的第一篇中文 writeup 就獻給這篇了 XD
基本上就是全包這次 exam 的所有題目
有問題歡迎留言討論