CSAW CTF 2014 is the second CTF contest I've attended ( the first one was the HITCON CTF 2014 ) . Since this is the first time I've actually solved something in the contest, I decide to post my first own writeup .
First the challenge gave us a binary file (ELF for Intel-386). But we can't execute it, cause we don't have the required shared library "libchallengeresponse.so". So we will have to launch IDA Pro to see what's going on within the program.
Description: Connect here and find the flag:
nc asis-ctf.ir 12435
After we connect to the server, it show us the following message:
Description: Find flag in this file
Similar with Pwn200, Pwn400 gave us a binary file, but no libc.so. Open it with IDA Pro and analyze it, we found some information:
Code400 gave us a python script
Talentyange gives lots of tedious apks and you know how bad he is now. Let's try some interesting geography knowledge.
nc 220.127.116.11 29995 / nc 18.104.22.168 29995
Different people see different me.
But I am always myself.
Make the output of your program exactly the same as your source code.
All 5 correct required to get this flag (Only need 3 correct for BabyPolyQuine)
gcc (Ubuntu 4.8.2-19ubuntu1) 4.8.2
ruby 1.9.3p484 (2013-11-22 revision 43786) [x86_64-linux]
This is perl 5, version 18, subversion 2 (v5.18.2) built for x86_64-linux-gnu-thread-multi
For me, this is a challenge for CTF beginners. Most of the challenges are easy to solve, although some of them require some "imagination"...
In this writeup, I'll post the solutions of all the binary challenges and the misc challenges that I solved in the CTF.
nc mathproblem.2015.volgactf.ru 8888
This problem remind me of HITCON CTF 2014 -- 24
Just another pwn task. Break in!
nc pwnie.2015.volgactf.ru 7777
I solve the challenge after the end of the CTF, because I think this is a great challenge for practicing format string and sprintf BOF vulnerability. Special thanks to Lays for putting the exploit on the trello and let me have time to study the challenge.
In each stage send the maximun size of area that can be covered by given points as a vertex of polygon in 2D.
nc 22.214.171.124 12433
mirror 1 : nc 126.96.36.199 12432
mirror 2 : nc 188.8.131.52 12434
mirror 2 : nc 184.108.40.206 12429
Points: 100 (Saw this-1), 400 (Saw this-2)
Survive and get the flag!
Note: This challenge contains two flags, one of them is easier to fetch, the other is harder.
The easier flag will be clearly indicated as "Flag 1", the harder flag as "Flag 2"
nc 220.127.116.11 31337
Category: Baby's First
Category: Baby's First
Category: Coding Challenge
Wibbly Wobbly Timey Wimey
考量到參與 AIS3 2015 pre-exam 的人幾乎都是台灣人
這個 blog 的第一篇中文 writeup 就獻給這篇了 XD
基本上就是全包這次 exam 的所有題目
Category: Reversing (FTP) & Exploitable (FTP2)
Points: 300 (FTP) & 300 (FTP2)