SharifCTF 2016 – Asian Cheetah – Misc – 50 points

A nice little Stego challenge from SharifCTF

Challenge:

We have hidden a message in png file using jar file. Flag is hidden message. Flag is in this format:
SharifCTF{flag}

Files:

cheetah.tar.gz

Extracting the archive provided a PNG image:

AsianCheetah1

Also included was Hide.jar, the Java code used to embed the flag in the image.

Continue reading

Posted in All, Coding, CTF, Hacking | Leave a comment

SharifCTF 2016 – SRM – Reverse Engineering – 50 points

SRM was another 50 point reverse engineering challenge at SharifCTF 2016. A binary was provided (LINK) with the description:

The flag is : The valid serial number.

file told me that the binary was a PE32 for Windows. So I fired up a Win7 VM and pulled up the disassembly in IDA.

Running the binary resulted in a dialog asking for an email address and a serial number.

rm_screen

Continue reading

Posted in All, CTF, Hacking, Uncategorized | Leave a comment

SharifCTF 2016 – dMd – Reverse Engineering – 50 points

I hadn’t played SharifCTF before, but these guys put on a good competition. I had other commitments, but I managed to spend a little bit of time looking at some of the challenges.

dMd was a reverse engineering challenge worth 50 points. A binary (LINK) was provided with the description:

Flag is : The valid input.

file told me that the binary was an x86-64 ELF, so I threw it at my Fedora install and pulled up the disassembly in IDA.
Continue reading

Posted in All, CTF, Hacking | Leave a comment

CBFG Goes Open Source

After ignoring the project for many years, I still get messages from people who use and enjoy Codehead’s Bitmap Font Generator. It’s great to hear the feedback and I’m glad to see that the tool is still useful. However, I don’t have time to update the code and add the features that people want.

It seems that rather than letting the code fester and fade on my HDD, it would be better to set it free and allow people to pull it apart, laugh at the warty bits and hack their own features into it.

So I’ve pushed the code to GitHub under the BSD 3-clause licence.

Enjoy!

Posted in Uncategorized | Leave a comment

EKOParty CTF 2015

Due to work commitments, I didn’t get to spend too much time on this CTF which was a shame because they put out some nice challenges. Here’s the ones I did get to have a crack at:
Continue reading

Posted in CTF, Hacking | Leave a comment

TUM CTF 2015 Teaser – NeoCities Web 20pts

A faithful replica of a typical 90s webpage, complete with a searing neon colour scheme and Netscape buttons.

Browsing the site, I noticed from the URL that the pages were being served through the main index.php script with a ‘page’ parameter.

Neo1

Lets change that page parameter to something we’d like to see:

Neo2

Ping! 20 points.

Posted in CTF, Hacking | Leave a comment

Hack.Lu 2015 – GuessTheNumber

This little coding task worth 150 points was interesting. The challenge text read:

The teacher of your programming class gave you a tiny little task: just write a guess-my-number script that beats his script. He also gave you some hard facts:
he uses some LCG with standard glibc LCG parameters
the LCG is seeded with server time using number format YmdHMS (python strftime syntax)
numbers are from 0 up to (including) 99
numbers should be sent as ascii string
You can find the service on school.fluxfingers.net:1523

Continue reading

Posted in Coding, CTF, Hacking | Leave a comment

HackFu 2015 – Challenge 7 – In Too Deep

Note: This page is part of my write up for the MWR HackFu 2015 Challenge. The start page for this sequence is HERE and the other challenges are listed at the bottom of this post.

This final challenge looked like a bit of binary reversing. The story has our hero trying to gain access the console on the Baron’s spaceship in order to disarm the bomb, we’re told the supplied shipbinary executable needs to run to completion to solve the challenge.
Continue reading

Posted in CTF, Hacking | Leave a comment

HackFu 2015 – Challenge 6 – Open the Gates

Note: This page is part of my write up for the MWR HackFu 2015 Challenge. The start page for this sequence is HERE and the other challenges are listed at the bottom of this post.

Having located the Baron’s crashed spacecraft, we discover that a hardware decoder stands between us and the next passphrase. A circuit diagram with a bunch of logic gates and a huge string of binary are the clues to this puzzle.
Continue reading

Posted in CTF, Hacking | 1 Comment

HackFu 2015 – Challenge 5 – One Ping Only

Note: This page is part of my write up for the MWR HackFu 2015 Challenge. The start page for this sequence is HERE and the other challenges are listed at the bottom of this post.

After completing the last challenge and decrypting the audio file, we find a 1Mb audio file named shipsignal. We’re told that this file holds the location of the Baron’s ship, time is running out and playing back the file only seems to reveal a static hiss.
Continue reading

Posted in CTF, Hacking | 1 Comment