Codehead's Corner
Random ramblings on hacking, coding, fighting with infrastructure and general tech
Posted: 4 Mar 2019 by Codehead
6 minute read

I’ve been out of the CTF circuit for a while as I’ve been busy with work and life in general. However, I decided to get back into playing and TAMUCTF just happened to be running when I found some spare time.

I wanted to to do a quick write up to draw people’s attention to CyberChef. This is a tool developed by the folks at GCHQ, the UK’s communication intelligence and security agency.

CyberChef is incredibly useful for messing around with data in a visual manner. Sometimes you don’t have a Linux box or Python handy when you’re trying to solve a problem. However, if you have a browser, you can use CyberChef from just about anywhere.

Here’s a couple of solves from TAMUCTF’s easier crypto challenges as a demo:


Categories: Hacking CTF
Posted: 19 Feb 2018 by Codehead
3 minute read

Problem

Easy and Peasy

nc 35.200.197.38 8003

Europe: nc 35.205.196.143 8003

Like many of the EvlzCTF challenges, this one was a little light on detail, but good fun to complete.


Categories: Hacking CTF
Posted: 28 Jan 2018 by Codehead
2 minute read

Problem

Description: this chall sucks, you should watch VIE vs UZB match. :)
VIET NAM VO DICH!
Author: kad96
Website: Link

Visiting the website gave me a blank page. There had to be something more hidden here.


Categories: Hacking CTF
Posted: 23 Jan 2018 by Codehead
2 minute read

Challenge

Aalekh joined IIIT in 2014. Soon, he started selling T-shirts and hoodies. One day, Aalekh got a big order and trusted his childhood friend to handle the order. But his friend betrayed him and sold bad pieces. College students got angry and tried to beat Aalekh up. His good friend, Anshul, wanted to save him. To prevent Aalekh from going under loss, he has to sell 500 T-shirts on the market, the only condition being, customers have to be unique.

Can you help Anshul sell 500 T-shirts?

https://felicity.iiit.ac.in/contest/breakin/questions/uuid/

Flag Format: BREAKIN{[0-9A-Za-z_]+}


Categories: Hacking CTF
Posted: 13 Jan 2018 by Codehead
5 minute read

TL:DR

Command Files allow you to start up gdb in a way that saves you typing the same commands over and over, even doing some of the ‘driving’ for you. I’m not suggesting that this is the best way to use gdb but I found it really helpful and I saved a bunch of time. I’m blogging it for my own reference and to help others find a lesser known, but very useful feature of the tool.

Background

While working on the SLAE64 course assessments, I found myself jumping in and out of gdb a lot. Constantly rebuilding and refining my shellcode test binaries meant that I ended up in constant cycle of doing a whole heap of setup in gdb to get things the way I wanted them, only to spend a few seconds debugging the target, then quitting, tweaking the code, rebuilding and repeating the whole process again.

I’m not a great typist, but I keyed in this sequence so many times that I could probably do it in my sleep:

layout asm
layout reg
break _start
run

There has to be a better way.


Categories: linux assembler hacking
Posted: 8 Oct 2017 by Codehead
2 minute read

A pretty simple crypto challenge, but the technique is applicable to more complex problems.

Challenge

The smart home system has the function of remote monitoring of what is happening in the home and every few minutes sends pictures of the surveillance cameras to the owner of the house. You successfully intercepted the network traffic of this system, however, its creators took care of the security of their users data and encrypted the pictures. Decrypt the provided image and you will find the flag.

SECRET_ENCRYPTED.PNG


Categories: Hacking CTF
Posted: 8 Oct 2017 by Codehead
5 minute read

The lowest scoring challenge at Kaspersky’s 2017 CTF turned out to be a pretty tricky. Mainly due to weird flag formatting, but also because I am stupid and couldn’t see a blatant clue staring me in the face.

Challenge

Hey! Do you like playing? Are you old school?

Have fun!

Concat answer to KLCTF prefix

OLD_SCHOOL.BIN


Categories: Hacking CTF
Tagged as: #CTF #Kaspersky #NES #Retro
Posted: 20 Sep 2017 by Codehead
3 minute read

I was expecting a keygen or licence key cracking based on the title of this challenge, so revisiting some old protocols that I haven’t used in anger for ages was a nice surprise. The challenge blurb was pretty minimal:

Challenge

Serial

nc misc.chal.csaw.io 4239


Categories: Hacking CTF
Posted: 5 Sep 2016 by Codehead
2 minute read

I almost missed the Tokyo Westerns CTF. I stumbled across the event on the last day and wasn’t able to spend too long on it. I managed a few of challenges, mainly the PPC category. However, I wanted to write up the ‘Glance’ image manipulation challenge for future reference.

Challenge

I saw this through a gap of the door on a train.


Categories: Hacking CTF
Posted: 29 Aug 2016 by Codehead
3 minute read

Here’s a nice little 10 point binary challenge from CTF(x) 2016.

We’re told of a vulnerable service running at problems.ctfx.io 1338. We’re also given the source code:


Categories: Hacking CTF
Site powered by Hugo.
Polymer theme by pdevty, tweaked by Codehead