Codehead's Corner
Random ramblings on hacking, coding, fighting with infrastructure and general tech
Posted: 21 Feb 2016 by Codehead
2 minute read

Challenge:

FlagStore (exp70)

Description:

Here’s the ultimate flag store. Store and retrieve your flags whenever you want.


Categories: Hacking CTF
Posted: 21 Feb 2016 by Codehead
2 minute read

Challenge:

It’s Prime Time! (code60)

Description: We all know that prime numbers are quite important in cryptography. Can you help me to find some?

Service: 188.166.133.53:11059

Solution:

Running netcat against the address gave the following output:

> nc 188.166.133.53 11059
Hi, you know that prime numbers are important, don't you? 
Help me calculating the next prime!
Level 1.: Find the next prime number after 5:

Categories: Hacking CTF
Posted: 21 Feb 2016 by Codehead
2 minute read

I haven’t done much work with Ruby, but this little challenge from the Internetwache CTF looked interesting.

Challenge:

Ruby’s count (exp50)

Description: Hi, my name is Ruby. I like converting characters into ascii values and then calculating the sum.

Service: 188.166.133.53:12037

Solution

The first thing to do was to poke the service using netcat:

> nc 188.166.133.53 12037
Let me count the ascii values of 10 characters:
> 123
WRONG!!!! Only 10 characters matching /^[a-f]{10}$/ !

Categories: Hacking CTF
Posted: 7 Feb 2016 by Codehead
3 minute read

I hadn’t played SharifCTF before, but these guys put on a good competition.

Unfortunately I had other commitments, but I managed to spend a little bit of time looking at some of the challenges.

dMd was a reverse engineering challenge worth 50 points. A binary was provided with the description:

Flag is : The valid input.

file told me that the binary was an x86-64 ELF, so I threw it at my Fedora install and pulled up the disassembly in IDA.


Categories: CTF Hacking
Posted: 7 Feb 2016 by Codehead
2 minute read

SRM was another 50 point reverse engineering challenge at SharifCTF 2016. A binary was provided with the following description:

The flag is : The valid serial number.

file reported that the binary was a PE32 for Windows. So I fired up a Win7 VM and pulled up the disassembly in IDA.

Running the binary resulted in a dialog asking for an email address and a serial number.

RM Initial Screen


Categories: CTF Hacking
Posted: 7 Feb 2016 by Codehead
3 minute read

A nice little Stego challenge from SharifCTF

Challenge:

We have hidden a message in png file using jar file. Flag is hidden message. Flag is in this format:

SharifCTF{flag}

Files:

cheetah.tar.gz

Extracting the supplied tar.gz archive provided a PNG image:

AsianCheetah

Also included was Hide.jar, the Java code used to embed the flag in the image.


Categories: Coding CTF Hacking
Posted: 26 Oct 2015 by Codehead
1 minute read
A faithful replica of a typical 90s webpage, complete with a searing neon colour scheme and Netscape buttons. Browsing the site, I noticed from the URL that the pages were being served through the main index.php script with a ‘page’ parameter. Lets change that page parameter to something we’d like to see: Ping! 20 points.

Categories: CTF Hacking
Site powered by Hugo.
Polymer theme by pdevty, tweaked by Codehead