Old Security / hacking challenges revived. Integrated with wechall.net

h57xiucj2z946q

http://damienoreilly.org/ctf/

I revived all the old challenges and created an over all scoreboard for them.

I also integrated with http://www.wechall.net for a global scoreboard with other similar sites.
http://www.wechall.net/site/details/74/IRISSCON_2012_Lost_Challenges

Check it out.

syklops

Hugh Plain Zap wrote: »

http://damienoreilly.org/ctf/

I revived all the old challenges and created an over all scoreboard for them.

I also integrated with http://www.wechall.net for a global scoreboard with other similar sites.
http://www.wechall.net/site/details/74/IRISSCON_2012_Lost_Challenges

Check it out.

Ah Jaysus. My time is already taken up with the Honeyn3t CTF and now you release this. I'll have to give up on sleep altogether.

h57xiucj2z946q

syklops wrote: »

Ah Jaysus. My time is already taken up with the Honeyn3t CTF and now you release this. I'll have to give up on sleep altogether.

I'd say you have already completed some of these before.

syklops

Hugh Plain Zap wrote: »

I'd say you have already completed some of these before.

Yeah but you say challenge, and all I hear is challenge.

trout

As luck would have it, in a fit of cleanliness some weeks ago, I binned all the notes I took the first time.

Dammit ... now I simply HAVE to do these ... all over again.

h57xiucj2z946q

trout wrote: »

As luck would have it, in a fit of cleanliness some weeks ago, I binned all the notes I took the first time.

Dammit ... now I simply HAVE to do these ... all over again.

haha enjoy!

trout

I'm stuck on the binary blob challenge ... i know i've made good progress ... but I think I'm missing something very simple.

I've the other "easy" ones sorted ... but this blob one has me stumped.

It's driving me scatty.

HALP!

h57xiucj2z946q

trout wrote: »

I'm stuck on the binary blob challenge ... i know i've made good progress ... but I think I'm missing something very simple.

I've the other "easy" ones sorted ... but this blob one has me stumped.

It's driving me scatty.

HALP!

Aww to be honest, this challenge is really lame and therefore a lot of people get stuck on it, thinking its more difficult than it is. Its not really reverse engineering or pen-testing. Its just annoying really.

What have you found? A particular file format type? Whats so special over this file type compared to other similar file types?

trout

Hugh Plain Zap wrote: »

Aww to be honest, this challenge is really lame and therefore a lot of people get stuck on it, thinking its more difficult than it is. Its not really reverse engineering or pen-testing. Its just annoying really.

What have you found? A particular file format type? Whats so special over this file type compared to other similar file types?

2 digits. The difference between

87 and 89

h57xiucj2z946q

trout wrote: »

2 digits. The difference between

87 and 89

Hmm you might be on the wrong track.

A hint is: binwalk or even unix/linux/cygwin's file command.

trout

OK ... what I've got is this

A file system, containing 8 directories. Each directory has several file chunks. When joined together, these files form an image file. All but one of the image files displays correctly.

There is a theme linking the images ... abandoned buildings.

The one image that doesn't display properly has the magic number of GIF89 ... the other images have a magic number of GIF87

I've tried stego tools, scalpel (for hidden files)

... but I'm chasing my tail now

h57xiucj2z946q

trout wrote: »

OK ... what I've got is this

A file system, containing 8 directories. Each directory has several file chunks. When joined together, these files form an image file. All but one of the image files displays correctly.

There is a theme linking the images ... abandoned buildings.

The one image that doesn't display properly has the magic number of GIF89 ... the other images have a magic number of GIF87

I've tried stego tools, scalpel (for hidden files)

... but I'm chasing my tail now

This is why its hard, because its a dumb challenge compared to all other ones. Anyways, all the chunks merged should form valid images. I just tried it there. The magic difference isn't part of the challenge. Just think what the differences between what a gif can do over.. say a jpeg.

trout

I have 8 images ... they look lovely, but no sign of a key. Should I be looking for animation or opacity, something GIF specific?

h57xiucj2z946q

Gif specific yes.

trout

Metadata?

h57xiucj2z946q

trout wrote: »

Metadata?

anim frames

trout

GAH!

h57xiucj2z946q

trout wrote: »

GAH!

Haha yeah, its a pretty rubbish level.

trout

That binary blob one put me in bad form ... but I feel better now having solved it.

Onwards and upwards.

trout

I'm now on the "From the air" challenge. Aaaaaand I'm stuck. Again.

I have the CAP file parsed, the SSID, passphrase and the various WPA keys extracted through aircrack-ng and the backtrack wordlists.

I thought the Master key would be the answer, it wasn't. Then I tried both of the Transient keys.

So ... there must be some jiggerypokery required ...

I think I need another hint.

h57xiucj2z946q

trout wrote: »

I'm now on the "From the air" challenge. Aaaaaand I'm stuck. Again.

I have the CAP file parsed, the SSID, passphrase and the various WPA keys extracted through aircrack-ng and the backtrack wordlists.

I thought the Master key would be the answer, it wasn't. Then I tried both of the Transient keys.

So ... there must be some jiggerypokery required ...

I think I need another hint.

You should decrypt the pcap file now that you have the correct details. Use a tool in the aircrack-ng suite. Make sure its relatively up to date. Oldish versions are buggy

trout

Got it - thanks for the hint.

Looking at the "where to begin" one now.

h57xiucj2z946q

trout wrote: »

Got it - thanks for the hint.

Looking at the "where to begin" one now.

Hahah nice, this is a strange-ish one also!

trout

Yup ... it has me scratching my head.

I'm thinking

magic file numbers play a part .. and it's an executable of some sort

h57xiucj2z946q

trout wrote: »

Yup ... it has me scratching my head.

I'm thinking

magic file numbers play a part .. and it's an executable of some sort

The question is, how to execute that? or you could just examine it in a certain tool, bypass the need to execute it.

Further spoiler:

shell code

trout

OK ... some progress, but not enough.

I've extracted what looks like a shell file. It fails to execute properly ... not sure why. Line 11 looks odd. I guess the answer key is generated using this shell script ... and I should be able to reproduce / run it manually.

I'll have a well earned cuppa first though.

Am I the only fule doing these this time around?

h57xiucj2z946q

trout wrote: »

OK ... some progress, but not enough.

I've extracted what looks like a shell file. It fails to execute properly ... not sure why. Line 11 looks odd. I guess the answer key is generated using this shell script ... and I should be able to reproduce / run it manually.

I'll have a well earned cuppa first though.

Am I the only fule doing these this time around?

Oh I mean its shellcode.. http://en.wikipedia.org/wiki/Shellcode Don't worry, the code I have is not dangerous.

A further spoiler:

http://www.de-brauwer.be/wiki/wikka.php?wakka=RunningShell

Looks like your the only one from boards.ie doing them yeah. There is randomers from wechall.net that are giving them ago also.

trout

edit ... finally got the "where_to_begin" challenge

I need a lie down now.

Learned a lot on that one ... that's all new to me

trout

The clanteam challenge site appears to be down

syklops

Hugh Plain Zap wrote: »

Oh I mean its shellcode.. http://en.wikipedia.org/wiki/Shellcode Don't worry, the code I have is not dangerous.

A further spoiler:

http://www.de-brauwer.be/wiki/wikka.php?wakka=RunningShell

Looks like your the only one from boards.ie doing them yeah. There is randomers from wechall.net that are giving them ago also.

The Honeyn3t challenges finished up about a week ago. I reckon a lot of people will get to these but are enjoying some Away-from-screen time. Come the end of the Honeyn3t CTF I had stopped working, stopped housework, etc. Still didnt make the top 10 though . Still apparently, no one person solved all the challenges. Thats some consolation.

I've done a lot of these before, but Id like to do them again to get me / keep me sharp. I also think I need to improve my traffic analysis skills.

h57xiucj2z946q

trout wrote: »

The clanteam challenge site appears to be down

Hopefully it will come back online soon: http://www.zymic.com/forum/index.php?act=announce&f=34&id=12