Skip to content Skip to navigation

pwn

writeup
23 Oct

Guess the Flag (Exploit - 200)

Category: 

Description:

Look at that guy over there! He's a bandit from the group that robs the stagecoaches in unpredictable intervals. I think he hasn't been with them for very long, so he can't tell whether you're one of them. Try to look like a bandit and talk to him. He probably won't just tell you their plan for the attack, but maybe you can ask him some questions?

Download
nc wildwildweb.fluxfingers.net 1412

Solution:

writeup
23 Oct

Personnel Database (Exploit - 150)

Category: 

Task:

Lots of criminals in this area work for one big boss, but we have been unable to determine who he is. We know that their organization has one central personnel database that might also contain information about their boss, whose username is simply “boss”. However, when you register in their system, you only get access level zero, which is not enough for reading data about the boss - that guy is level 10. Do you think you can get around their protections?

nc wildwildweb.fluxfingers.net 1410

Note: The users dir will be wiped every 5 minutes

And a .c file attached (attached to write-up below)

Solution:

writeup
25 Sep

xorcise (exploit 500)

Category: 

We've got the following binary and its source code: xorcise.

$ file xorcise
xorcise: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked 
(uses shared libs), for GNU/Linux 2.6.32, not stripped

Looking attentively at source code you can find this interesting moment in decipher function:

writeup
23 Sep

Explicit (pwn 500)

Category: 

The task was to find vulnerability in binary service explicit (binary and exploit). Like other tasks at this CTF, this one was easy enouth.

After downloading file and opening it in IDA I'd found that it's x86 ELF which has no imported functions. Unfortunately Hex-Rays FLIRT didn't help me that time, but x86 decompiler works fine and few minutes was enouth to reconstruct main function and identify high level apis. Result I've got is the next:

Pages

Subscribe to RSS - pwn