Skip to content Skip to navigation

Hack.lu CTF Quals 2014

writeup
26 Oct

Barmixer Bot (misc 200)

Category: 

Task

There's a fun and quirky IRC bot to play with. It responds to commands in private chat but also in #hacklu-saloon on freenode. We think it's involved in a devious scheme that distracts people to get their money pickpocketed. So be careful!

Solution

We deal with IRC-bot named barmixer-bot in this task. It can understand some commands that starts with "!" symbol.

writeup
26 Oct

Wiener (Crypto 300)

Category: 

Task

It's gold rush time! The New York Herald just reported about the Californian gold rush. We know a sheriff there is hiring guys to help him fill his own pockets. We know he already has a deadful amount of gold in his secret vault. However, it is protected by a secret only he knows.
When new deputies apply for the job, they get their own secret, but that only provies entry to a vault of all deputy sheriffs. No idiot would store their stuff in this vault.
But maybe we can find a way to gain access to the sheriff's vault? Have a go at it:

nc wildwildweb.fluxfingers.net 1426
You might also need this [see attachment].

Solution

writeup
24 Oct

Gunslinger Joe's Gold (Reversing - 200)

Category: 

Task:

Silly Gunslinger Joe has learned from his mistakes with his private terminal and now tries to remember passwords. But he's gotten more paranoid and chose to develope an additional method: protect all his private stuff with a secure locking mechanism that no one would be able to figure out! He's so confident with this new method that he even started using it to protect all his precious gold. So … we better steal all of it! 

SSH: joes_gold@wildwildweb.fluxfingers.net
PORT: 1415
PASSWORD: 1gs67uendsx71xmma8

Solution:

writeup
23 Oct

Guess the Flag (Exploit - 200)

Category: 

Description:

Look at that guy over there! He's a bandit from the group that robs the stagecoaches in unpredictable intervals. I think he hasn't been with them for very long, so he can't tell whether you're one of them. Try to look like a bandit and talk to him. He probably won't just tell you their plan for the attack, but maybe you can ask him some questions?

Download
nc wildwildweb.fluxfingers.net 1412

Solution:

writeup
23 Oct

Personnel Database (Exploit - 150)

Category: 

Task:

Lots of criminals in this area work for one big boss, but we have been unable to determine who he is. We know that their organization has one central personnel database that might also contain information about their boss, whose username is simply “boss”. However, when you register in their system, you only get access level zero, which is not enough for reading data about the boss - that guy is level 10. Do you think you can get around their protections?

nc wildwildweb.fluxfingers.net 1410

Note: The users dir will be wiped every 5 minutes

And a .c file attached (attached to write-up below)

Solution:

Subscribe to RSS - Hack.lu CTF Quals 2014