Skip to content Skip to navigation


01 Oct

Mining Your Rs and Ss (Crypto 500)


[To try to solve the task see an attachment below the writeup]

For this particular task we've been given some sort of CA to issue user certificates and authentication part to verify issued user certificate using SSL handshake. The main purpose according to the message provided after authentication is to login with certificate issued to the user named admin. There is no sense telling that one can not do this in ordinary way by requesting it from CA provided.

29 Sep

AES Broken (300)


This time we are given a rather long file, presumably ciphertext -- the result of AES transformation weak in some sort of way. After taking a look at it in Sublime we can't find anything wrong with it: indeed, Sublime does normally hang after us trying to make a full-text search through the file. Let's better make it binary and open in some lightweight hex editor.

29 Sep

Rolling Hash



def RabinKarpRollingHash( str, a, n ):
        result = 0
        l = len(str)
        for i in range(0, l):
                result += ord(str[i]) * a ** (l - i - 1) % n
        print "result = ", result

RabinKarpRollingHash(flag, 256, 10**30)

output is 
What is the flag?


25 Sep

xorcise (exploit 500)


We've got the following binary and its source code: xorcise.

$ file xorcise
xorcise: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked 
(uses shared libs), for GNU/Linux 2.6.32, not stripped

Looking attentively at source code you can find this interesting moment in decipher function:

23 Sep

Explicit (pwn 500)


The task was to find vulnerability in binary service explicit (binary and exploit). Like other tasks at this CTF, this one was easy enouth.

After downloading file and opening it in IDA I'd found that it's x86 ELF which has no imported functions. Unfortunately Hex-Rays FLIRT didn't help me that time, but x86 decompiler works fine and few minutes was enouth to reconstruct main function and identify high level apis. Result I've got is the next: