Cryptography War: Beating Krypton

Continuing to talk about the Wargames, today I'll briefly go through Krypton, the cryptography episode.

The problems are very straightforward and very similar to those from the last CSAW CTF (see my post here).

Disclaimer: if you haven't played WarGames but you are planing to, PLEASE DON'T ...

more ...

Smashing the Stack for Fun or WarGames - Narnia 0-4

One of my mentors, Joel Eriksson, suggested the quintessential WarGames, a collection of Security problems, divided into 14 interesting titles. I have been playing the games since last week and they are awesome! To play the WarGames you SSH to their servers with a login that indicates your current level ...

more ...

That's What Love Looks Like

I'm talking about this day that was all about love.

I am not actually talking, I'm showing my pictures.

The People's Climate March, which happened a couple of weeks ago in NYC, filled my veins with hope. No words are able to express what each of these ...

more ...

Setting up a Playing Environment with Virtual Machines


Further References:

more ...

Understanding the Shellshock Vulnerability

Almost a week ago, a new (old) type of OS command Injection was reported. The Shellshock vulnerability, also know as CVE-2014-6271, allows attackers to inject their own code into Bash using specially crafted environment variables, and it was disclosed with the following description:

    Bash supports exporting not just shell variables ...
more ...

CSAW CTF 2014 - Forensics 300: "Fluffy No More"

This is the fourth and the last of the forensics challenge in the CSAW CTF 2014 competition. It was much harder than the three before, but it was also much more interesting.

The challenge starts with the following text:

OH NO WE'VE BEEN HACKED!!!!!! -- said the Eye Heart Fluffy ...

more ...

The Sharif University CTF 2014

It looked like a fun CTF, but I did not have the chance to play for too long. I managed to solve a few problems in the morning and the solutions are below.

Avatar: Steganography

The challenge starts with:

A terrorist has changed his picture in a social network. What ...

more ...

CSAW CTF 2014 - Reverse Engineering 100: "eggshells"

This is the first exploitation problem and it starts with the following text:

I trust people on the Internet all the time, do you?

Written by ColdHeat

eggshells-master.zip

Unzipping and Analyzing the Files

Let’s unzip the provided zip file:

$ unzip eggshells-master.zip

This creates a directory called eggshells-master ...

more ...

CSAW CTF 2014 - Networking 100: "Big Data"

This is the only networking problem, and it is only 100 points, so it turned out to be very easy.

The problem starts with the following text:

Something, something, data, something, something, big

Written by HockeyInJune

pcap.pcapng

Inspecting the Wireshark File

The file extension .pcapng correspond to files for ...

more ...

CSAW CTF 2014 - Forensics 200: "Obscurity"

The third forensics challenge starts with the following text:

see or do not see

Written by marc

pdf.pdf

Hacking PDFs, what fun!

In general, when dealing with reverse-engineering malicious documents, we follow these steps:

 1. We search for malicious embedded code (shell code, JavaScript).

 2. We extract any suspicious ...
more ...