[ZeroNights2016] [CTFzone] Debriefing for 50



Well, that ended ZeroNights 2016. I would like to thank the organizers of this event and all its participants: during two days there were a lot of amazing digests, we did a alcoholic cocktails, thinking how to hack "smart home", proved your intelligence in quizzes and, of course, many participants tried CTF to compete for the title of "best in the business" — some of these we. In connection with the foregoing, this series of articles will devote ritau for CTFzone.

Thank you the organizers!
Special thanks to GH0st3rs for providing rateapy certain tasks.

the

FORENSIC50 — PCAP Master


A. U. R. O. R. A.: Lieutenant, how do you read me? You've intercepted the traffic between the command server and the pilot's computer. Try to get the password from this traffic.

The job came with a PCAP dump of the traffic. Run Wireshark for the study.
Oh, and here is the key:



the

MISC50 — Cypher Psycho


A. U. R. O. R. A.: Lieutenant, seems like someone left a message for you. But I can't decode it. Surely, it is the strongest cipher on the planet: dWdnYzovL2NuZmdyb3ZhLmVoL01MZEZXt0q5

What we have: the encoded string, presumably Base64 — decode try: uggc://cnfgrova.eh/MLdFWOD9. This is very similar to a rotary cipher. Said — done (using website). We get: pastebin.ru/ZYqSJBQ9. The link code Morse code

the 
-.-. - ..-. --.. --- -. . .---- -.. -.. ----. ----- -... ---.. ..-. ..--- -.. ----- -.. ....- ---.. ----- ----. -.... . ---.. ..... . .---- ..... ....- ..-. ---.. ..-. ..-. ----. --... --... ...--

After conversion of the received Morse code flag: ctfzone1dd90b8f2d0d48096e85e154f8ff9773

the

WEB50 — Make CTF Great Again


Lieutenant (You): A. U. R. O. R. A., I'm on board. I was surfing the net and I have found the old page of Captain Picard''s cousin. It seems like Donald had been absolutely normal before he took this “Trump” nickname and decided to fight for the General position against one very skilled woman engineer. Let's see what's in there.

The job came with a website address. Go see a one-page website. Looking at the page source and understand the need to look for something else. Otherwise? Well then definitely robots.txt:

the 
User-agent: *
Disallow: /?
Disallow: /404.html
Disallow: /about.html
Dissallow: /97c97e5a5402c5fdf461555afafafe0d/

Whoa! Excited to open and see in the directory is only one file: "verysecretfile.txt". Don't even know what could be out there. Really! Key: ctfzone{320bc78efe2a58175bc9d48fcbb5ca10}

the

OSINT50 — Snail Mail


A. U. R. O. R. A.: Lieutenant, my memory is letting me down. Do you remember the postal code of this CTF organizer''s office?
Flag format is: ctfzone{POSTAL_CODE}

We are required to specify the zip code of the CTF organizers:


Key: ctfzone{105066}

the

REVERSE50 — Console Version 1.337


A. U. R. O. R. A.: Lieutenant, you are standing in the Alpha base in front of the SCI430422 art mainframe console where its sixty-four LED lights are blinking in hypnotic patterns. As you know, this system is renowned for its top-notch security measures. Only the most expert or resourceful hackers are able to break in — and you are definitely one of them.

To the task attached file reverse50.exe. Run and see a window prompting you to enter a password. Attempts to pick up output error message, because it is not true:



Well, begin to reverse! Go to the function that contains the string that the password is correct/incorrect:



What do we see?

the
    the
  • you will be prompted to enter a password at: 00401169;
    • the
  • Then at: 0040117E — read the string.
    • the
  • Next to the address: 0040118D — invoked function that is passed the password. Let's call it CheckPassword;
    • the
  • If the function returned True, displays a greeting.

Go to the function CheckPassword



Here I first became interested: what kind of strings are compared in the function strcmp at: 004010CF. Set breakpoints there and run. After activation BP, we see that in one of the registers to the stack just gets our flag:
Flag: ctfzone{l33t_haxx0r_is_you!!1}


We will continue this series of articles, where we will consider the solution of other tasks of CTFzone 2016.
Stay tuned!

Article based on information from habrahabr.ru

Популярные сообщения из этого блога

Approval of WSUS updates: import, export, copy

Изображение
the Backstory Until recently, I worked as edikasyon a major Russian company that has many offices throughout the country. In my jurisdiction there were eleven sites, located in different cities of the Far East (this is important). In each of these offices had its own, not connected with other network infrastructure — your domain AD own subnet, etc. Once the leadership gave me the task to organize the automatic updating of the OS and programs from MS and allowed to expand on accountable sites WSUS . Problem After WSUS was deployed, binding policy, computers to WSUS groups are configured, the directory synchronization content server MS held, etc., the question arose: who and how will approve the update? Imagine 11 cities that are so "fast" and "stable", that rare moment when latency of ICMP replies are only 800 MS, are perceived as unheard of luck. And in each you test all updates before deploying. The access to the servers at the sites was only v...
Далее...

Kaspersky Security Center — the fight for automation

oddly enough, I found habré only one article on the subject — the sandbox much unfinished actually contains a piece of the slightly redesigned the product help. Yes, and Google query klakaut silent. I'm not going to tell you how to administer the hierarchy of Kaspersky Security Center (hereinafter KSC) from the command line — I do not yet need never. Just want to share some thoughts about automation tools to those who need it and disassemble one case with which I had to face. If you, %habrauser%, this topic will be interesting — welcome under kat. Historically, the anti-virus protection on the job, I prefer products of Kaspersky Lab (hereafter LK). Causes and other Holy war of personal opinions, I'll leave behind the scenes. Naturally, I would like to centrally deploy, protect, to protect and to enforce the law to draw beautiful graphics to integrate into existing monitoring systems and to do other work shifting the blame to a healthy server. And if you deplo...
Далее...

The Hilbert curve vs. Z-order

Изображение
Repeatedly heard the opinion that of all swept curves . it the Hilbert curve the most promising for spatial indexing. The explanation given is that it does not contain discontinuities and therefore in some sense “well-arranged”. Whether so it actually and what is the spatial indexing, we will understand under the cut. The concluding article of the series: the the Why doesn't the straightforward approach to spatial indexing swept curves the Presentation the 3D and obvious optimization the 8D and perspectives OLAP the 3D field as it looks the 3D field benchmarks the How about indexing non-point objects? The Hilbert curve has the remarkable property — the distance between two successive points is always equal to one (step current of detail, to be precise). Therefore, data is not much different Hilbert curve values are close to each other (the inverse, incidentally, is wrong — adjacent points may be very different in meaning). For this property it is us...
Далее...