TheFewChosen CTF 2021: Forensics – Ocean / Writeup

Ulli Weichert/ November 28, 2021/ IT-Security, Write-Ups/ 0Kommentare

OCEAN What can you do in an ocean of files? nc server.challenge.ctf.thefewchosen.com 1338 Hints There is an official hint: Hint for ocean: The chal file is not relevant. That’s just a shell (basically the entrypoint). Try listing folders and subfolders Todos So we looked around for a while and found this directory (Magic trick was to use ls -R instead

Weiterlesen

TheFewChosen CTF 2021: MISC – Lost my Head / Writeup

Ulli Weichert/ November 28, 2021/ IT-Security, Write-Ups/ 0Kommentare

Lost my Head Oh no! Help! I’ve lost my head! Can you tell me the street name of the trash bin I lost it in? Maybe I can still find it… Flag format: TFCCTF{street_name_and_street_number_as_seen_on_google_maps_separated_by_underscores} Challenge authors: hofill, tomadimitrie Solving Like always we should first check strings, file and so on. Please see the logfiles. In the exif we can find

Weiterlesen

K3RN3L CTF 2021: Kiddie Pool – 3in1 / Writeup

Ulli Weichert/ November 14, 2021/ hacking, IT-Security, Write-Ups/ 0Kommentare

3in1 Description Like Nescafeeeee! Attachments https://ctf.k3rn3l4rmy.com/kernelctf-distribution-challs/nescafeee/AES.py Todos To decrypt the string in the given AES.py script (String is in scriptfile as a comment). from Crypto.Cipher import AES from Crypto.Hash import SHA256 f = open('progress.txt', 'r') password = ("abda") hash_obj = SHA256.new(password.encode('utf-8')) hkey = hash_obj.digest() def encrypt(info): msg = info BLOCK_SIZE = 16 PAD = "{" padding = lambda s: s

Weiterlesen

DamCTF 2021: rev – seed / Writeup

Christian Leipold/ November 11, 2021/ IT-Security, Write-Ups/ 0Kommentare

DamCTF 2021 rev/seed m0x Having a non-weak seed when generating "random" numbers is super important! Can you figure out what is wrong with this PRNG implementation? seed.py is the Python script used to generate the flag for this challenge. log.txt is the output from the script when the flag was generated. What is the flag? Downloads log.txt seed.py Given was

Weiterlesen

DamCTF 2021: malware – sneaky-script / Writeup

Christian Leipold/ November 11, 2021/ IT-Security, Write-Ups/ 0Kommentare

DamCTF 2021 malware/sneaky-script (forensics/rev) captainGeech We recovered a malicious script from a victim environment. Can you figure out what it did and if any sensitive information was exfiltrated? We were able to export some PCAP data from their environment as well. Downloads files.zip Given was a pcap file and a bash script. -rwxr-xr-x 1 root root 516 5. Nov 05:35

Weiterlesen

DamCTF 2021: misc – bad-patterns / Writeup

Christian Leipold/ November 11, 2021/ IT-Security, Write-Ups/ 0Kommentare

DamCTF 2021 misc/bad-patterns BaboonWithTheGoon A hacker was too lazy to do proper encryption. However, they left us some examples of how their encryption "algo" was supposed to work. original text : "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris

Weiterlesen

BSides Jeddah CTF 2021: Category pcap / Writeup

Marco Schmidt/ Oktober 28, 2021/ IT-Security, Write-Ups/ 0Kommentare

BSides-Jeddah-CTF Writeups to the BSides Jeddah CTF – 2021 Situation – BSides Jeddah BSides Jeddah is coming up with a blueteam flavored CTF this year hosted by CyberDefenders. This will be a Jeopardy-style intermediate CTF with a few harder challenges, including network analysis, memory forensics, and malicious document analysis. To get latest updates, follow us on twitter @JeddahBsides , @CyberDefenders.

Weiterlesen