Category Archives: HackingWeek

[HackingWeek 2015] [Forensic 2] Write Up

Introduction

The supplied memory image was captured on a compromised machine, analyze it to answer questions (this is the same image for the four forensic tests, useless to download several times).

One of the machine’s users had several websites about an incident that involved a showbiz personality. The validation key is FirstnameLastname of this personality.

dump.gz (md5sum:1273931ce359f59bce95ce4507e1f4bf)

Continue reading [HackingWeek 2015] [Forensic 2] Write Up

[HackingWeek 2015] [Forensic 1] Write Up

Introduction

The supplied memory image was captured on a compromised machine, analyze it to answer questions (this is the same image for the four forensic tests, useless to download several times).

The validation key of the challenge is given by the PID, PPID and the number of threads of the Solitaire program. Put it to the format PID:PPID:nThreads.

dump.gz (md5sum:1273931ce359f59bce95ce4507e1f4bf)

Continue reading [HackingWeek 2015] [Forensic 1] Write Up

[HackingWeek 2015] [Forensic 4] Write Up

Introduction

The supplied memory image was captured on a compromised machine, analyze it to answer questions (this is the same image for the four forensic tests, useless to download several times).

When the machine was compromised, the attacker installed a Command & Control software that is currently inactive but must contact a server to receive his orders.
Find the server name and the port on which the malware should connect.
The validation key is servername:portnumber.

dump.gz (md5sum:1273931ce359f59bce95ce4507e1f4bf)

Continue reading [HackingWeek 2015] [Forensic 4] Write Up

[HackingWeek 2015] [Forensic 3] Write Up

Introduction

The supplied memory image was captured on a compromised machine, analyze it to answer questions (this is the same image for the four forensic tests, useless to download several times).

Find the password for the admin user that is located somewhere in memory.

dump.gz (md5sum:1273931ce359f59bce95ce4507e1f4bf)

Continue reading [HackingWeek 2015] [Forensic 3] Write Up

[HackingWeek 2015] [Crypto4] Write Up

Introduction

Session Start: Thu Feb 05 20:49:04 2015
Session Ident: #mastercsi
[20:49] * Now talking in #mastercsi
[20:49] * Topic is 'http://mastercsi.labri.fr/'
[20:49] * Set by admin!~admin on Sat Nov 22 00:06:50
[20:49] and I got an old RSA key that Alice used
[20:49] alice, alice's? you gotta be kidding me?
[20:49] haha no
[20:49] but there was just half, I had to complete with random values to make it work
[20:49] it seems to work anyway, if you have something to decipher...
[20:49] wait, I have her public key lying around somewhere, and even an encrypted file. I've always wondered what it was ...
[20:49] maybe it's the same key?
[20:50] I sent you the thing, take a look
[21:22] * Disconnected
Session Close: Thu Feb 05 21:22:11 2015

The validation key is the message encrypted with the private key of Alice, rebuild it using the following files:

alice.pub
mykey.pem (If you have some issues trying to download this file : right click -> save as …)
secret

Continue reading [HackingWeek 2015] [Crypto4] Write Up