Category Archives: CTF

English [PoliCTF 2015] Dat was real g00d fun

PoliCTF is now over!

It was a really good and fun CTF, challenges were well made, and the organization was really good. Just a few live patching on some challs, but I guess it’s always like that 🙂
Thanks to the organizers who gave us this really good CTF!

As this CTF was a way harder than the Hacking Week, we are not so well ranked, only 73 over 328 (1073 registered), but we are the second French team, behind khack40 (and way before zenk-security and hexpresso 😉 ).
We only solved 7 challenges, and we almost had done 3 more, but as we are a bit lame, we didn’t saw obvious things x)

Obviously, crypto is our main lack, with only zero finished challenge, we really need to skill on that part for the next time!

Stay tuned for the write ups, they’re coming soon (as we don’t have a lot to write :))

Web : web100 – web150 – web350
Pwn : pwn50
Grabbag : grabbag50
Reverse : reverse100
Forensics : forensics100

scoreboard
ScoreBoard
ranking
Ranking

English [HackingWeek 2015] [Forensic 2] Write Up

Introduction

The supplied memory image was captured on a compromised machine, analyze it to answer questions (this is the same image for the four forensic tests, useless to download several times).

One of the machine’s users had several websites about an incident that involved a showbiz personality. The validation key is FirstnameLastname of this personality.

dump.gz (md5sum:1273931ce359f59bce95ce4507e1f4bf)

Continue reading [HackingWeek 2015] [Forensic 2] Write Up

English [HackingWeek 2015] [Forensic 1] Write Up

Introduction

The supplied memory image was captured on a compromised machine, analyze it to answer questions (this is the same image for the four forensic tests, useless to download several times).

The validation key of the challenge is given by the PID, PPID and the number of threads of the Solitaire program. Put it to the format PID:PPID:nThreads.

dump.gz (md5sum:1273931ce359f59bce95ce4507e1f4bf)

Continue reading [HackingWeek 2015] [Forensic 1] Write Up

English [HackingWeek 2015] [Forensic 4] Write Up

Introduction

The supplied memory image was captured on a compromised machine, analyze it to answer questions (this is the same image for the four forensic tests, useless to download several times).

When the machine was compromised, the attacker installed a Command & Control software that is currently inactive but must contact a server to receive his orders.
Find the server name and the port on which the malware should connect.
The validation key is servername:portnumber.

dump.gz (md5sum:1273931ce359f59bce95ce4507e1f4bf)

Continue reading [HackingWeek 2015] [Forensic 4] Write Up

English [HackingWeek 2015] [Forensic 3] Write Up

Introduction

The supplied memory image was captured on a compromised machine, analyze it to answer questions (this is the same image for the four forensic tests, useless to download several times).

Find the password for the admin user that is located somewhere in memory.

dump.gz (md5sum:1273931ce359f59bce95ce4507e1f4bf)

Continue reading [HackingWeek 2015] [Forensic 3] Write Up