Tag Archives: #ctf

[DCTF FINALS 2017] BACK ON THE EVENT

Hello everyone,

Last year, we were on final for the Defcamp. We finished in the bottom of the ranking (thanks to… actually to the night before, which had been a bit rude ^^).
But this year, we decided to be better (even if we again tried a lot of bars). And it paid! We were constantly moving from place #5 to #6, and ten minutes before the end, one of us flagged a challenge, and secured the 5th place!

Even if it’s not the first time we get into the Top5, we were in front of famous teams, and it was a real challenge to deal with it. But, hey, fighting DCUA, P4, and others was really fun after all! 🙂

We would like to thanks the organizers of the CTF, and of the Defcamp for their awesome work, and to say them : “See you next year ;)”

Here are the ranks :

defcamp ranking

[3DS CTF] [MISC 400 – WAT] Write up

Description

[EN]
Scavenging an old 318br repo, we found a program missing some line of code. Even without this line, we would like to know the result of
its execution.
Specific instruction: Put the flag on the format 3DS{} and submit.

[PT]
Vasculhando um repositorio antigo do 318br, nos encontramos um programa faltando uma parte. Mesmo faltando uma parte, nos gostariamos que voce nos dissesse o resultado de sua execucao.
Instrucao especifica: Colocar o resultado no formato 3DS{} e submeter.

Solved by 19 Teams

Continue reading [3DS CTF] [MISC 400 – WAT] Write up

[3DS CTF] [Web 200 – MapOs] Write up

Description

[PT-BR]
Ouvi no elevador uma conversa do pessoal da empresa ao lado da MapOs e descobri que o sistema principal deles esta passando por uma reformulacao devido a 2 falhas. Uma delas de autenticacao, mas sobre a outra, so sei que pode levar um hacker a ganhar acesso ao servidor principal deles.
Como bom hue_br que voce e , de uma olhada l. Tem um arquivo no servidor deles com a flag.
Vou ser bonzinho: comece pelo admin@admin.com
– Container desse chall sao reiniciados a cada 3h. Em outras palavras, incluia isso no seu calculo para resolver o chall antes do reboot.
[EN]
I just overheard a conversation from the company next door to MapOs and found out that their main system is being updated due to 2 bugs. One of them is related to authentication, but I don’t know nothing about the other one besides the fact that it could lead an attacker to gain access to their main server.
Being such a good hacker as you are, take a look over there. There’s a file in their server with the flag.
PROTIP: begin with admin@admin.com
– Container for this chall is restarted every 3h. In other words, your entire effort should be done in less than 3h from last restart.

Solved by 10 teams

Continue reading [3DS CTF] [Web 200 – MapOs] Write up