this is one of their machines which have very sensitive informations ,
try to get for us the password208.64.122.27
PORT : 3000
X99 carries a synthetic vulnerability that allows a char-by-char password bruteforce.
Read the rest of this entry »
Feb
13
this is one of their machines which have very sensitive informations ,
try to get for us the password208.64.122.27
PORT : 3000
X99 carries a synthetic vulnerability that allows a char-by-char password bruteforce.
Read the rest of this entry »
Feb
13
Feb
13
SSH : 208.64.122.235
guest:guest
Category: exploitation
Summary: format string bug, ASLR and NX
Feb
05
File was running at kimjongun.final2012.ghostintheshellcode.com : 2645
Summary: buffer overflow, reverse
Feb
05
File was running at gratis.final2012.ghostintheshellcode.com:3030
Summary: reverse, x64, filtering parameters error
Jan
30
files running at hellothere.final2012.ghostintheshellcode.com
Summary: MITM attack
Jan
30
Jacked
file running at jacked.final2012.ghostintheshellcode.com:2121
Summary: weak random, BlackJack bot, format string
Jan
30
Question: Fanatic
300 Points
Remeber the past. (Link)
Here we have a NES emulator written on javascript. ROM can easily be dumped from there.
Jan
30
Question: VoxVeritas
400 Points
Find the secret passage. (File)
Jan
30
Question: Noughts and crosses
300 Points
Solve the puzzle! tictactoe.final2012.ghostintheshellcode.com:9797
Jan
30
Question: SuperSecure
250 Points
Use your team name and generate a valid answer. (File)
Summary: xor-chained sha256 and sha512
Jan
27
One evening, you decide to take a look at the website of Awesome Corp., a competitor which you suspect of reverse-engineering parts of your software and using these code pieces in their own product. Unfortunately, you got no proof, so you begin to investigate on your own.
Soon enough (insert random webhacking stuff here), you get access to an administrators inbox. It seems like they use a custom authentication system which manages access to internal resources like SVN servers and such. It is called ‘Secured Range’ and is in use since January 2011, as the logs state. All you manage to retrieve before an administrator throws you out of the system are two binaries of their login system:
AwsmCrp.PRKG-for-Secured-Ranges.exe
AwsmCrp.Auth-Token-Retrieval.exeThe first seems to update masterkeys every few months, the latter produces authentication tokens for the employees. Try to get hold of the system’s current master key to solve this challenge.
Category: reversing
Jan
26
This very secure locking mechanism encloses files and only gives them to you when you know the passphrase. Find it and you will have the flag.
Category: reversing
Summary: find out a xor cipher, use xortool to get the key
Jan
21
Hey! This is the writeup on wormholing.
Essentially, it allows you to score 1st place without solving any tasks :)