Feb
26
This file is Forensic file format which is generally used.
Check the information of imaged DISK, find the GUIDs of every partition.Answer: strupr((part1_GUID) XOR (part2_GUID) XOR …)
Download : B704361ACF90390C17F6103DF4811E2D
Forensic 500 features EWF format container with EFI GPT partition table.
Read the rest of this entry »
Feb
26
1.234.41.7:22
ID : yesMan
PWD : ohyeah123
Download vulnerable binary.
Vuln500 was a hardened format-string vuln with ASLR, NX-stack, no-DTORs, RO .dynamic
Read the rest of this entry »
Feb
26
Here’s a web-based crypto challenge.
Summary: padding oracle attack, bit flipping
Feb
26
Because of vulnerability of site in Company A, database which contains user’s information was leaked. The file is dumped packet at the moment of attacking.
Find the administrator’s account information which was leaked from the site.
For reference, some parts of the packet was blind to XXXX.Answer : strupr(md5(database_name|table_name|decode(password_of_admin)))
(‘|’is just a character)Download : 80924D4296FCBE81EA5F09CF60542AE7
Net400 featured a network packet capture of a blind SQL injection attack with task to extract some info and bruteforce a bit.
Read the rest of this entry »
Feb
26
Here we are given ssh credentials where we need to exploit the binary.
Summary: compose file to make program jump to stack.
Feb
26
This web challenge is again about uploading.
Our aim was to get shell.
Summary: upload php shell, read the key.
Feb
26
This challenge is a web service where one can upload mp3 files and listen to them.
Our aim is to get admin’s song.
Summary: sql injection
Feb
26
Find a printable string that the program would print ultimately.
Summary: unpack, XTEA decrypt
Feb
13
this is one of their machines which have very sensitive informations ,
try to get for us the password208.64.122.27
PORT : 3000
X99 carries a synthetic vulnerability that allows a char-by-char password bruteforce.
Read the rest of this entry »
Feb
13
Feb
13
SSH : 208.64.122.235
guest:guest
Category: exploitation
Summary: format string bug, ASLR and NX
Feb
05
File was running at kimjongun.final2012.ghostintheshellcode.com : 2645
Summary: buffer overflow, reverse
Feb
05
File was running at gratis.final2012.ghostintheshellcode.com:3030
Summary: reverse, x64, filtering parameters error
Jan
30
files running at hellothere.final2012.ghostintheshellcode.com
Summary: MITM attack