CT

Jurassic park Category: Rev Points: 294 Files JuarrasicPark - JurassicPark: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=4XMyVkn0sTek7nw8EEYU/QdfCrifAK-NMKTlAgud5/tWG5xm3UkP6nAyK9dh6I/QDTAn6gKrQy1Vt4Cl8mo, with debug_info, not stripped Solve I was not the first on my team to solve this challenge, but didn’t notice until I had solved it. I feel it is still worth documenting this method of extracting a file from memory with pwndbg. In main we find a call to embed.

Continue reading 

ret2win Pwn 83 pts Description Are you looking for an exploit dev job. Well apply to the Republic of Potatoes. We are looking for the best hackers out there. Download the binary, find the secret door and remember to pass the right password. Files ret2win - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6407290ddc178ebcff6a243a585c21e8c32a440b, for GNU/Linux 3.2.0, not stripped Solve #!/usr/bin/python3 from pwn import * context.

Continue reading 

Ducky1 Category: Rev Difficulty: Easy Points: 100 Solves: 185 Description I recently got ahold of a Rubber Ducky, and have started automating ALL of my work tasks with it! You should check it out! Files inject.bin - data Solve The contents of inject.bin dosn’t give us much information. $ xxd inject.bin 00000000: 00ff 00ff 00ff 00ff 00ff 00ff 00ff 00ff ................ ... 00000350: 00ff 00ff 00ff 00ff 00ff 00ff 00ff 005f .

Continue reading 

#writeup Ducky2 Category: Rev Difficulty: Medium Points: 476 Solves: 36 Description Okay, turnsk out that wask too easy to decode. You skhoud definitely try thisk one now! (Note - Ducky3 is unlocked after solving this challenge) Files inject.bin - data Solve We are given a very similar file to inject.bin from ducky1. Let’s try to decode this one with DuckToolkit as well. $ python3 ducktools.py -d -l us ../inject.bin /dev/stdout [+] Reading Duck Bin file [-] Decoding file [-] Writing ducky text to /dev/stdout DELAY bzuctfmakesurezourkezboardissetupright|_}|"}|[+] Process Complete Ok, that didn’t seem to work but it does give us a hint by telling us to ‘make sure your keyboard is set up right’.

Continue reading 

Ducky3 Category: Rev Difficulty: Medium Points: 497 Solves: 14 Description Alright fine, I’ll make my own keyboard layout… Files inject.bin - data payload.txt - ASCII text Solve This challenge only provided another inject.bin file initially. As the description says, this file dosn’t seem to match any language, and appears to be custom made. The challenge was later fixed to include payload.txt. STRING abcdefghijklmnopqrstuvwxyz STRING ABCDEFGHIJKLMNOPQRSTUVWXYZ STRING 0123456789 STRING !@#$%^&*()-_ STRING payload.

Continue reading 