Category: Exploit Points: 80 Solves: 101 Description:

Description: Printer are very very important for offices. Especially for remote printing. My boss told me to build a tool for that task.

Attachment: exp80.zip

Service: 188.166.133.53:12377

 

This example problem actually spurred me to create a helper script. Basically, I find that I do the same things every time that I run into a format string vulnerability. #1 is to re-learn how the damn thing works. #2 is to flounder around to try to find the right syntax. #3 is to spend time trying to figure out what is on the stack and what I have access to. This helper script solves all of that. But on to the challenge...

Category: Reverse Points: 150 Solves: 108 Description:

Run and capture the flag!

Download serial

This challenge was another great challenge to use angr on. Right off the bad we can see it will be a "find the correct serial number" problem.

 

$ file serial
serial: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=77e92e8b1bd4f26641bab4dbf563037a7b9538d2, not stripped

Category: Reverse Engineering Points: 300 Solves: Description:

Random as F*!@

pseudorandom_bin

 

This challenge was a great example of the power of symbolic execution. Start as usual with determining what type of file it is:

 

$ file pseudorandom_bin
pseudorandom_bin: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=5a0f467ef94ee8fa770ecda91c4326f00b2c6c30, stripped

Category: Reverse Engineering Points: 100 Solves: Description:

ZorroPub

zorro_bin

First off, lets see what type of file this is:

 

$ file zorro_bin
zorro_bin: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=5bd9436f341615c804471bb5aec37e426508a7af, stripped