As a side interest, I've become curious about video and audio encoding. I've been looking into the many different flavors of encoding there are, and attempting to determine the best way forward. This is purely selfish as I have a collection of videos that are taking up too much space and I want to make them smaller, but also keep as much detail as possible.

 

Getting more to the point, my primary system is a Windows desktop with NVidia graphics card. While I was able to encode videos using Linux, the machine running Linux was either a Virtual Machine or a laptop. Either way, performance for encoding was not great. I wanted to not only get my much stronger desktop involved, but also utilize the graphics card. I was previously using HandBrake, which is a neat application. However, I wanted more control over what was happening, and also just get a bad vibe from that tool (and don't want it running on my primary system). One of the most well known and respected tools in this area is ffmpeg. If you haven't looked at it, I'd highly recommend reading their docs. Really cool stuff.

FTP (300 points)

We found an ftp service, I'm sure there's some way to log on to it.

nc 54.175.183.202 12012
ftp_0319deb1c1c033af28613c57da686aa7

We're given a binary. Let's see what it is:

 

$ file ftp_0319deb1c1c033af28613c57da686aa7
ftp: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=43afbcd9f4e163f002970b9e69309ce0f1902324, stripped

Precision was an exploit challenge worth 100 points. We're given a binary, and a server that it's running on, and told to exploit it. Let's take a look at the binary.

 

$ file precision 
precision: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=929fc6f283d6f6c3c039ee19bc846e927103ebcd, not stripped

 

As you can see, it's a 32-bit elf binary using shared libs. Also, it's not stripped, which is nice because it means that named symbols will still be present in the binary (to make reversing easier). Seeing as the goal here is to exploit it, let's take a look at the security controls baked in.

I was sniffing some web traffic for a while, I think i finally got something interesting. Help me find flag through all these packets.
net_756d631588cb0a400cc16d1848a5f0fb.pcap

This was a 100 point challenge. Overall it was pretty fun. First thing to do with the pcap is strings it and look for an easy win. While we didn't get an easy win here, we did get a nice reference point:

 

$ strings net_756d631588cb0a400cc16d1848a5f0fb.pcap | grep -i flag
FLAG = 'flag{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}'
        print encode(FLAG, cnt=?)

ones_and_zer0es (50 points)

eps1.1_ones-and-zer0es_c4368e65e1883044f3917485ec928173.mpeg

 

This was a warm-up "challenge". I'm including it as a writeup primarily because I have never posted previously about how to binary translate things like this. The file you download ends in .mpeg, but it's not an mpeg. In fact, the first thing I do with any challenge is to run the Linux "file" command on it.