Precision was an exploit challenge worth 100 points. We're given a binary, and a server that it's running on, and told to exploit it. Let's take a look at the binary.


$ file precision 
precision: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=929fc6f283d6f6c3c039ee19bc846e927103ebcd, not stripped


As you can see, it's a 32-bit elf binary using shared libs. Also, it's not stripped, which is nice because it means that named symbols will still be present in the binary (to make reversing easier). Seeing as the goal here is to exploit it, let's take a look at the security controls baked in.

ones_and_zer0es (50 points)



This was a warm-up "challenge". I'm including it as a writeup primarily because I have never posted previously about how to binary translate things like this. The file you download ends in .mpeg, but it's not an mpeg. In fact, the first thing I do with any challenge is to run the Linux "file" command on it.

Category: Crypto Points: 10,10,30,40 Solves: 436,381,224,63 Description:

Decrypt 4 flags.

In this challenge we're given 4 encrypted flags, and ask to decrypt them. They get successively more difficult, with the last one only having 63 successful solves. For each encrypted blob we were given a corresponding URL containing the encryption engine that would allow us to input anything and get back the corresponding output.

From a cryptography perspective, this means that for each of the flags we have at least two types of attacks. We have a chosen plain text attack in which we can decide what to encrypt and look at the results. We also have a known plain text since each flag is of the form "MMA{<values>}". Using these two types of attacks we can solve each of the challenges.

I'm adding this writeup primarily because so many people were complaining about this challenge. I think this is an example of a challenge that will turn people away from CTFs as it only minimally has to do with crypto and has more to do with guessing what the challenge author wants. This challenge was worth 100 points.


All we are given is a link to This web page has an entry field, and will give an error if you enter too few characters (i think it was 5 or something) and complain that "Your note isn't long enough so it's not security". This would lead you to believe that the solution has something to do with the length of the input string.

The other day I was looking into creating transparent tunneling using my router (with dd-wrt version 24 sp 2) and ProXPN. This would be handy in any number of situations to include the ability to proxy those devices which don't naturally have that ability (i.e.: the internet of things). Sadly, there seems to be a dearth of information regarding how to set this up, so after some research and floundering on my own, here's how I've gotten it to work.