Category: Web Points: 75 Solves: 22 Description:

    What does this service do? It hides a flag!

 

Navigating to the website, we see an input box and a query button. The first thing to do is throw some data at it and see what happens:

 

SENT: a
RESPONSE: 61008ce2,CAMP15_silverneedle
RESPONSE: 61010292,CAMP15_silverneedle
SENT: ab
RESPONSE: 61626b8f,CAMP15_silverneedle
RESPONSE: 6162dc3f,CAMP15_silverneedle
SENT: abc
RESPONSE: not found

Category: Reversing Points: 200 Solves: 29 Description:

Find valid credentials for the registration server keycheck running on challs.campctf.ccc.ac 10114

 

Running this program, we get:

 

$ ./keycheck
Enter username: User
Enter key: Password
Registration data invalid.

 

As the title suggests, the goal is to find a username and key that will allow successful registration. Running strings on the binary doesn't tell us too much, but does show a reference to python2. Let's ease our way into this problem by using ltrace to show what libraries and system calls are performed.

Category: Reversing Points: 200 Solves: 108 Description:

Last month I was trying to simplify an algorithm.. and I found how to mess up a source really really bad. And then this challenge is born. Maybe is really simple or maybe is so hard that all of you will give up. Good luck!

reversemeplz

 

Another binary reversing problem. This one is a dynamically linked 32-bit ELF with symbols stripped. A look at strings does not give us any useful information. The binary itself, when run, appears to wait for input, perform some sort of check, then tell you if it's correct or not. An ltrace indicates that there's no useful function calls that will help us better understand what's going on. Lets start by looking at the location of the gets call.

PicoCTF is a Capture the Flag event focused on teaching skills, rather than being primarily a competition. This means that the challenges are written in a way to teach the person playing something and since there are different levels, many will learn something new during the CTF.

 

Here's the challenge:

"Daedalus Corp's spy in Thyrin Labs seems to sometimes use an encrypted drop box for their messages. We intercepted one of their messages, but we don't seem to be able to decrypt it. Fortunately, we have the source and the address of their key generation server: maybe there's a way to use that to decrypt their message? Unfortunately, we don't have their list of cached primes...

Their source, and our intercepted message, are here. The key generation service is running at vuln2014.picoctf.com:51818."

Category: Pwnable Points: 150 Solves: 86 Description:

Do you like reading books? here we have the best collection ever! you can even save some books for future reading!! enjoy noob! library.polictf.it:80

GPG key: yowlijOshSuftEvawvIshgugdecWikBi

johns-library

For this challenge, we're given a file named "johns-library". That is a 32-bit unstripped ELF file. Strings doesn't give us much info. Let's run it and see what happens.