During this last weekend, the 9447 CTF took place. One of the misc problems was called NoSQL and had the following description, together with an attachment with three files:

Hey, I don't understand how SQL works, so I made my own NoSQL startup. And OpenSSL is bloody crap.

ip ...

Although I did not have the chance of playing in either of the three Stripe CTFs, I was quite enthralled when I took a look at the problems. I decided to solve them anyway, and I am writing this series of writeups.

This post is about the first Stripe CTF ...

Last weekend I played some of the DEFCAMP CTF Quals. It was pretty intense. For (my own) organizational purposes, I made a list of all the technologies and vulnerabilities found in this CTF, some based on my team's game, some based on the CTF write-ups git repo.

Vulnerabilities

Remote ...

The ASIS CTF happened last weekend. Although I ended up not playing all I wanted, I did spend some time working on a crypto challenge that was worth a lot of points in the game. The challenge was about a sort of a not well-known system, the Paillier cryptosystem.

The ...

This is the fourth and the last of the forensics challenge in the CSAW CTF 2014 competition. It was much harder than the three before, but it was also much more interesting.

The challenge starts with the following text:

OH NO WE'VE BEEN HACKED!!!!!! -- said the Eye Heart Fluffy ...

It looked like a fun CTF, but I did not have the chance to play for too long. I managed to solve a few problems in the morning and the solutions are below.

Avatar: Steganography

The challenge starts with:

A terrorist has changed his picture in a social network. What ...

This is the first exploitation problem and it starts with the following text:

I trust people on the Internet all the time, do you?

Written by ColdHeat

eggshells-master.zip

Unzipping and Analyzing the Files

Let’s unzip the provided zip file:

$ unzip eggshells-master.zip

This creates a directory called eggshells-master ...

This is the only networking problem, and it is only 100 points, so it turned out to be very easy.

The problem starts with the following text:

Something, something, data, something, something, big

Written by HockeyInJune

pcap.pcapng

Inspecting the Wireshark File

The file extension .pcapng correspond to files for ...

The third forensics challenge starts with the following text:

see or do not see

Written by marc

pdf.pdf

Hacking PDFs, what fun!

In general, when dealing with reverse-engineering malicious documents, we follow these steps:

 1. We search for malicious embedded code (shell code, JavaScript).

 2. We extract any suspicious ...

This was the first forensic challenge. It starts with the following text:

dumpsters are cool, but cores are cooler

Written by marc

firefox.mem.zip

Unziping firefox.mem.zip

The given file has a funny extension .mem.zip. Before we go ahead and unzip it, let's try to learn ...