Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Old Security / hacking challenges revived. Integrated with wechall.net

Comments

  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    http://damienoreilly.org/ctf/

    I revived all the old challenges and created an over all scoreboard for them.

    I also integrated with http://www.wechall.net for a global scoreboard with other similar sites.
    http://www.wechall.net/site/details/74/IRISSCON_2012_Lost_Challenges

    Check it out.

    Ah Jaysus. My time is already taken up with the Honeyn3t CTF and now you release this. I'll have to give up on sleep altogether.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    syklops wrote: »
    Ah Jaysus. My time is already taken up with the Honeyn3t CTF and now you release this. I'll have to give up on sleep altogether.

    I'd say you have already completed some of these before.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    I'd say you have already completed some of these before.

    Yeah but you say challenge, and all I hear is challenge.


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    As luck would have it, in a fit of cleanliness some weeks ago, I binned all the notes I took the first time.

    Dammit ... now I simply HAVE to do these ... all over again.

    :)


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    trout wrote: »
    As luck would have it, in a fit of cleanliness some weeks ago, I binned all the notes I took the first time.

    Dammit ... now I simply HAVE to do these ... all over again.

    :)

    haha enjoy!


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    I'm stuck on the binary blob challenge ... i know i've made good progress ... but I think I'm missing something very simple.

    I've the other "easy" ones sorted ... but this blob one has me stumped.

    It's driving me scatty.

    HALP!


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    trout wrote: »
    I'm stuck on the binary blob challenge ... i know i've made good progress ... but I think I'm missing something very simple.

    I've the other "easy" ones sorted ... but this blob one has me stumped.

    It's driving me scatty.

    HALP!


    Aww to be honest, this challenge is really lame and therefore a lot of people get stuck on it, thinking its more difficult than it is. Its not really reverse engineering or pen-testing. Its just annoying really.

    What have you found? A particular file format type? Whats so special over this file type compared to other similar file types?


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    Aww to be honest, this challenge is really lame and therefore a lot of people get stuck on it, thinking its more difficult than it is. Its not really reverse engineering or pen-testing. Its just annoying really.

    What have you found? A particular file format type? Whats so special over this file type compared to other similar file types?

    2 digits. The difference between
    87 and 89


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    trout wrote: »
    2 digits. The difference between
    87 and 89

    Hmm you might be on the wrong track.

    A hint is: binwalk or even unix/linux/cygwin's file command.


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    OK ... what I've got is this
    A file system, containing 8 directories. Each directory has several file chunks. When joined together, these files form an image file. All but one of the image files displays correctly.

    There is a theme linking the images ... abandoned buildings.

    The one image that doesn't display properly has the magic number of GIF89 ... the other images have a magic number of GIF87

    I've tried stego tools, scalpel (for hidden files)
    ... but I'm chasing my tail now :(


  • Advertisement
  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    trout wrote: »
    OK ... what I've got is this
    A file system, containing 8 directories. Each directory has several file chunks. When joined together, these files form an image file. All but one of the image files displays correctly.

    There is a theme linking the images ... abandoned buildings.

    The one image that doesn't display properly has the magic number of GIF89 ... the other images have a magic number of GIF87

    I've tried stego tools, scalpel (for hidden files)
    ... but I'm chasing my tail now :(
    This is why its hard, because its a dumb challenge compared to all other ones. Anyways, all the chunks merged should form valid images. I just tried it there. The magic difference isn't part of the challenge. Just think what the differences between what a gif can do over.. say a jpeg.


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    I have 8 images ... they look lovely, but no sign of a key. Should I be looking for animation or opacity, something GIF specific?


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Gif specific yes.


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    Metadata?


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    trout wrote: »
    Metadata?
    anim frames


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    GAH!


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    trout wrote: »
    GAH!

    Haha yeah, its a pretty rubbish level.


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    That binary blob one put me in bad form ... but I feel better now having solved it.

    Onwards and upwards.


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    I'm now on the "From the air" challenge. Aaaaaand I'm stuck. Again.
    I have the CAP file parsed, the SSID, passphrase and the various WPA keys extracted through aircrack-ng and the backtrack wordlists.

    I thought the Master key would be the answer, it wasn't. Then I tried both of the Transient keys.

    So ... there must be some jiggerypokery required ...

    I think I need another hint. :)


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    trout wrote: »
    I'm now on the "From the air" challenge. Aaaaaand I'm stuck. Again.
    I have the CAP file parsed, the SSID, passphrase and the various WPA keys extracted through aircrack-ng and the backtrack wordlists.

    I thought the Master key would be the answer, it wasn't. Then I tried both of the Transient keys.

    So ... there must be some jiggerypokery required ...

    I think I need another hint. :)

    You should decrypt the pcap file now that you have the correct details. Use a tool in the aircrack-ng suite. Make sure its relatively up to date. Oldish versions are buggy


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    Got it - thanks for the hint.

    Looking at the "where to begin" one now.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    trout wrote: »
    Got it - thanks for the hint.

    Looking at the "where to begin" one now.


    Hahah nice, this is a strange-ish one also!


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    Yup ... it has me scratching my head.

    I'm thinking
    magic file numbers play a part .. and it's an executable of some sort


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    trout wrote: »
    Yup ... it has me scratching my head.

    I'm thinking
    magic file numbers play a part .. and it's an executable of some sort
    The question is, how to execute that? or you could just examine it in a certain tool, bypass the need to execute it.

    Further spoiler:
    shell code


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    OK ... some progress, but not enough.
    I've extracted what looks like a shell file. It fails to execute properly ... not sure why. Line 11 looks odd. I guess the answer key is generated using this shell script ... and I should be able to reproduce / run it manually.

    I'll have a well earned cuppa first though.

    Am I the only fule doing these this time around?


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    trout wrote: »
    OK ... some progress, but not enough.
    I've extracted what looks like a shell file. It fails to execute properly ... not sure why. Line 11 looks odd. I guess the answer key is generated using this shell script ... and I should be able to reproduce / run it manually.

    I'll have a well earned cuppa first though.

    Am I the only fule doing these this time around?
    Oh I mean its shellcode.. http://en.wikipedia.org/wiki/Shellcode Don't worry, the code I have is not dangerous.

    A further spoiler:

    Looks like your the only one from boards.ie doing them yeah. There is randomers from wechall.net that are giving them ago also.


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    edit ... finally got the "where_to_begin" challenge

    I need a lie down now.

    Learned a lot on that one ... that's all new to me :)


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    The clanteam challenge site appears to be down :(


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Oh I mean its shellcode.. http://en.wikipedia.org/wiki/Shellcode Don't worry, the code I have is not dangerous.

    A further spoiler:

    Looks like your the only one from boards.ie doing them yeah. There is randomers from wechall.net that are giving them ago also.

    The Honeyn3t challenges finished up about a week ago. I reckon a lot of people will get to these but are enjoying some Away-from-screen time. Come the end of the Honeyn3t CTF I had stopped working, stopped housework, etc. Still didnt make the top 10 though :(. Still apparently, no one person solved all the challenges. Thats some consolation.

    I've done a lot of these before, but Id like to do them again to get me / keep me sharp. I also think I need to improve my traffic analysis skills.


  • Advertisement
  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    trout wrote: »
    The clanteam challenge site appears to be down :(

    Hopefully it will come back online soon: http://www.zymic.com/forum/index.php?act=announce&f=34&id=12


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Seems to be back online now.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    syklops wrote: »
    The Honeyn3t challenges finished up about a week ago. I reckon a lot of people will get to these but are enjoying some Away-from-screen time. Come the end of the Honeyn3t CTF I had stopped working, stopped housework, etc. Still didnt make the top 10 though :(. Still apparently, no one person solved all the challenges. Thats some consolation.

    I've done a lot of these before, but Id like to do them again to get me / keep me sharp. I also think I need to improve my traffic analysis skills.

    I had applied to enter that, but I never got invite accepted. I think there was a large number of people playing.

    This one is up next:
    http://ctftime.org/event/list/upcoming
    http://Hack.lu


    I played CSAW 2013 with WeChall.net guys, was good fun: https://ctf.isis.poly.edu/


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    Site's back up ... I'm going to crack on.

    I'm on SC7 ... which should be simple enough
    generate WEP key to decrypt packet capture.

    Using airdecap-ng and the WEP key, I can decrypt the CAP file ... and see the traffic in the clear. For the life of me, I cannot figure out where the credentials are entered, or what values are used.

    It must be simpler than reading 5000 packets?


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    trout wrote: »
    Site's back up ... I'm going to crack on.

    I'm on SC7 ... which should be simple enough
    generate WEP key to decrypt packet capture.

    Using airdecap-ng and the WEP key, I can decrypt the CAP file ... and see the traffic in the clear. For the life of me, I cannot figure out where the credentials are entered, or what values are used.

    It must be simpler than reading 5000 packets?
    As far as I remember with this one, you only need to worry about http traffic. You should be able to filter with wireshark after you decrypted with airdecap-ng.


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    How much time are you putting into these, folks? (let's say on average, per challenge)

    I'd like to do some, but I'm squeezed for time.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    In lapsed time, I'd say between an hour & two hours for most of the challenges ... but I'm slower than mass :o

    For stuff that's new to me, like
    shellcode
    ... there's a learning curve, but the hints come quick & fast, and I'm really enjoying this.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Khannie wrote: »
    How much time are you putting into these, folks? (let's say on average, per challenge)

    I'd like to do some, but I'm squeezed for time.


    It all depends on experience really for a given area. As they are only "challenges", sometimes the idea of finding a key can be head-wrecking, especially if its not a real life scenario! (as you can see from trout's previous posts).


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Just bumping this. These are still online if any new comers wants to give them ago.

    http://damienoreilly.org/ctf


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    Damn you Damo!

    *shakes fist*

    I had forgotten all about this ... now I'll HAVE to finish them


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    trout wrote: »
    Damn you Damo!

    *shakes fist*

    I had forgotten all about this ... now I'll HAVE to finish them

    I was thinking the same. Why am I not in the hall of fame despite having done many of these already? Least I wont be bored this weekend(like there was any risk!).


  • Advertisement
  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    syklops wrote: »
    I was thinking the same. Why am I not in the hall of fame despite having done many of these already? Least I wont be bored this weekend(like there was any risk!).

    Oh I had reset the score board when I merged the web app challenges with the IRISSCON challenges and moved the scoreboard to different host, and integrated with wechall.net!.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    yore.ma isnt working for the ssid in challenge 7. Is that a coincidence, or are you being sneaky?

    Edit: Ok, tried it with a different ssid and it doesnt work with that either. Nevermind.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    syklops wrote: »
    yore.ma isnt working for the ssid in challenge 7. Is that a coincidence, or are you being sneaky?

    Edit: Ok, tried it with a different ssid and it doesnt work with that either. Nevermind.

    Hmm it should work. Try


Advertisement