Sunday, October 1, 2017

SpeedTouch Team Writeups for DefCamp CTF 2017

DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors.

Capture the Flag (CTF) is a computer security competition. This kind of contests are usually designed to serve as an educational exercise to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world. Reverse-engineering, network sniffing, protocol analysis, system administration, programming, and cryptanalysis are all skills which have been required in prior competitions. There are two main styles of capture the flag competitions: attack/defense and jeopardy. In an attack/defense style competition, each team is given a machine (or small network) to defend on an isolated network. Teams are scored on both their success in defending their assigned machine and on their success in attacking other team’s machines. Depending on the nature of the particular CTF game, teams may either be attempting to take an opponent’s flag from their machine or teams may be attempting to plant their own flag on their opponent’s machine. One of the more prominent attack/defense CTFs is held every year at the well known hacker conference DefCamp where this activity is much expected every time.

So, let's go into the real subject of that article! Writeups by Me and my Team SpeedTouch (SpeedTouch Team is the Junior Team of Sudo_root which is an Algerian Capture the Flag Team).

Title: Super Secure (Junior - 1 pcts.)
Description: Oscar is more of an offline type of guy. Can you hack in his platform? 
Solution: You just have to enumerate a lot, visit everything and don't let everything go from you even CSS files because the flag of that challenge was hidden into a simple CSS file.
Flag: DCTF{76c77d557198ff760ab9866ad1261a01a7298c349617cc4557462f80500d56a7}

Title: No that kind of network (Junior - 1 pcts.)
Description: I like to write and move all around the world. But do you know my story?
Target: kingofstone.pcapng
Solution: Don't forget a great linux command line toolkit named STRINGS it is very helpful in CaptureTheFlag Challenges. It was the key to get the FLAG of that challenge with the help of a close friend GREP.
Solution: strings kingofstone.pcapng | grep DCTF
Flag: DCTF{2d9895ecea1081b2241398d1b2c94eaf5be3bfaffec1ad946ed0a68ae95f8ed9}

Title: A thousand words (Junior - 2 pcts.)
Description: I bet your eye can spot the original photo!
Solution: Same as the first one. We're dealing with lot of files, Let's string them all :-)
Solution: strings * | grep DCTF
Flag: DCTF{162d6e3865b2be32851fb8bd3cca73bdc1a052f9da75d8680c471eb45af522df}

Title: HitandSplit (Junior - 2 pcts.)
Description: Are you a forensic?
Target: splitandhit.pcapng
Solution: That challenge was easily done by using a great CLI tool by WIRESHARK. Tshark really a great and helpful toolkit! We did it by cleaning and filtering the output.
Solution: tshark -r splitandhit.pcapng -T fields -e > file.txt
Flag: DCTF{71f15f9abbd6b4f57ca13114fddef7499b34cb93b35e3ac725cd273ea40cb769}

Title: Too easy! (Junior - 1 pcts.)
Description: Ah man... I hate when I forget my password... Do you know it?
Target: looksgood.exe
Solution: Nice challenge. It was easily done by looking into the file strings and then using the password as a password for that CLI software in the terminal. We got a HEX code, you know DECODE and get your FLAG ;-)
Solution: chmod +x looksgood.exe; strings looksgood.exe | grep password
Solutionecho 'hex' | xxd -r -p
Flag: DCTF{6d6e1760c1a3ae9e4ede2457d8d24b0bcf207ea837e83dcb4d09e2d74ef958b2}

Title: Survey (Junior - 3pcts.)
Solution: Don't close the CTF Quickly ;-) There is a bonus challenge with bonus FLAG and Points always :-D
Flag: DCTF{a6a2729cbf6bcadce577a31f7f76201d5ce63c57d6c53318000d67714bb354ef}

Copyright: SpeedTouch Team.

No comments:

Post a Comment