duksctf

Bunch of sec. enthusiasts who sometimes play CTF

Y-Not-CTF - SmS Secret Secure Server - Crypto

We’re given a ssh username, server ip and public key using ECDSA, along with a _very secure RNG_ python script used to generate the ECDSA key. Exploiting a weakness in the RNG, we can enumerate all possible keys and find the private key to log on the server.

Read More

Y-Not-CTF - BlackBox

The binary ask for a password and use RunPE technic to create a new process. Two technic can be used, first is to dump the PE when the program copy it, second is to break on SetThreadContext and put a breakpoint on the new entrypoint.

Read More

GoogleCTF 2017 - Rubik

An interactive server implements a login challenge with a variant of Diffie-Hellman on the group of permutations of the Rubik’s cube. After computing a discrete logarithm on this (non-abelian) group, we can compute the handshake to log in as admin and obtain the flag.

Read More

Google CTF 2017 - Counting (RE)

We’re given two files: an ELF binary counter, and some data code. The goal of the challenge is then to find the output of ./counter 9009131337. Keywords: reverse engineering, virtual machine, hailstone sequence, fibonnaci modulo

Read More

PlaidCTF 2017 - Echo

We’re given a webapp performing text2speech on a maximium of 4 tweets. Exploiting an remote command injection in the dockerized script generating the audio allows to decode remotely the flag before exfiltrating it using text2speech.

Read More

PlaidCTF 2017 - FHE

The flag is encrypted with ElGamal and an additional layer of custom fully-homomorphic encryption. We can recover the FHE key under known-message attack by solving a linear system. The group used for ElGamal is weak (its order has small prime factors), so we can compute a discrete logarithm to recover the secret exponent and decrypt the flag.

Read More

PlaidCTF 2017 - Multicast

The same flag is encrypted 5 times with RSA small public exponent and linear padding. The generalization of Håstad’s broadcast attack and the Coppersmith method allow to recover the flag.

Read More

Make IDA Pro Great Again

In this post I will explain a neat way to use our own python, Qt 5.6, PyQt 5.6 version with IDA Pro, then how to use a chrooted Arch Linux 32bit to run IDA Pro in order not to pollute our host with pesky lib32-XX packages and Finally I will document installation and configuration of some useful IDA Pro plugins.

Read More

AlexCTF 2017 - unVM me

A Python byte code file was provided without the source code. After its decompilation, we noticed that each 5-byte slice of the flag was hash with MD5 and compared. After brute forcing the hashes contained in the file we got the flag.

Read More

AlexCTF 2017 - Bring weakness

A sever shows us random looking numbers and we have to predict the output of the next number. The numbers were generated using a linear congruential generator. Using the Marsaglia method we were ale to fully recover the parameters of the PRNG and thus predict the number sequence.

Read More

AlexCTF 2017 - Packed Movement

Elf binary asking for a flag. The binary was packed by UPX then poorly obfusctated using the movfusator, just looking at the assembly, a mov R2, 0xXX pattern appears, using a ida script to grab all mov R2 yield the flag.

Read More

AlexCTF 2017 - Catalyst System

Elf binary asking for username/password, the username is used to compute a seed to srand, which then get use to substract rand() with every 4 bytes of the password.

Read More

AlexCTF 2017 - Unknown Format

We received a USB PCAP of an update transaction between a computer and Amazon Kindle. After reconstructing the update, we used a tool called KindleTool in order to deobfuscate the binary, then we used some python code to inflate the malformed gzip inside.

Read More

TUM CTF 2016 - haggis

The challenge is to create a plaintext with a given prefix that will result in a AES CBC-MAC mode using PKCS#7 padding.

Read More

DEFCON qualifiers 2016 - heapfun4u

This challenge is about a binary with a custom implemented heap. With a use after free, it is possible to corrupt the double linked free list and have the address of a chunk written at an arbitrary address. With that we overwrite the saved return pointer with the address of the shellcode and pop a shell.

Read More

DEFCON qualifiers 2016 - Baby-re

Remote binary asks for 13 values, looking at the binary we find out that the condition is a system of linear equations over 32-bit signed integers. We find the equations from the binary and solve them to find the unique solution.

Read More

TU CTF 2016 - Secure Auth

To authenticate on a server we had to provide a message signed with a RSA private key. Hopefully the server allows us to sign any message except the one requested with the same key.

Read More

Plaid CTF 2016 - fixedpoint

Here is another solution to a pwn challenge. They are no vulnerability per say, but a rather interesting way of getting code execution through floating point arithmetics.

Read More

Plaid CTF 2016 - Butterfly

Here is a solution to the second pwn challenge butterfly. This is not your usual buffer overflow, but rather a nice demonstration on how bit flips can be dangerous!

Read More

Plaid CTF 2016 - Kriptovor

Kriptovor is a real ransomware, we analyzed the pcap, found the privatekey in the second email send by the malware, we then installed Delphi and use the lockbox3 library to decrypt with the RSA private key the AES key that was used to encrypt the flag.

Read More

Plaid CTF 2016 - Morset

After connecting to a socket, we received some character that looks like morse code. We use a python script to decode it, then it looks like base36, we decode it and we found a string asking us to send the sha256 of it. We send it back using the same encoding scheme which gave us the flag.

Read More

Nuit du hack quals 2016 - Invest

We received a invest.pcapng file which contains a schematic, encrypted files and a binary chain. Once the binary chain was passed in the schematic we obtained a password to decrypt with OpenSSL the files. The resulting file is a Word document with the Flag inside.

Read More

Nuit du hack quals 2016 - Catch me if you can

The task is a usb pcap where two files were transfered. The trick was to take each odd packet number and take 0x708 of each to create the first file, use the even for the 2nd file. We were left with two Libreoffice ods file. In the 2nd one, we found a table and a weird alphabetic suite which used against the table give us the flag.

Read More

Insomni'hack 2016 - Pcapbleeding

We got a pcap, the problem was obvious from the challenge name (heartbleed). Given the RSA-2048 pubkey we sought for prime numbers of around 1024 bits in the pcaps, then reconstructed the private key and used it to decrypt the encrypted part of the session, which contained the flag.

Read More

Insomni'hack 2016 - Microwave

The microwave application is used to let your microwave tweets you favorite food. We identified two vulnerabilities in the binary: a string format and a buffer overflow. The string format allowed us to leak the canary and some addresses of the libc. Those were then used to exploit the buffer overflow and access the flag.

Read More