Monday, September 22, 2014

CSAW14 Noob Challenge Write-Ups

Exploitation 100, Reverse Engineering 100, 200, and Forensics 100 can all be solved by running strings, the key will be plainly visible. RE100 is slightly evil though, if you actually run it, it will start a fork bomb.

The solution to Exploitation 200 can be found by googling "breaking out of python sandbox". You'll end up at https://isisblogs.poly.edu/2012/10/26/escaping-python-sandboxes/ and after scrolling down a bit you will find the exact command you need to enter to get the flag.

Forensics 200-sftp's solution is to simply extract the ZIP file data out of the plain ftp stream, inside is a flag.png which contains the flag.

Forensics 200-Obscurity can be solved by uploading the PDF to Google Docs and converting it to a Google doc. The hidden text which contains the key will be clearly visible at the bottom of the document.

Networking 100's flag is clearly visible in the telnet stream in the pcap. Most people got hung up because they thought the flag would be in the BitTorrent traffic.

No comments:

Post a Comment