SharifCTF 2016 We lost the Fashion Flag! (Forensics 100) Writeup

Problem In Sharif CTF we have lots of task ready to use, so we stored their data about author or creation date and other related information in some files. But one of our staff used a method to store data efficiently and left the group some days ago. So if you want the flag for this task, you have to find it yourself! Attachement: A tar.gz file Solution After unpacking the tarball we get two files: sharif_tasks.tgz and fashion.model, unpacking the tgz file gives us a directory of over 12000 data files.
Read On →

SharifCTF 2016 Uagent (Forensics 100) Writeup

Problem We think we are really cool, are we? Attachement: a pcap file Solution The pcap file contains a session of someone downloading a file over HTTP. The title suggests checking the user-agent field, which I did, as it turns out, all the HTTP Request packages have a user agent in this format: sctf-app/iVBORw0=/, which is obviously base64. So I wrote a python script to extract the base64, decode it and append to a file: from scapy.all import * from scapy.layers import http import base64 pcap = rdpcap('ragent.pcap') req = [p for p in pcap if p.haslayer(http.HTTPRequest)] png = open('flag.png', 'wb') saved = [] for p in req: if p['TCP'].seq in saved: continue saved.append(p['TCP'].seq) r = p.getlayer(http.HTTPRequest) png.write(base64.b64decode(r.fields['User-Agent'][9:-1])) png.close() Obviously I didn’t know it was a PNG at the time of writing the script, but after it was done, file told me so.
Read On →

SharifCTF 2016 Dumped (Forensics 100) Writeup

Problem In Windows Task Manager, I right clicked a process and selected “Create dump file”. I’ll give you the dump, but in return, give me the flag! Attachment: A compressed Windows process dump Solution I’m sure the creators had something very interesting in mind, however it seems they didn’t verify all the possibilities, because after extracting the xz file, I was able to run: strings RunMe.DMP | grep -E "^SharifCTF{[0-9a-f]{32}}$"
Read On →

HackIM 2016 Crypto 1 Writeup

Problem You are in this GAME. A critical mission, and you are surrounded by the beauties, ready to shed their slik gowns on your beck. On onside your feelings are pulling you apart and another side you are called by the duty. The biggiest question is seX OR success? The signals of subconcious mind are not clear, cryptic. You also have the message of heart which is clear and cryptic. You just need to use three of them and find whats the clear message of your Mind… What you must do?
Read On →

HackIM 2016 Crypto 2 Writeup

Problem Some one was here, some one had breached the security and had infiltrated here. All the evidences are touched, Logs are altered, records are modified with key as a text from book.The Operation was as smooth as CAESAR had Conquested Gaul. After analysing the evidence we have some extracts of texts in a file. We need the title of the book back, but unfortunately we only have a portion of it… Attachement: http://ctf.nullcon.net/crypto/The_extract.txt Solution Again, a very subtle hint at CAESAR’s cipher, we can use one of the online tools available, for example this one, which actually has a “guess” option, and will try to find the proper key.
Read On →

HackIM 2016 Crypto 3 Writeup

Problem After entring the luxurious condomium,you get the feel that you are in home of a yester Star. the extravagant flooring and furnishings shows the richness of this star. But where is she? There she is, lying peacefuly on her couch. See what Envy has done to her…with a perfectly well maintained attractive body she still looks sex diva, except for her face beyond recogniton. Her identity is crucial to know who killed her and why?
Read On →

HackIM 2016 Misc 2 Writeup

Problem Find out the secret key hidden in these packets! Attachement: http://ctf.nullcon.net/misc/m200-HiPs.rar Files: f101.pcap f102.pcap f103.pcap Solution We get three packet capture files, when inspecting with Wireshark, we can see they log ping requests and responses between two hosts. Upon closer inspection we see that they seem to have quite large data payloads attached, so we decided to extract and concatenate all the data from the first file. It was not immediately clear what the data was, but upon further inspection and some research, I decided to try using yEnc: from scapy.all import * from yenc import decode pcap = rdpcap('f101.pcap') f = open('f101.yenc','w') for p in pcap: if p[ICMP].type == 8: f.write(''.join(str(p[Raw]))) f.close() decode('f101.yenc', 'f101.bin') This gave us a binary file with an interesting content inside: ...snip...
Read On →

HackIM 2016 Programming 1 Writeup

Problem So you reached Delhi and now the noise in your head is not allowing you to think rationally. The Nosise in your head has origin its Origin in your Stomach. And this is a big hunger. You can finish one or probably 2 Tandoori Chicken. So where can you get the best Tandoori Chicken in Delhi? This place tweeted last week that the Tandoori Chicken it servers is like never B4.
Read On →

HackIM 2016 Programming 3 Writeup

Problem Still Hungry and unsutisfied, you are looking for more. Some more, unique un heard dishes. Then you can find one to make it your self. Its his Dish. He has his own website which is he describes as “ a social home for each of our passions”. The link to his website is on his google+ page. whats the name of his site. By the way he loves and hogs on “Onion Kheer”.
Read On →

HackIM 2016 Programming 4 Writeup

Problem One of the NullCon vidoes talked about a marvalous Russian Gift. The Vidoe was uploaded on [May of 2015] What is the ID of that youtube video. Solution Like with Programming 3, we can use Google to search for “may 2015 nullcon” and check out the Videos section, there are only 5 videos, so we can quickly find the right one. Flag: a4_PvN_A1ts