Key: this_should_be_pretty_hard_unless_you_use_grep
Tuesday, October 2, 2012
CSAW 2012 Writeup - Forensic 500
Strange enough, this is easier than the other forensics challenges. Just run strings against the file given:
Key: this_should_be_pretty_hard_unless_you_use_grep
Key: this_should_be_pretty_hard_unless_you_use_grep
CSAW 2012 Writeup - Networking 100
Open the pcap file in wireshark -> Follow TCP stream -> the key is the telnet login password.
Key: welcome to 1969
Key: welcome to 1969
Monday, October 1, 2012
CSAW 2012 Writeup - Reversing 200
Run the binary to see if there are any messages:
This is a .net binary, so we load it up in a .net decompiler.
Here are the encrypted key bytes:
This is a .net binary, so we load it up in a .net decompiler.
Here are the encrypted key bytes:
Found the decryption routine upon further inspection:
Wrote a shell script to xor each byte with 255, decrypted message is The key is 9c09f8416a2206221e50b98e346047b7
Key: 9c09f8416a2206221e50b98e346047b7
CSAW 2012 Writeup - Reversing 100
Run the binary, and see the output:
So what we want to do is to obtain the decrypted key. Load the binary in a debugger:
From the debugger, it is shown that the program exits prematurely before it shows the decrypted key. That's easy, just put a breakpoint at the call to exit() at 0x401106, patch it with nops, and voila!
Key: welcome_to_csaw!
Another way is to load the binary in a disassembler:
Key bytes are being loaded into the buffer.
The decryption routine:
Xor the key bytes with 0xff, and we get welcome_to_csaw!
CSAW 2012 Writeup - Trivia Challenges
There were five challenges in the Trivia category, each weighs 100 points:
1) What is the first step of owning a target?
2) What is the name of the Google’s dynamic malware analysis tool for Android applications?
3) What is the x86 opcode for and al, 0×24? Put your answer in the form 0xFFFF.
4) Who was the first security researcher to publish the DEP bypass that utilized WriteProcessMemory()?
5) What is the name of Microsoft’s sophisticated distributed fuzzing system that utilizes automated debugging, taint analysis, model building, and constaint solving?
1) What is the first step of owning a target?
Key: recon
2) What is the name of the Google’s dynamic malware analysis tool for Android applications?
Refer: http://siliconangle.com/blog/2012/07/23/google-bouncer-researchers-fingerprint-androids-anti-malware-tool/
Key: bouncer
3) What is the x86 opcode for and al, 0×24? Put your answer in the form 0xFFFF.
I used msf's nasm_shell.rb to get the opcode.
Key: 0x2424
4) Who was the first security researcher to publish the DEP bypass that utilized WriteProcessMemory()?
Refer: http://seclists.org/fulldisclosure/2010/Mar/att-553/Windows-DEP-WPM.txt
Key: Spencer Pratt
5) What is the name of Microsoft’s sophisticated distributed fuzzing system that utilizes automated debugging, taint analysis, model building, and constaint solving?
Refer: http://research.microsoft.com/en-us/projects/atg/ndss2008.pdf
Key: SAGE
1) What is the first step of owning a target?
2) What is the name of the Google’s dynamic malware analysis tool for Android applications?
3) What is the x86 opcode for and al, 0×24? Put your answer in the form 0xFFFF.
4) Who was the first security researcher to publish the DEP bypass that utilized WriteProcessMemory()?
5) What is the name of Microsoft’s sophisticated distributed fuzzing system that utilizes automated debugging, taint analysis, model building, and constaint solving?
1) What is the first step of owning a target?
Key: recon
2) What is the name of the Google’s dynamic malware analysis tool for Android applications?
Refer: http://siliconangle.com/blog/2012/07/23/google-bouncer-researchers-fingerprint-androids-anti-malware-tool/
Key: bouncer
3) What is the x86 opcode for and al, 0×24? Put your answer in the form 0xFFFF.
I used msf's nasm_shell.rb to get the opcode.
Key: 0x2424
4) Who was the first security researcher to publish the DEP bypass that utilized WriteProcessMemory()?
Refer: http://seclists.org/fulldisclosure/2010/Mar/att-553/Windows-DEP-WPM.txt
Key: Spencer Pratt
5) What is the name of Microsoft’s sophisticated distributed fuzzing system that utilizes automated debugging, taint analysis, model building, and constaint solving?
Refer: http://research.microsoft.com/en-us/projects/atg/ndss2008.pdf
Key: SAGE
Subscribe to:
Posts (Atom)