cubalo

NYU-Poly’s Cyber Security Awareness Week (CSAW) Capture the Flag (CTF) event was held this year from September 19-22. This CTF is geared towards undergrads looking to break into security, however the event provides some decent challenges for professionals.

Unfortunately, I wasn’t able to dedicate as much time to the contest as I would have like to due to some personal obligations but I was able to knock out quite a few challenges. The solutions and explanations follow.

Trivia 1 – 50 points

Challenge: “Drink all the booze, ____ all the things!”
Answer: hack
Explanation: Lyrics from Dual Core’s “All The Things.” http://www.youtube.com/watch?v=FoUWHfh733Y

Trivia 2 – 50 points

Challenge: “What is the abbreviation of the research published in the Hackin9 issue on nmap by Jon Oberheide, Nico Waisman, Matthieu Suiche, Chris Valasek, Yarochkin Fyodor, the Grugq, Jonathan Brossard, and Mark Dowd?”
Answer: DICKS
Explanation: The title of the Hackin9 article was “Nmap: The Internet Considered Harmful - DARPA Inference Cheking Kludge Scanning”
http://www.theregister.co.uk/2012/10/05/hakin9_silliness/

Trivia 3 – 50 points

Challenge: “What is the common name for a single grouping of instructions used in a Return Oriented Programming payload, typically ending in a return (ret) instruction?”
Answer: gadget
Explanation: http://en.wikipedia.org/wiki/Return-oriented_programming

Trivia 4 – 50 points

Challenge: “What is the new web technology that provides a web browser full-duplex communication to a web server over a single connection?”
Answer: WebSocket
Explanation: http://www.websocket.org/aboutwebsocket.html

Trivia 5 – 50 points

Challenge: “What is the x86 processor operating mode for running 64-bit code?”
Answer: long mode
Explanation: http://wiki.osdev.org/X86-64#Long_Mode

Web 1 – 100 points

Challenge: This challenge required you to “guess” the password for the admin user.
Answer: told_ya_you_wouldnt_guess_it
Method: Using a proxy such as Burp, intercept the POST when logging in and change the cookie value to “admin=true”. Once logged in, the flag will be presented.

Exploitation1 – 100 points

Challenge: An IP address and a port were provided as well as two files.
Answer: 7c1fbb502632bffa6e62ba6fa847681f
Method: Netcat to the IP/Port specified in the challenge description and then send data greater than 4096 bytes (I used A’s). This will return the flag and close the connection.

Misc. 1 – 50 points

Challenge: A PCAP file was provided.
Answer: d316759c281bf925d600be698a4973d5 –
Method: The PCAP includes Telnet traffic, so using Wireshark I followed the TCP stream and the flag was in the traffic.

Misc. 2 – 50 points

Challenge: 2 files were provided, networking.pcap and networking.pcap.process
Answer: f9b43c9e9c05be5e08ea163007af5144 –
Method: Catted the networking.pcap.process file and it was littered with the flag.