Challenge: Holiday Hack 2022. Part 1. — I’ve just completed the SANS Holiday Hack Challenge for 2022, I thought it was a lot of fun this year! Here is my write up. Challenge 1 of this CTF was simply obtaining your personal crypto wallet address and key, which is done as a part of the orientation. Challenge 2 — Wireshark Practice In…

Challenge: PowerFul_Crackme — Category: reverse engineering We are given an ELF named “PowerFul_Crackme”. After opening it in IDA, you see that the program enters in main and prints “The magic string: ” with printf. It then goes on to initialize a counter at loc_11B3 from 0–9, which is stored in var_4. If the…

Challenge: Holiday Hack Objective 11b Category: pwn?? blockchain?? We are given part of a blockchain and told there is an altered block somewhere. The goal was to find the four altered bytes in the new block and change it back to their original values, or essentially, reproduce the original block…

Challenge: Holiday Hack Objective 11a — Category: pwn?? blockchain?? We are given a part of a blockchain and told to predict the nonce of block 130000. Since every block prior to the 130000th has a nonce, we can use the pseudo-randomness of these numbers to predict the future ones. …

Challenge: Phonebook — Category: web security We are given an instance of a website that requires us to login when we navigate to it. …

Challenge: Impossible Password — Category: reverse engineering We are given a file called “impossible_password.bin”. Using xxd, I looked at the header of the file and found out that it was actually an ELF which meant that it could be executed. …

Challenge: WebNet0 — Category: Forensics We are given a Wireshark packet capture file called “capture.pcap” and an RSA key called “picopico.key”. When you open capture.pcap in Wireshark you see a TLS stream that is likely to hold the flag somewhere in it. When you follow the TLS stream, you can tell that it’s…

Challenge: Investigative Reversing 3 — Category: reverse engineering and forensics We are given a binary called “mystery” and an image named “encoded.bmp”. When I opened mystery in IDA, I saw that three files were being opened, two that are being read from (flag.txt and original.bmp) and one that is being appended to (encoded.bmp). …

Challenge: messy-malloc — Category: binary exploitation We are given a binary and it’s source code called “auth” and “auth.c”. By looking at auth.c, you can tell that this program is essentially a simple authentication program. …