あまり余裕はないけどとりあえずエントリーはしてみた。
Title
Genre
Point
Vigenere
Crypto
100
VoIP
Forensics
100
Memory Analysis
Forensics
100
biscuiti
Web, Crypto
300
chat
Exploit
500
cheer msg
Exploit
100
Anti-Debugging
Binary
100
basiq
Web
100
jmper
Exploit
300
mboard
Exploit
500
AlphaComplex1
Crypto
300
PNG over Telegraph
Crypto
300
tinypad
Exploit
300
logger
Exploit
300
pppppoxy
Web
200
ropsynth
Binary
400
microcomputer
Binary
500
Backpacker’s Capricious Cipher
Crypto
200
uncomfortable web
Web
300
randomware
Forensics
300
checker
Exploit
300
Missile
Exploit
400
Obfuscated AES
Binary, Crypto
500
Retrospective
Binary
200
Lost Decryption
Binary, Crypto
200
shopping
Exploit
400
AlphaComplex2 [LAST]
Crypto
500
Vigenere
k: ????????????
p: SECCON{???????????????????????????????????}
c: LMIG}RPEDOEEWKJIQIWKJWMNDTSR}TFVUFWYOCBAJBQ
k=key, p=plain, c=cipher, md5(p)=f528a6ab914c1ecf856a1d93103948fe
|ABCDEFGHIJKLMNOPQRSTUVWXYZ{}
-+—————————-
A|ABCDEFGHIJKLMNOPQRSTUVWXYZ{}
B|BCDEFGHIJKLMNOPQRSTUVWXYZ{}A
C|CDEFGHIJKLMNOPQRSTUVWXYZ{}AB
D|DEFGHIJKLMNOPQRSTUVWXYZ{}ABC
E|EFGHIJKLMNOPQRSTUVWXYZ{}ABCD
F|FGHIJKLMNOPQRSTUVWXYZ{}ABCDE
G|GHIJKLMNOPQRSTUVWXYZ{}ABCDEF
H|HIJKLMNOPQRSTUVWXYZ{}ABCDEFG
I|IJKLMNOPQRSTUVWXYZ{}ABCDEFGH
J|JKLMNOPQRSTUVWXYZ{}ABCDEFGHI
K|KLMNOPQRSTUVWXYZ{}ABCDEFGHIJ
L|LMNOPQRSTUVWXYZ{}ABCDEFGHIJK
M|MNOPQRSTUVWXYZ{}ABCDEFGHIJKL
N|NOPQRSTUVWXYZ{}ABCDEFGHIJKLM
O|OPQRSTUVWXYZ{}ABCDEFGHIJKLMN
P|PQRSTUVWXYZ{}ABCDEFGHIJKLMNO
Q|QRSTUVWXYZ{}ABCDEFGHIJKLMNOP
R|RSTUVWXYZ{}ABCDEFGHIJKLMNOPQ
S|STUVWXYZ{}ABCDEFGHIJKLMNOPQR
T|TUVWXYZ{}ABCDEFGHIJKLMNOPQRS
U|UVWXYZ{}ABCDEFGHIJKLMNOPQRST
V|VWXYZ{}ABCDEFGHIJKLMNOPQRSTU
W|WXYZ{}ABCDEFGHIJKLMNOPQRSTUV
X|XYZ{}ABCDEFGHIJKLMNOPQRSTUVW
Y|YZ{}ABCDEFGHIJKLMNOPQRSTUVWX
Z|Z{}ABCDEFGHIJKLMNOPQRSTUVWXY
{|{}ABCDEFGHIJKLMNOPQRSTUVWXYZ
}|}ABCDEFGHIJKLMNOPQRSTUVWXYZ{
Vigenere cipher
https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher
VoIP
Extract a voice.
The flag format is SECCON{[A-Z0-9]}.
voip.pcap
Memory Analysis
Find the website that the fake svchost is accessing.
You can get the flag if you access the website!!
memoryanalysis.zip
The challenge files are huge, please download it first.
Hint1: http://www.volatilityfoundation.org/
Hint2: Check the hosts file
password: fjliejflsjiejlsiejee33cnc
biscuiti
Can you login as admin?
http://biscuiti.pwn.seccon.jp/
biscuiti.zip
Note: You should estimate that exploits cost an hour.
chat
Host : chat.pwn.seccon.jp
Port : 26895
chat (SHA1 : 6a60392ff43764570a1ea32de00ac6124469af0c)
libc-2.19.so (SHA1 : 8674307c6c294e2f710def8c57925a50e60ee69e)
cheer msg
Host : cheermsg.pwn.seccon.jp
Port : 30527
cheer_msg (SHA1 : a89bdbaf3a918b589e14446f88d51b2c63cb219f)
libc-2.19.so (SHA1 : c4dc1270c1449536ab2efbbe7053231f1a776368)
Anti-Debugging
Reverse it.
bin
may some AV will alert,but no problem.
Anti-Debugging
Reverse it.
bin
may some AV will alert,but no problem.
basiq
What is admin’s password?☺
http://basiq.pwn.seccon.jp
jmper
Host : jmper.pwn.seccon.jp
Port : 5656
jmper (SHA1 :78e21967c2de5988876df938559a850e24a000af)
libc-2.19.so (SHA1 :8674307c6c294e2f710def8c57925a50e60ee69e)
mboard
Host : mboard.pwn.seccon.jp
Port : 8273
Execute command : ./mvees_sandbox –replicas=1 –level=2 –out-limit=8192 –deny=11 ./mboard 2>&1
mboard.zip
mboard (SHA1 : cbd1701364cd7a41208cf4fd3cd5e82269f65b27)
mvees_sandbox (SHA1 : 38188bb110a74fb5641a3b51386d73c0d9ab0ed1)
libc-2.19.so (SHA1 : c4dc1270c1449536ab2efbbe7053231f1a776368)
Alpha Complex 1
Mission: Decrypt ac1.pwn.seccon.jp:31337
AlphaComplex1.zip
PNG over Telegraph
Analyze signal in this video.
You will able to get PNG, if you success to decode it.
VIDEO
Host : tinypad.pwn.seccon.jp
Port : 57463
Heap Fun as a Service!
tinypad (SHA1 : 0e6d01f582e5d8f00283f02d2281cc2c661eba72)
libc-2.19.so (SHA1 : 8674307c6c294e2f710def8c57925a50e60ee69e)
logger
Host : logger.pwn.seccon.jp
Port : 6565
logger (SHA1 : fee7140cb33d79c0406de49f7f8985fd459468ea)
libc-2.19.so (SHA1 : 8674307c6c294e2f710def8c57925a50e60ee69e)
pppppoxy
Log in as admin and get the flag
pppppoxy.zip.
ropsynth
ropsynth.pwn.seccon.jp:10000
Read “secret” and output the content such as the following code.
==
fd = open(“secret”, 0, 0);
len = read(fd, buf, 256);
write(1, buf, len);
==
dist.tgz
microcomputer
Remote debugging of a micro computer.
The server is running on GDB simulator with special patch.
* Connect to the server.
$ telnet micro.pwn.seccon.jp 10000
$ echo ‘+$g#67+’ | nc micro.pwn.seccon.jp 10000
A long connection is disconnected automatically.
* Read “flag.txt” on current directory.
Reference:
* Assembly samples for many architectures
cross-20130826.zip
ref: http://kozos.jp/books/asm/cross-20130826.zip
See the assembly samples.
$ unzip cross-20130826.zip
$ cd cross/sample
$ ls *.d
See the sample programs running on GDB simulator.
$ cd cross/exec
$ ls *.d
Backpacker’s Capricious Cipher
Today’s cipher is here.
capricious_cipher.zip
uncomfortable web
Attack to http://127.0.0.1:81/authed/ through the uploaded script at http://uncomfortableweb.pwn.seccon.jp/.
Get the flag in the database!
randomware
My PC suddenly got broken. Could you help me to recover it please?
NOTE: The disk can be virus-infected. DO NOT RUN any programs extracted from the disk outside of sandbox.
disk.qcow2.zip
Challenge files is huge, please download it first. Password will release after 60min.
password: h9nn4c2955kik9qti9xphuxti
checker
Host : checker.pwn.seccon.jp
Port : 14726
checker (SHA1 : 576202ccac9c1c84d3cf6c2ed0ec4d44a042f8ef)
Host : missile.pwn.seccon.jp
Port : 9999
Missile (SHA1 : 0bcb9fb57431ca8c459d346d8ede376510da433a)
Obfuscated AES
Decrypt it.
OAES.zip
Retrospective
Reverse it.
file
Lost Decryption
I created my own cipher and encrypted the very important file.
However, I lost the decryption program because of file system error, so now I cannot read the file.
Please help me.
lost_decryption.zip
shopping
Host : shopping.pwn.seccon.jp
Port : 16294
shopping (SHA1 : c2e27cb9cefe7c08b52d5849bf39017cfcd38efb)
libc-2.19.so (SHA1 : 8674307c6c294e2f710def8c57925a50e60ee69e)
Alpha Complex 2
Mission: Decrypt the cipher.
AlphaComplex2.zip