Lonely Island was one of the tasks on FAUST CTF 2021.
This task was a multiplayer FPS game based on Godot engine. This is something you don’t see on CTFs often, let alone on attack-defense ones. One notable example I can think of is Pwn Adventure on Ghost in the Shellcode CTF many years ago. Although Pwn Adventure was considerably more complex, it was a jeopardy competition, and yet Lonely Island appeared on an attack-defense CTF.
We’ve recently participated in Faust 2020 as part of MoreBushSmokedWhackers team and took the first place. We were first to solve the IPPS service (which was also the first blood of the game as a whole). This blog post covers the service itself, the vulnerabilities and the exploitation details.
We are given a binary implementing some cryptographic scheme, a public key, and an encrypted flag. After some reverse engineering in IDA, we could restore the scheme, which can be described as follows:
In our previous blog post, my teammate Emil has already published a solution for Master of PHP, however, I still want to share another way of solving this challenge, because I think it is quite interesting as well, and it doesn’t require usage of bug that was implanted into no_realworld_php. Instead, in this post we will use recently discovered curl 1-day to achieve stable code execution on the remote host.
Caidanti was a reverse/pwn task with two flags.
The task had two binaries -
caidanti-storage-service, running on Google’s Fuchsia operating system, which is currently under active development.
printf was a pretty typical pwn task: you get binary, libc, network address, and you have to gain an RCE. The vulnerability is an unsafe
allocawhich allows one to cross the gap between stack and libraries.
Unknocking was a networking task on CyBRICS CTF 2019 quals.
DevMaster 8000 and DevMaster 8001 were sandbox challenges on Google CTF 2019 quals.
This is a RCE-as-a-service that runs COBOL code encoded in punch card images upladed by user. Hard parts are generating valid punch card images with desired code and writing COBOL that runs shellcode using available charset. Patch is
chmod -r data(disable listing in service data dir as flags are in randomly-named files).
“If on a winters night a traveler” was a pwn task on 0CTF/TCTF Quals 2019. You have to pwn a custom buggy encryption algorithm for Vim.
refrain was a misc task at 0CTF/TCTF Quals 2019 where you had to reconstruct input data from a program trace.
Sixology was a reverse task which 2 teams managed to solve during the CTF. You can find summary section (TL;DR) as well as some links in the end of write-up.
Elastic cloud compute (memory) corruption (or EC3 for short) was a binary pwn task on recent DEF CON CTF 2018 Quals.
We are given an
x86_64ELF binary and remote server address. The goal is to gain remote execution and read the flag.
“slot machine” was a hardware task in the reverse-engineering category on Google CTF Finals 2017, which took place in Zurich back in October 2017.
subscribe via RSS