New Domain: disekt.org

Submitted by maikol on Sat, 04/14/2012 - 22:02

Our new domain is now disekt.org. Dot TK decided to take our free domain and sell it as a premium domain.

Synapse Exploit 0

Submitted by maikol on Sat, 04/21/2012 - 21:54

Given a binary that waits for user input when run:

$ /levels/level0
A
Try harder -.-'
$

Synapse Exploit 1

Submitted by maikol on Sat, 04/21/2012 - 21:54

Given a binary that takes one argument

$ /levels/level1/level1
Segmentation fault (core dumped)
$ /levels/level1/level1 disekt
you entred : disekt

Synapse Exploit 2

Submitted by maikol on Sat, 04/21/2012 - 21:54

Given a binary file.

bash-4.1$ /levels/level2/level2 
Please wait, generating random SALT
Random Salt             : 28253132
Please wait, generating Secret Key part 2
...

Synapse Exploit 3

Submitted by maikol on Sat, 04/21/2012 - 21:54

Given a binary that takes two arguments.

$ ./level3 
useage : Decrypt <string> <key_filename>

Synapse Exploit 4

Submitted by maikol on Sat, 04/21/2012 - 21:54

Given a binary that takes one argument

 $ ./level4 
useage : copy_keyfile <Reason>

pCTF challenge #17: C++5x

Submitted by blue9057 on Mon, 04/25/2011 - 13:56

AED decided to use C++ to develop their internal tools.
However, they seem to make a mistake one of their new C++ programs.
 
Exploit and get the key!
 
ssh [email protected]amalgamated.biz

pCTF Challenge #24: Calculator

Submitted by blue9057 on Mon, 04/25/2011 - 12:01

AED's summer internship program is notorious for attracting terrible programmers.
They've resorted to giving them some of the simplest projects to work on.
We expect this service that the latest 'All-Star' intern worked on all summer is no where near secure.
 
nc a9.amalgamated.biz 60124

NDH2k11 RCE 200

Submitted by jiva on Mon, 04/04/2011 - 22:31

This challenge was surprisingly simple. We were given an android .apk file. After converting the apk to a jar using dex2jar, we opening the jar with java decompiler JD. We immediately came across the following chunk of code.

ArrayList localArrayList = paramIntent.getStringArrayListExtra("android.speech.extra.RESULTS");
if ((!localArrayList.isEmpty()) && (a.b((String)localArrayList.get(0))))
{
	TextView localTextView = this.b;
	String str = a.a((String)localArrayList.get(0));
	localTextView.setText(str);
}

NDH2k11 Crypto 300

Submitted by jiva on Mon, 04/04/2011 - 21:42

"Python source code is very clear and concise, and could sometimes bring out lots of clues. This is particularly true for this challenge."

This challenge proved to be rather interesting because it validated our incessant desire to run a brute force while we look for other solutions.

The python code is very clean, but after a while the inheritance duplicity in the classes and quantity of the code becomes rather dizzying. After reading through all the code, it can really be distilled down to the following important sections:

1. (server side) network.py
 

Syndicate content
© 2010-2014 disekt - Hosted by inetric. Drupal theme by Kiwi Themes.