EMC Defenders League Attack and Defense-Goodie Server Challenge

Its been long time writing blog.Umm was working something on the chrome js console otherday and came across the challenge that was given in EMC Defenders League Attack and Defense.

The challenge was this piece of symbols:

[][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]][([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]]+[])[+[[!+[]+!+[]+!+[]]]]+([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]]]+([][[]]+[])[+[[+!+[]]]]+(![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[+!+[]]]]+([][[]]+[])[+[[+[]]]]+([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]]((![]+[])[+[[+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]+(!![]+[])[+[[+[]]]]+([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+

EMC Defenders League Attack and Defense - Goodie Server Challenge

This was a hidden challenge and no one apart from our team got it.Well the file was hidden in the source code of the main page in Goodie Server.Challenge was a Steganography challenge.

You can download the image here : logo

It was simple enough to solve the challenge in minutes by using one of the popular and basic stegno tool outguess.
command : outguess -r logo_zzzzzzzzzz.jpg logo

FLAG : 3335f2c2462c8236934bc6bdd3897a588a0dc2d8

EMCDefendersleague2013 week-1 challenge-7 solution

Files can be downloaded from here : https://db.tt/s2niLU2s

Challenge-7

Question : We have obtained an innocent looking file from our sources who confirm that there is a coded message hidden somewhere inside. Get the message!


Hint 1:Hidden in bits!

Hint 2:PE File Format

Hint 3:Hex Editor

We know that the file is a PE executable.

Now a good reverser's best tool is "strings"

Command : strings Contest7.sample

Now scroll a bit and observe this string 

0x53 0x4a 0x6a 0x58 0x65 0x66 0x61 0x52 0x53 0x7a 0x58 0x42 0x6f 0x71 0x56 0x57 0x52 0x74 0x46 0x66 0x6a 0x72 0x5a 0x73 0x78 0x75 0x64 0x76 0x43 0x54 0x48 0x62 0x63 0x55 0x6f 0x51 0x4a 0x58 0x75 0x78

now we know that its a hex string,Converting it to ASCII gave me the answer.

I dint go by the hints.but this would be a easy reversing.

here you go the flag is : SJjXefaRSzXBoqVWRtFfjrZsxudvCTHbcUoQJXux

By this week-1 questions and solutions are done.Hope you enjoyed it! Thank you..

EMCDefendersleague2013 week-1 challenge-6 solution

Files can be downloaded here :  https://db.tt/s2niLU2s
Challenge-6

Mickey Mouse loves to be in company with his friends and when they are not available, Mickey always keeps a group photo with him.

Hint 1:Hidden in bits!

Hint 2:Steganography

file name : Contest6.sample

so we know that its a zip file and when we try extracting we get a pop up for password like this :

so we need to use a zip cracker.Just a guess of range to be 4 solved it.It worked with a lucky guess.but be sure to have bigger for other similar challenges.Here is the link for zip password cracker which i used temporarily.
Zip-Password-cracker

password is : xtOQ

EMCDefendersleague2013 week-1 challenge-5 solution

Files can be downloaded from here :  https://db.tt/s2niLU2s
Challenge-5

Question : Mr. H4x0r has intercepted an attack by his friend on a website. Help Mr. H4x0r to obtain the admin password of the website from the attack log.


Hint 1:SQL Injection

Hint 2:Hash Cracking

file name : Contest5.sample

First thing to do is use file command..

result : data file

hence we know that its a data file now.opening it in gedit or notepad++ will tell you that its a log file of sql injection.

Scrolling down till the end you will find this :

Firstname::isf:1pvyjsradminpvyjsrpvyjsrs@s.compvyjsradminpvyjsradminpvyjsr2a9a4d20c6fdafa8917c8e7c3f63733fpvyjsr2013-07-22 07:43:09pvyjsr0pvyjsr:tlf:

from this we come to know that the password hash is : 2a9a4d20c6fdafa8917c8e7c3f63733f and its a md5 hash too..

A google search will give you the flag for this : 

the flag is cHDiN

EMCDefendersleague2013 week-1 challenge-4 solution

Files can be downloaded here : https://db.tt/s2niLU2s
Challenge-4

Question : Mr. H4x0r managed to sniff the HTTP traffic of his nemesis, however he is unable to figure out the credentials used by the victim to access the protected webpage.

Help Mr. H4x0r to figure out the credential for accessing the protected page.

Hint 1:Base

Hint 2:Julias Caesar

Basic thing is ?

Do a file command on the file 

result ; Contest4.sample: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)

What is the inference?

It says its a tcpdump. Hence wireshark is what you should look for.

opening it in wireshark will give you this :

lookin at the tcp dump you can analyze that the user was trying to get admin access..In the first try he used admin:1234 where it failed later he got admin access using the Credentials: nqzva:jQCNniEvTX

Now we got into the first level next as the hint says its Caesar encryption.

EMCDefendersleague2013 week-1 challenge-3 solution

File can be downloaded here : https://db.tt/s2niLU2s

Challenge 3 :
question : Everybody loves HTML. It’s good looking and all sources available. View the source, find the answer and impress us!

Hint 1:Decode and find the logic.

file name : Contest3.sample.gz

I hope you remember from my last post how to decompress a gzip file 

gzip -d Contest3.sample.gz will give you the file.

doing a file command on extracted file will tell us that its a HTML document.

file Contest3.sample

result : Contest3.sample: HTML document text

so replace Contest3.sample to Contest3.html

opening it in browser gives you this : 

the logic is to do a arithmetic calculation of a number and the result to be zero.meaning 30-10-10-10=0 ,it can be anything it can be 40-20-10-10 also

EMCDefendersleague2013 week-1 challenge-2 solution

This is a continuation of my previous blog.This is about week-1 challenge-2.

File for this challenge can be downloaded here : https://db.tt/s2niLU2s

Challenge-2

question : While performing an incident response, the team obtained a rather strange looking file. We need help in analyzing its content.

file name : Contest2.sample

This is about Firmware analysis.

doing a file command on Contest2.sample.gz shows us that its a .gzip (file Contest2.sample.gz)

result : Contest2.sample.gz: gzip compressed data, from Unix, last modified: Thu Sep 12 14:18:08 2013, max compression

hence we do gzip decompression using the command

gzip -d Contest2.sample.gz

you will get the real data file which has to be firmware analyzed.

Now download Binwalk to your linux from here : https://code.google.com/p/binwalk/downloads/detail?name=binwalk-1.2.2-1.tar.gz&can=2&q=

commands after you put this package into your Linux desktop:

Step 1 : tar -zxvf binwalk-1.2.2-1.tar.gz

step 2 : cd binwalk-1.2.2-1

step 3 : cd src

step 4 : chmod +x debian_quick_install.sh

step 5 : ./debian_quick_install.sh

step 6 : open a new terminal and type  binwalk -e Contest2.sample(this file is after decompression)

step 7 : cd _Contest2.sample.extracted/

step 8 : cat 1*

There you go you find the flag?

scroll down a bit you can see this :

Here you go: IhPEvuAKhEVMyJFCFPyN

the flag is IhPEvuAKhEVMyJFCFPyN

EMCDefendersleague2013 week-1 challenge-1 solution

Hi, this is my first write-up on CTF , hope you like it.

This is a recent CTF called EMCDefendersLeague2013 . It was nice playing the CTF. An Indian style CTF and only for Indians :-p

Anyway lets get to job. There were 3 weeks.each week has a difficulty rating,week-1 was beginner and week-2 is intermediate and week-3 was hard.Today am writing only on week-1,later i will be writing on week-2 challenges. Now lets begin!!!

All files for week-1 challenges can be downloaded here  :  https://db.tt/s2niLU2s
Week-1

Challenge-1 :
Debug Debug Debug
file name : Contest1.sample

Running the file in wine would give the flag.According to my analysis it would be because of the library which is missing in windows.Am not sure but if you run the file in wine you would be getting the flag.

Check this out :

For those who don't know about wine : http://winetools.org/
you can install it in your Linux system by just opening a terminal and typing apt-get install wine