Challenges News (6 Posts)

The 2015 SANS Holiday Hack Challenge Write-Up

For the last 12 years, SANS/Counterhack offers a hacking challenge over the Christmas period. It is a great event, fun and with an increasing level of difficulty which lets everyone having a go.
This year, The 2015 SANS Holiday Hack Challenge was built around a great 8-bit retro web gaming platform where you had to run around a virtual town to find the various hacking challenges.
The plot was centered around a fictitious toy, a gnome, that everyone wanted to have in their home for Christmas. However, two kids found the toy was "behaving" strangely and something was going on.
Through the challenge you will learn that the gnomes had in fact a hidden built-in camera and were transmitting photos to 5 super gnomes (servers) by connecting to free surrounding WIFI netwo...

Hackfu2015 Challenge 7 - Solution

This is part of my write up from the Hackfu 2015 Security Challenge.

The third and last challenge I solved was surprisingly very easy, but there might have been more to it...

The instructions given were:

  • An ELF Binary file: shipbinary
  • "Your mission is to analyse the executable binary and find a way to get it to run to its completion so that it ends up spitting out the access code for the ship's central server."

  • Below is how I solved that challenge:
    We first run the following command to see all the printable/ASCII strings from the binary.
    > strings shipbinary
    Below is an extract of the most interesting result from the above command.
    Enter Decryption Code:
    Code Accepted.
    Establishing Connection to Planet Abaddon...
    out.txt -c 1 | tail -1| awk '{print $4}' | cut -d '/' -f 2
    >>[READ MORE]

    Hackfu2015 Challenge 5 - Solution

    This is part of my write up from the Hackfu 2015 Security Challenge..

    The second challenge I solved was in fact quite easy because I solved a similar one for the SANS Summer challenge in 2014 (where it took me much longer to solve the first time I came across this type of steganography!)

    The instructions given were:

  • An audio file to analyse
  • There is a hidden message in it, find it!

  • Below is how I solved that challenge:
  • Listening to the audio file only produces white noise.
  • Looking for strings added to the file does not produce anything.
  • Looking for hidden data using stenography extraction tool such as steghide does not produce anything either.

  • But, If you load the file in a windows software such as Sonic Visualizer, add a layer to show a Spectrogram ...
    >>[READ MORE]

    Hackfu Challenge 2015 - Solution for Challenge 1

    MWR ran a Security Challenge last April, unfortunately I only found out about it 3 days before the dead line! I still managed to solve 3 out of the 7 challenges and really enjoyed them.

    The first challenge was especially interesting, as I like cryptography. This was a tough one!!!

    The instructions given were

  • You are invited to a game of Poker but must find the password
  • You find a note with written "Pocket RC4"
  • You find a deck of card ordered from Ace to King with the following "couple" suits: {Diamond, Club}, {Heart and Spade}. This mean AD, AC, 2D, 2C....KH, KS
  • You find a note with the following written on it: "WEMUSTFOLLOWTHEWHITERABBITANHXJRAAZEBYYOMNWPBKGZOGY"

  • That's pretty much it! Below is how I solve this challenge and cracked the code:

    I used information on PocketRC4 f...
    >>[READ MORE]

    SANS Brochure Challenge Write-Up

    Last Summer SANS organised a security/hacking challenge through 4 of their brochures, each brochure had an “easy” challenge in the form of a hidden message to de-cipher to get a URL to the second level of each of the 4 challenges.

    Below is a brief explanation of the steps I took for the main technical challenges:

    1. Challenge 1, level 2: Alice’s encrypted file for Bob
    First you need to load the pcap file provided for that question into Wireshark, two type of traffic should catch your attention: some HTTP and SMB traffic. Doing a quick search (CTRL-F) for the string Bob in the “packet bytes” will get you to Frame 669, which is a web chat over HTTP where Alice mentions to someone that she needs to send a file to Bob and R...
    >>[READ MORE]

    A job at GCHQ?

    If you ever wanted to work for a UK secret intelligence organisation, GCHQ, they are running a contest until the 11th of December, where you need to decipher some code to get a password. Once submitted, that password will redirect you to their recruitment website.

    The password is probably “ifyoudon’twanttoworkforuswewillfindyou”…

    If you fancy your chances, here is the site:

    >>[READ MORE]