CaptureTheFlag

CaptureTheFlag

From Hack.lu 2010

Jump to: navigation, search

This year's CTF contest will be held by FluxFingers, the CTF Team of Ruhr-Universit├Ąt Bochum (Germany).

FluxFingers have been participating in CTFs since 2007 and are excited to organize their first CTF at hack.lu. The CTF will be challenge-based, similair to e.g. DEFCON Quals, Codegate etc.

Topics include (among others): web security, cryptography, reverse engineering and forensic.

If you have any questions, don't hesitate contacting us at our booth. We might even give you some hints for free beer.

Contents

CTF is over, where do I find a mirror?

Scoreboard
Challenges

General Information for the CTF

Ahoy me Landlubbers! The fluxfingers are proud to announce the start of this years' HACK.LU CTF. Some tweet might have already indicated, that it's going to be all about pirates, yarr! We hope that you'll enjoy the CTF and wish you the best luck with looting all the hidden doubloons.


Step 0: Try to remember the SHA1 fingerprint by heart (See [1]) You should be sure that you are connecting to our site and *our site only*. Especially local teams wouldn't want anyone to steal their flags, right?

Step 1: Register You will have to sign up your team manually on the ctf web page. Local teams are highly encouraged to visit us at our booth near the entrance to ensure being flagged as a local team (see Step 3). Also, notice that there is an announcement page which will also be used to give out hints regarding yet unsolved challenges.

Step 2: Solve as many challenges as possible :)

Step 3: Profit! The award ceremony will be held locally, so completely remote teams will not be able to receive a price and will receive a nice hack.lu t-shirt per mail instead ;). Still you will be having a lot of fun - we promise! Also, have you heard about the prices? Among the prices are an Amazon Kindle, and iPad and so on.. :)


Be sure to visit us on IRC for the latest updates: #ctf / hack.lu

Reminder: The ctf goes from Wed, 27th Oct 11am (CEST) to Fri, 29th Oct 11am CEST (this is in about 20 minutes from now)


Cheers, team fluxfingers

P.S.: We will highly appreciate constructive criticism and are happy to fix all the fuck-ups you will report :)


CTF Dates and Time Information

- Start of the CTF:   27th October, around 11:00 (CEST)
- End of the CTF:     29th October, around 11:00 (CEST)

hack.lu CTF Registration is Open

This years Capture-The-Flag (CTF) contest of the hack.lu conference will also be open for remote participants. However there will be only a limited amount of teams accepted for remote participation so don't hesitate to register as early as possible. To do so, please subscribe to the mailing list of the CTF: http://fluxfingers.net/mailman/listinfo/hacklu-ctf Please, use your team-name to register, and only one subscription per team. Once accepted, you will be provided with more information.
--Fluxfingers 22:00, 5 October 2010 (UTC)

Registration

The registration for the online CTF will start on 5th October at 22:00 UTC. There will be a limited number of slots available. Teams playing from the Conference don't need to register now.

Solution for the Second Challenge

Here you go: http://reversing.it/solutions.zip

The Second Challenge [Solved by Nibbles]

hack.lu Access Control System v1.0

Here is a hint for the *bonus* challenge:

We're looking for a "golden" key-file that is valid for every name. No BOFs or the like involved.  Though its not just math.

GOALS:

 1P (easy): "d|?-c:e;(RJ+o`ci"?!
 2P (medium): Somebody lost their key. Find any valid name for flux.key and log-in!
 +0.5P for an unsuspicious "forename surname" solution.
 3P (medium): Log-in with a key containing the string "hack.l00"! 
 5P (hard): Write a keygen for this application!
 5P (*bonus*): Rumors have it: Some secret agency backdoored the hack.lu Access Control System!! 0_0
 Find out the truth!

Can you trick the hACS?
Mail your solutions to hacklu@fluxfingers.net and win free access to hack.lu 2010!
Download: http://reversing.it/hackluAppetizer1.zip

The most points in fastest time submitted will be rewarded with one free entrance to the conference.
You have exactly one (1) week (12th September 00:00) to solve the challenge and send us your solution.

Love-letters, complains, bugs and cookies to hacklu@fluxfingers.net please.
Have fun an good luck
--Fluxfingers 22:00, 5 September 2010 (UTC)

Solution for the First Challenge

It was a substitution cipher where every char got replaced with another and the substitution was case-sensitive. Here is the resulting clear-text:

Alice was beginning to get very tired of sitting by her sister on the
bank, and of having nothing to do: once or twice she had peeped into the
book her sister was reading, but it had no pictures or conversations in
it, 'and what is the use of a book,' thought Alice 'without pictures or
conversation?'
So she was considering in her own mind (as well as she could, for the
hot day made her feel very sleepy and stupid), whether the pleasure
of making a daisy-chain would be worth the trouble of getting up and
picking the daisies, when suddenly a White Rabbit with pink eyes ran
close by her.
There was no thing so VERY remarkable in that; nor did Alice think it so
VERY much out of the way to hear the Rabbit say to itself, 'Oh dear!
Oh dear! I shall be late!' (when she thought it over afterwards, it
occurred to her that she ought to have wondered at this, but at the time
it all seemed quite natural); but when the Rabbit actually TOOK A WATCH
OUT OF ITS WAISTCOAT-POCKET, and looked at it, and then hurried on,
Alice started to her feet, for it flashed across her mind that she had
never before seen a rabbit with either a waistcoat-pocket, or a watch
to take out of it, and burning with curiosity, she ran across the field
after it, and fortunately was just in time to see it pop down a large
rabbit-hole under the hedge.
In another moment down went Alice after it, never once considering how
in the world she was to get out again.
The rabbit-hole went straight on like a tunnel for some way, and then
dipped suddenly down, so suddenly that Alice had not a moment to think
about stopping herself before she found herself falling down a very deep
well.
Either the well was very deep, or she fell very slowly, for she had
plenty of time as she went down to look about her and to wonder what was 
going to happen next. First, she tried to look down and make out what
she was coming to, but it was too dark to see anything; then she
looked at the sides of the well, and noticed that they were filled with
cupboards and book-shelves; here and there she saw maps and pictures
hung upon pegs. She took down a jar from one of the shelves as
she passed; it was labelled 'ORANGE MARMALADE', but to her great
disappointment it was empty: she did not like to drop the jar for fear
of killing somebody, so managed to put it into one of the cupboards as
she fell past it.
'Well!' thought Alice to herself, 'after such a fall as this, I shall
think nothing of tumbling down stairs! How brave they'll all think me at
home! Why, I wouldn't say anything about it, even if I fell off the top
of the house!' (Which was very likely true.)
Down, down, down. Would the fall NEVER come to an end! 'I wonder how
many miles I've fallen by this time?' she said aloud. 'I must be getting
somewhere near the centre of the earth. Let me see: that would be four
thousand miles down, I think--' (for, you see, Alice had learnt several
things of this sort in her lessons in the schoolroom, and though this  
was not a VERY good opportunity for showing off her knowledge, as there
was no one to listen to her, still it was good practice to say it over)
'--yes, that's about the right distance--but then I wonder what Latitude
or Longitude I've got to?' (Alice had no idea what Latitude was, or
Longitude either, but thought they were nice grand words to say.)
Presently she began again. 'I wonder if I shall fall right THROUGH the
earth! How funny it'll seem to come out among the people that walk with
their heads downward! The Antipathies, I think--' (she was rather glad
there WAS no one listening, this time, as it didn't sound at all the
right word) '--but I shall have to ask them what the name of the country
is, you know. Please, Ma'am, is this New Zealand or Australia?' (and
she tried to curtsey as she spoke--fancy CURTSEYING as you're falling
through the air! Do you think you could manage it?) 'And what an
ignorant little girl she'll think me for asking! No, it'll never do to
ask: perhaps I shall see it written up somewhere.' 

Challenges

The first challenge has already been solved. (See below)
The second (and last) challenge is now online.
More News regarding this will be announced here and on twitter

Registrations

The CTF will be open to a limited number of teams. The registration procedure will be published in the beginning of September.

Misc

Feel free to join our IRC channel:

 Server: hack.lu
 Channel: #ctf


First Challenge [Solved by ENOFLAG]

Break this cipher:

Qo/EAP3+hPmA!/cc/c!PTUP!ATP'Aq9PT/qA$PU#Ph/TT/c!Pm9P6AqPh/hTAqPUcPT6APPm+c-wP+c$PU#P6+'/c!PcUT6/c!PTUP$U5PUcEAPUqPT3/EAPh6AP6+$PJAAJA$P/cTUPT6APPmUU-P6AqPh/hTAqP3+hPqA+$/c!wPmjTP/TP6+$PcUPJ/ETjqAhPUqPEUc'Aqh+T/UchP/cPP/TwPi+c$P36+TP/hPT6APjhAPU#P+PmUU-wiPT6Uj!6TPQo/EAPi3/T6UjTPJ/ETjqAhPUqPPEUc'Aqh+T/UcbiPP4UPh6AP3+hPEUch/$Aq/c!P/cP6AqPU3cPO/c$PF+hP3AooP+hPh6APEUjo$wP#UqPT6APP6UTP$+9PO+$AP6AqP#AAoP'Aq9PhoAAJ9P+c$PhTjJ/$LwP36AT6AqPT6APJoA+hjqAPPU#PO+-/c!P+P$+/h9yE6+/cP3Ujo$PmAP3UqT6PT6APTqUjmoAPU#P!ATT/c!PjJP+c$PPJ/E-/c!PT6AP$+/h/AhwP36AcPhj$$Aco9P+P:6/TAP%+mm/TP3/T6PJ/c-PA9AhPq+cPPEoUhAPm9P6AquPP(6AqAP3+hPcUT6/c!PhUP02%?PqAO+q-+moAP/cPT6+T@PcUqP$/$PQo/EAPT6/c-P/TPhUPP02%?POjE6PUjTPU#PT6AP3+9PTUP6A+qPT6AP%+mm/TPh+9PTUP/ThAo#wPik6P$A+qrPPk6P$A+qrPBPh6+ooPmAPo+TAriPF36AcPh6APT6Uj!6TP/TPU'AqP+#TAq3+q$hwP/TPPUEEjqqA$PTUP6AqPT6+TPh6APUj!6TPTUP6+'AP3Uc$AqA$P+TPT6/hwPmjTP+TPT6APT/OAPP/TP+ooPhAAOA$P]j/TAPc+Tjq+oL@PmjTP36AcPT6AP%+mm/TP+ETj+oo9P(kk)PQP:Q(N\PPk&(Pk*PB(4P:QB4(NkQ(yxkN)2(wP+c$PoUU-A$P+TP/TwP+c$PT6AcP6jqq/A$PUcwPPQo/EAPhT+qTA$PTUP6AqP#AATwP#UqP/TP#o+h6A$P+EqUhhP6AqPO/c$PT6+TPh6AP6+$PPcA'AqPmA#UqAPhAAcP+Pq+mm/TP3/T6PA/T6AqP+P3+/hTEU+TyJUE-ATwPUqP+P3+TE6PPTUPT+-APUjTPU#P/TwP+c$Pmjqc/c!P3/T6PEjq/Uh/T9wPh6APq+cP+EqUhhPT6AP#/Ao$PP+#TAqP/TwP+c$P#UqTjc+TAo9P3+hPWjhTP/cPT/OAPTUPhAAP/TPJUJP$U3cP+Po+q!APPq+mm/Ty6UoAPjc$AqPT6AP6A$!AuPPBcP+cUT6AqPOUOAcTP$U3cP3AcTPQo/EAP+#TAqP/TwPcA'AqPUcEAPEUch/$Aq/c!P6U3PP/cPT6AP3Uqo$Ph6AP3+hPTUP!ATPUjTP+!+/cuPP(6APq+mm/Ty6UoAP3AcTPhTq+/!6TPUcPo/-AP+PTjccAoP#UqPhUOAP3+9wP+c$PT6AcPP$/JJA$Phj$$Aco9P$U3cwPhUPhj$$Aco9PT6+TPQo/EAP6+$PcUTP+POUOAcTPTUPT6/c-PP+mUjTPhTUJJ/c!P6AqhAo#PmA#UqAPh6AP#Ujc$P6AqhAo#P#+oo/c!P$U3cP+P'Aq9P$AAJPP3AoouPP2/T6AqPT6AP3AooP3+hP'Aq9P$AAJwPUqPh6AP#AooP'Aq9PhoU3o9wP#UqPh6AP6+$PPJoAcT9PU#PT/OAP+hPh6AP3AcTP$U3cPTUPoUU-P+mUjTP6AqP+c$PTUP3Uc$AqP36+TP3+hPP!U/c!PTUP6+JJAcPcA_TuP*/qhTwPh6APTq/A$PTUPoUU-P$U3cP+c$PO+-APUjTP36+TPPh6AP3+hPEUO/c!PTUwPmjTP/TP3+hPTUUP$+q-PTUPhAAP+c9T6/c!@PT6AcPh6APPoUU-A$P+TPT6APh/$AhPU#PT6AP3AoowP+c$PcUT/EA$PT6+TPT6A9P3AqAP#/ooA$P3/T6PPEjJmU+q$hP+c$PmUU-yh6Ao'Ah@P6AqAP+c$PT6AqAPh6APh+3PO+JhP+c$PJ/ETjqAhPP6jc!PjJUcPJA!huP46APTUU-P$U3cP+PW+qP#qUOPUcAPU#PT6APh6Ao'AhP+hPPh6APJ+hhA$@P/TP3+hPo+mAooA$Pik%QC[2PRQ%RQeQG2iwPmjTPTUP6AqP!qA+TPP$/h+JJU/cTOAcTP/TP3+hPAOJT95Ph6AP$/$PcUTPo/-APTUP$qUJPT6APW+qP#UqP#A+qPPU#P-/oo/c!PhUOAmU$9wPhUPO+c+!A$PTUPJjTP/TP/cTUPUcAPU#PT6APEjJmU+q$hP+hPPh6AP#AooPJ+hTP/TuPPi:AooriPT6Uj!6TPQo/EAPTUP6AqhAo#wPi+#TAqPhjE6P+P#+ooP+hPT6/hwPBPh6+ooPPT6/c-PcUT6/c!PU#PTjOmo/c!P$U3cPhT+/qhrP\U3Pmq+'APT6A9iooP+ooPT6/c-POAP+TPP6UOArP:69wPBP3Ujo$ciTPh+9P+c9T6/c!P+mUjTP/TwPA'AcP/#PBP#AooPU##PT6APTUJPPU#PT6AP6UjhAriPF:6/E6P3+hP'Aq9Po/-Ao9PTqjAuLPPGU3cwP$U3cwP$U3cuP:Ujo$PT6AP#+ooPC202%PEUOAPTUP+cPAc$rPiBP3Uc$AqP6U3PPO+c9PO/oAhPBi'AP#+ooAcPm9PT6/hPT/OAbiPh6APh+/$P+oUj$uPiBPOjhTPmAP!ATT/c!PPhUOA36AqAPcA+qPT6APEAcTqAPU#PT6APA+qT6uPeATPOAPhAA5PT6+TP3Ujo$PmAP#UjqPPT6Ujh+c$PO/oAhP$U3cwPBPT6/c-yyiPF#UqwP9UjPhAAwPQo/EAP6+$PoA+qcTPhA'Aq+oPPT6/c!hPU#PT6/hPhUqTP/cP6AqPoAhhUchP/cPT6APhE6UUoqUUOwP+c$PT6Uj!6PT6/hPP3+hPcUTP+P02%?P!UU$PUJJUqTjc/T9P#UqPh6U3/c!PU##P6AqP-cU3oA$!AwP+hPT6AqAPP3+hPcUPUcAPTUPo/hTAcPTUP6AqwPhT/ooP/TP3+hP!UU$PJq+ET/EAPTUPh+9P/TPU'AqLPPiyy9AhwPT6+TihP+mUjTPT6APq/!6TP$/hT+cEAyymjTPT6AcPBP3Uc$AqP36+TPe+T/Tj$APPUqPeUc!/Tj$APBi'AP!UTPTUbiPFQo/EAP6+$PcUP/$A+P36+TPe+T/Tj$AP3+hwPUqPPeUc!/Tj$APA/T6AqwPmjTPT6Uj!6TPT6A9P3AqAPc/EAP!q+c$P3Uq$hPTUPh+9uLPPxqAhAcTo9Ph6APmA!+cP+!+/cuPiBP3Uc$AqP/#PBPh6+ooP#+ooPq/!6TP(\%k&[\PT6APPA+qT6rP\U3P#jcc9P/TiooPhAAOPTUPEUOAPUjTP+OUc!PT6APJAUJoAPT6+TP3+o-P3/T6PPT6A/qP6A+$hP$U3c3+q$rP(6APQcT/J+T6/AhwPBPT6/c-yyiPFh6AP3+hPq+T6AqP!o+$PPT6AqAP:Q4PcUPUcAPo/hTAc/c!wPT6/hPT/OAwP+hP/TP$/$ciTPhUjc$P+TP+ooPT6APPq/!6TP3Uq$LPiyymjTPBPh6+ooP6+'APTUP+h-PT6AOP36+TPT6APc+OAPU#PT6APEUjcTq9PP/hwP9UjP-cU3uPxoA+hAwPR+i+OwP/hPT6/hPCA3PtA+o+c$PUqPQjhTq+o/+biPF+c$PPh6APTq/A$PTUPEjqThA9P+hPh6APhJU-Ayy#+cE9PN&%(42?BC[P+hP9UjiqAP#+oo/c!PPT6qUj!6PT6AP+/qrPGUP9UjPT6/c-P9UjPEUjo$PO+c+!AP/TbLPiQc$P36+TP+cPP/!cUq+cTPo/TToAP!/qoPh6AiooPT6/c-POAP#UqP+h-/c!rPCUwP/TiooPcA'AqP$UPTUPP+h-5PJAq6+JhPBPh6+ooPhAAP/TP3q/TTAcPjJPhUOA36AqAuiPP