[noxCTF] PSRF

Challenge by - 5cr0ll, Daniel Sagi

PSRF Challenge description: > Swisslock is a new company in the Kubernetes security business. Are they worth it? First time in the website, we don’t see anything special aside from a textbox and some images. side note: there is an open text box, but you won’t get very far by trying web-related vulnerabilities ;) After viewing the page source we see that the file is really long, after scrolling to the bottom we see the first hint! [Read More]

[noxCTF] Ra(p)hic

Challenge by -

Writeup for Rap(h)ic; Reversing 966 Intro This is a hard Reversing challenge from noxCTF. The solver only gets an ELF file. Description: There is nothing like overly designed design The original file is attached at the bottom of the document. Summary We get an ELF file. Upon execution, it will load another ELF file from its memory into “/tmp/…” and execute it. The processes use a socket to communicate with each other - The parent process sends addresses which the child process later executes and sends its return value back to the parent. [Read More]

[noxCTF] noxComputers

Challenge by jonathanj

The Challenge The challenge is basically a computers store service- the user can buy premium user (or multiple users and be eligible for a future discount), buy a computer, return a computer, and show/edit the account details. The Vulnerability The vulnerability exists in buy_multiple_premium_users(), in the following functionality void buy_multiple_premium_users() { ... ... if((unsigned short)(user_count + premiums_amount) > ARRAY_MAX) { puts_wrapper("You can't create more than 1024 users :("); return; } . [Read More]

[noxCTF] Muhammad Ali

Challenge by JohnE

Challenge description: Muhammad Ali: “I’ve Ceen Many Pictures of Knocking-out in my career” special idea: 1)The main idea of the challenge is ICMP Knocking. 2)This is not a Stego challenge, this is a Networking challenge! 3)solving without understanding(frame contains “flag”/“noxctf”,follow each tcp stream) will lead you to stego dead end. Writeup: At the beginning of the challenge we get a description: Muhammad Ali: “I’ve Ceen Many Pictures of Knocking-out in my career” ok, it seems like we need to search picture files of knockouts inside the pcap file. [Read More]

[noxCTF] Reverse

Challenge by JohnE

Note: this is not a Reverse challenge Note: change the flag format from noxctf{X-X-X} to noxCTF{X_X_X} Writeup At the beginning of the challenge we get an executable file, that looks like cmd. Lets start running commands and look if we see something suspicious But so far it seems like normal limited cmd. When we call the ‘netstat’ command we get a constant output: Netstat- Displays protocol statistics and current TCP/IP network connections. [Read More]

[noxCTF] SUBliminal

Challenge by JohnE

Challenge description: “SUBliminal is an Israeli rapper that eschew from Illegal things. (don’t smoke weed everyday)“. goo.gl/pSGubK special idea: 1. To understand that we interested in the data of the packet that has been sent from illegal subnet ip. 2. To understand that illegal subnet address is an address that belong to subnet(start with 10 or 192) and don’t implement the rest of the mask: 10.0.0.? Writeup: So, at the beginning of the challenge we get a note: “SUBliminal is an Israeli rapper that eschew from Illegal things. [Read More]

[noxCTF] Sublime

Challenge by G4S

Sublime is a medium difficulty cryptography challenge about the substitution cipher. I made this challenge more difficult by setting the substitution range of values to the whole ASCII table. To solve this challenge, you first need to perform a frequency analysis on the given ciphertext, omitting the variety of punctuation marks from the analysis but spaces (e.g. dots, exclamation marks, question marks etc..) and sort the frequencies from the highest to the lowest. [Read More]

[MagTF] ValleyOfDeath

Challenge By WelloWorld and Shahar Snitovski

So this challenge is meant to be a regex challenge with some trolling and make it more harder. At the beginning, the user get a file named P. This file is a XZ compressed data by tar.xz. After user decompressed the file, he will get a folder about 550 subfolders depth(e.g. subfolder 1 is inside P and subfolder 2 is inside 1 and so on). When he gets the last file named con (zip file), he will need to open it and see that it is another folder contains 550 subfolders, So he should make a code that does it. [Read More]

[MagTF] rEVEenge!

Challenge by WelloWorld

Hey there. The solvers start the challenge as they open the folder contains pcap file, and an ELF file. IMPORTANT NOTE: This ELF is not to be reversed although I made some encryptions to the strings and even then it would be hard to deal with. As the run the ELF they see the next lines written by Eve, Bob first love (before Alice): Hey Bob, Its EVE. Do you remember me? [Read More]