Was pretty surprised to see CGC challenges on the SecuInside CTF this year so I got involved with these. Dusted off my CGC vagrant VM from Defcon earlier this year and went to town. This second challenge was a bit more in depth than Cykor_0001 so I’ll write this one up instead.

Cool little challenge, we’re given a hostname and port. When we connect we’re presented with a ‘>’ prompt and we have to deduce the environment we’re in then exploit it.

Only got to spend 2 hours on this CTF sadly as it was mid-week for me. Sadly because the site was so well designed and the challenges seemed reasonably set. Anyway this was one of the few I solved and I was drawn to it because - QR codes - who doesn’t love those?

According to the challenge text this was a re-implemented challenge first seen at the AISA 2015 CTF. Since that was an onsite event I had not seen or heard of it before. So I approached it as a new challenge.

Defcon Quals 2016 were held over the weekend, while I didn’t qualify for the finals (any teams wanting a stand in ? Let me know ) I did become intrigued by the CGC challenges that were presented. Today I’m writing up the solution to LEGIT_0003. The most basic of the CGC challenge binaries (CB). I’m going to write it from a complete dummies perspective because that’s what I was (AM).