CTF(x) iTrash: Forensics Challenge

For this one we’re given a link to a Megaupload hosted file. It’s a 93mb file so it’s gotta be good! The clue was:

In this challenge we were given an string and told that it was an authorization token that had expired. We want to forge an authorization token for whatever service this token is used for. The token we’re given is this:

SecuInside CTF 2016 - Cykor_00002 CGC Challenge

Was pretty surprised to see CGC challenges on the SecuInside CTF this year so I got involved with these. Dusted off my CGC vagrant VM from Defcon earlier this year and went to town. This second challenge was a bit more in depth than Cykor_0001 so I’ll write this one up instead.

Backdoor CTF 2016 - Worst-pwn-ever - Pwn Challenge

Cool little challenge, we’re given a hostname and port. When we connect we’re presented with a ‘>’ prompt and we have to deduce the environment we’re in then exploit it.

SecurityFest 2016 CTF - QRack - Misc Challenge

Only got to spend 2 hours on this CTF sadly as it was mid-week for me. Sadly because the site was so well designed and the challenges seemed reasonably set. Anyway this was one of the few I solved and I was drawn to it because - QR codes - who doesn’t love those?