DEFCON 18 Quals: writeups collection

May 25, 2010 by longld · 18 Comments 

DEFCON 18 Quals is over and here are the writeups collection from teams, come back for latest updates.

(please inform me if you have write up for c500, pm500)

PURSUITS TRIVIAL

PT100: spiderman movie quote

PT200: VIM shell

PT300: social networking

PT400: java game

PT500: audio remix

CRYPTO BADNESS

C100: alphabet cipher (Dvorak keyboard)

C200: Enigma cipher

C300:

C400: RSA 768 bits crack

C500:

  • n/a

PACKET MADNESS

PM100: yEnc madness (too hard for 100pts)

PM200: EBCDIC shell

PM300:

PM400:

PM500:

  • n/a

BINARY L33TNESS

B100: Linux x86 crackme

B200: Haiku OS crackme

B300: Linux x64 crackme

B400: Linux x86 binary with embedded lightweight Java Virtual Machine (base on j2me_cldc reference code from Sun)

B500: Solaris SPARC 9 x64 (find the DES key)

PWTENT PWNABLES

PP100: FreeBSD BOF exploit with stack cookie based on time
(wasted of time due to wrong server timezone!)

PP200: python shell

PP300: FreeBSD exploit – heap overflow

PP400: Mach-O PPC binary exploit (err .. it’s the same binary as last year pp400 challenge)

PP500: FreeBSD exploit recover from a packet dump
(err .. binary & key were leaked from PP200 shell to some teams)

FORENSICS

F100: hidden key in NTFS filesystem

F200: PNG images analysis

F300:

F400: Live OS image

F500:RAID image carving

Misc Links

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Add to favorites
  • Reddit
  • Technorati
  • Tumblr
  • Twitter
  • Slashdot
  • Identi.ca

About longld
@longledinh

Comments

18 Responses to “DEFCON 18 Quals: writeups collection”
  1. jaunedeau says:

    Defcon forensics 300 writeup from the Routards, nice one ! http://bit.ly/9rEZnc

  2. mezzendo says:

    Here’s my pwtent pwnables 500 write-up. I’m still looking for the binary if anyone grabbed it while they had shell access on the box.

    http://sploitlab.wordpress.com/2010/05/26/pwtent-pwnables-500-solution/

    -mezzendo

    • RD says:

      nice mezzendo. you can get back the pp500 binary remotely via the pp500 daemon itself using ‘b – /dev/hrnd’ command. It will send back 512 bytes of the binary each time. Input should be 0, 20, 40, 60, … You’ll need to re-order the blocks to rebuild the binary. I’m at work so I don’t have the binary. I will upload it later :)

 

Tweetbacks

Check out what others are saying about this post...
  1. DEFCON 18 Quals writeups collection updated http://bit.ly/90giw4 (still missing writeup for c500, pkt300, pkt500, b400, pwn500, f300)

  2. @thedarktangent there’s an updated list of all #defcon 18 quals writeups at http://bit.ly/90giw4

  3. @vnsec: DEFCON 18 Quals: writeups collection http://bit.ly/90giw4 (updated with a lot more writeups)”

  4. DEFCON 18 Quals: writeups collection http://bit.ly/90giw4 (updated with a lot more writeups)

  5. Still waiting for a Binary 400 writeup… http://bit.ly/dtjNRe #DEFCON #CTF quals

  6. DEFCON 18 Quals: writeups collection http://bit.ly/90giw4