DEFCON 18 Quals: writeups collection

May 25, 2010 by longld · 18 Comments 

DEFCON 18 Quals is over and here are the writeups collection from teams, come back for latest updates.

(please inform me if you have write up for c500, pm500)


PT100: spiderman movie quote

PT200: VIM shell

PT300: social networking

PT400: java game

PT500: audio remix


C100: alphabet cipher (Dvorak keyboard)

C200: Enigma cipher


C400: RSA 768 bits crack


  • n/a


PM100: yEnc madness (too hard for 100pts)

PM200: EBCDIC shell




  • n/a


B100: Linux x86 crackme

B200: Haiku OS crackme

B300: Linux x64 crackme

B400: Linux x86 binary with embedded lightweight Java Virtual Machine (base on j2me_cldc reference code from Sun)

B500: Solaris SPARC 9 x64 (find the DES key)


PP100: FreeBSD BOF exploit with stack cookie based on time
(wasted of time due to wrong server timezone!)

PP200: python shell

PP300: FreeBSD exploit – heap overflow

PP400: Mach-O PPC binary exploit (err .. it’s the same binary as last year pp400 challenge)

PP500: FreeBSD exploit recover from a packet dump
(err .. binary & key were leaked from PP200 shell to some teams)


F100: hidden key in NTFS filesystem

F200: PNG images analysis


F400: Live OS image

F500:RAID image carving

Misc Links

Share and Enjoy:
  • Digg
  • Facebook
  • Google Bookmarks
  • Add to favorites
  • Reddit
  • Technorati
  • Tumblr
  • Twitter
  • Slashdot

About longld


18 Responses to “DEFCON 18 Quals: writeups collection”
  1. jaunedeau says:

    Defcon forensics 300 writeup from the Routards, nice one !

  2. mezzendo says:

    Here’s my pwtent pwnables 500 write-up. I’m still looking for the binary if anyone grabbed it while they had shell access on the box.


    • RD says:

      nice mezzendo. you can get back the pp500 binary remotely via the pp500 daemon itself using ‘b – /dev/hrnd’ command. It will send back 512 bytes of the binary each time. Input should be 0, 20, 40, 60, … You’ll need to re-order the blocks to rebuild the binary. I’m at work so I don’t have the binary. I will upload it later :)



Check out what others are saying about this post...
  1. DEFCON 18 Quals writeups collection updated (still missing writeup for c500, pkt300, pkt500, b400, pwn500, f300)

  2. @thedarktangent there’s an updated list of all #defcon 18 quals writeups at

  3. @vnsec: DEFCON 18 Quals: writeups collection (updated with a lot more writeups)”

  4. DEFCON 18 Quals: writeups collection (updated with a lot more writeups)

  5. Still waiting for a Binary 400 writeup… #DEFCON #CTF quals

  6. DEFCON 18 Quals: writeups collection