Intro As promised, we are publishing our tasks from recent CTF hosted during PUT Security Day vol. 0! Stegano Stegano seal [100] file “You have been visited by a stegano seal. It brings you joy (and points).” Art Gallery [150] file “Do you like the art?” Relativity [200] file There’s something weird about the recording we’ve received. Once you got the message, wrap it with PUT{ and }, and make it uppercase (e. ... Read more

Piggy-Bank (WEB - EASY) - 29 solves Hack some bank for me. First, we played a little bit with the website - there were index, register and login pages accessible for all the users, and Profile, VIP, For developers and Transfer pages for logged-in users. Profile page just showed the account balance, Transfer allowed moving your money to other accounts, and VIP was just saying that it’d reveal its secrets once we have 1’000’000 coins on our account (and we started with 110). ... Read more

We need YOU in… … naszym zespole! Jeśli interesujesz się szeroko pojętym bezpieczeństwem, lub znudziły Ci się zwykłe hackathony/compo oraz masz ochotę się nie wyspać - to dobrze trafiłeś/aś! Nasz CTFowy zespół poszukuje zawodników. W tym celu postanowiliśmy ogłosić otwarty nabór. Ale po kolei! Dla wszystkich chętnych przygotowaliśmy parę prostych zadań. Dla osób, które parsują nagłówki bitmapy w głowie, zjadły zęby na ROPchainach czy znają na pamięć całą tablicę syscalli Linuxa (coś koło 300 pozycji), poniższe problemy będą trywialne. ... Read more

Witamy na stronie zespołu PUT CTF (PUT Underground Team)! Gdyby ktoś nie kojarzył - PUT to Poznań University of Technology, czyli angielskie tłumaczenie Politechniki Poznańskiej, zaś CTF to zawody Capture The Flag. A jeśli rozwinięcia skrótów dalej nic nie mówią, to polecamy wpis cenionego polskiego eksperta od bezpieczeństwa komputerowego o CTFach oraz stronę politechniki. Jeśli interesuje Cię praktyczna strona bezpieczeństwa komputerowego, zapraszamy do lektury! Na niniejszej stronie postaramy się opisywać co ciekawsze zadania, które rozwiązaliśmy podczas CTFów. ... Read more

Intro My daughter Kimberly her computer got hacked. Now she lost all her favorite images. Can you please help me recover those images? We received image of filesystem, where at first glance were only saved encrypted photos. But in home directory there were also two hidden files: one .bash_history and another .... unset HISTFIL ls -la pwd chmod +x ... ./... Hb8jnSKzaNQr5f7p ls -Rla #!/usr/bin/env python import random, string, sys, os from time import time from Crypto. ... Read more

Intro First we notice that color square is added for every three letters in text to encrypt. At the end of image we have n mod 3 two-decimal hex numbers. Also, color of previous squares didn’t change if we add more letters. Knowing that the flag must be in format flag{md5hash} we have tried encrypt flag{x And we get what we want to. RGB code of the first color was exactly the same as the color of the flag, and also second color had only different blue value in comprasion with the flag. ... Read more

Website Attack (200) - 17 solves Our website received an attack in 2013, we managed to capture the attack in this pcap. Can you find out if we leaked some sensitive information? The beginning - Wireshark problem After opening the provided pcap file in Wireshark, we could see that there’s a problem. Besides tcp packets, there were some malformed ones - which under closer inspection turned out to be named GSM over IP. ... Read more