: http://offsec.ir/writeups
http://offsec.ir/writeups

OFFSEC Team Ice CTF Results

: http://offsec.ir/writeups
http://offsec.ir/writeups

Offsec Research CTF Team: "Thinking out of the out of the box"

Following our last post here where OFFSEC is take part in Icelandic Hacking Competition -Ice CTF, which took place between August 12 to 26 - see team points here - you can see how in the results below how the OFFSEC Research CTF Team show the great skills of Iranian security researchers/hackers.

OFFSEC took part at all 4 stages of the Ice CTF and completed challenges in stages 1 to 3.

OFFSEC Team members Mohammad Morshedi, Abbas rare, S Pourali, B Amynazad, Ali warrior, Hamid Rezaei, Mohammad Zamir, and Amir messenger all took part in the CTF challenges.

The OFFSEC Research CTF Team members and their specialities are:

  • Abbas Naderi -Cryptography-
  • Behzad NajjarPour -Remote code exploits-
  • Mohammad Morshedi -Remote code exploits-
  • Sajjad Pourali -Web application security-
  • Ali Razmjoo -Fuzzing-
  • Ali Abbasi -Exploit development-
  • Sina Yazdanmehr -Web application security-
  • Mohammadreza Zamiri -Network security-
  • Hamid Rezaei -Exploit development-
  • Amir Rasouli -Miscellaneous-

Offsec say if anyone wants to help support the Offsec Research CTF Team, you can send your CV to [email protected] to be considered.

The Ice CTF challenges

STAGE 1

Time Traveler -Forensics, 45- – Abiusx

Find the flag at a URL.

Alien Message -Crypto, 40- – Abiusx

Decrypt a flag at a URL.

STAGE 2

Exposed -Web, 60- – Sajjad

Exposed .git control repository & download of git.php & No-SQL blind injection.

RSA -Crypto, 50- – Abiusx

Once decryption key realized, just have to convert it back to string from hex to reveal the flag.

Over The Hill -Crypto 65- – Abiusx

Hill Cypher crypto task with non-reversible matrix using linear algebra but via modular arithmetric the flag was revealed.

Dear Diary -Pwn, 60- – Ali.R.

Handling a string overflow triggered by file input; flag function re-written to reveal the flag.

STAGE 3

Geocities -Web, 100- – TMT, Mizerium

Shellshock vulnerability. Perl script connects to DB & flag extracted from the DB table.

R.I.P Transmission -Forensics 65- – Silverfox

Extract provided password-protected .zip files & bruteforce the password; the unzipped .JPEG file then shows the flag.

l33tcrypt -Crypto 90- – Abiusx

A reverse padding oracle on ECB mode; the server encrypts “l33tserver please”+input+flag+PKCS7_padding using AES-ECB mode, and outputs the result Padding size -16 bytes- was forced to enable brute forcing 1 character of the flag at a time, until entire flag leaked.

Intercepted Conversations Pt.1 -Forensics 110- – Sliverfox

Keyboard keystrokes were captured & Wireshark PCAP analysis of Leftover Capture Data & conversion of the codes using a Python script shows keystrokes used; keyboard used was kinesis advantage pro keyboard with a QWERTY layout; conversion from QWERTY to Dvroak revealed the flag.

Intercepted Conversations Pt.2 -Forensics 125- – Silverfox

Wireshark analysis of TCP streams for IRC -Internet Relay Chat- traffic; analysis of the .pyc magic number signature file show needed to install Python version 3.5b2 to run the supplied .pyc file; file was decompiled and encoding algorithm was found; script created to reverse it & ran decoder script with encoded flag as its argument revealed decoded flag.

STAGE 4

Root of All Evil -Forensics 150- – Silverfox

Several directories in the provided zip file -only bin and home are non-empty-, under home directory we have 2 users “glitch” and “evil”. “glitch” is empty but “evil” has a .bash_history file; challenge incomplete by OFFSEC.

Attack of the Hellman -Cryptography 200- – Silverfox

Parameters used in Diffie-Hellman algorithm to generate a secret and then this secret -B^a- is used to encrypt the flag, had the encrypted version of the flag ; needed to calculate B ^ a which is used as the key to encrypt flag, we can then use openssl to decrypt the flag -which is encrypted using aes 256 cbc-; challenge incomplete by OFFSEC.

Full Ice CTF writeups can be read here

OFFSEC contacts

Facebook: www.facebook.com/offsec.ir
OFFSEC website: www.offsec.ir
Telegram: https://telegram.me/offsecmag
Blog/CTF Team Writeups: offsec.ir/writeups

Article rating:

vote(s).

0 Comments

Write a Comment

:
Hosein)root Discovers XSS Vulnerability on Google Earth

On 25 November Hosein)root who asked ICNA publish his true name as Amir Hossein Sharbati on CX...


0 Comments | Read more +
:
35/000 Characters Tweet Shocks German Hackers!

Thinking that a person could send a tweet with more than 280 characters is more or less like a...


0 Comments | Read more +
:
4TT4CK3R Identifies Flaw in University of Tehran Website

Vulnerability researcher 4TT4CK3R discovered on 23 August a cross-ste scripting vulnerability ...


0 Comments | Read more +
: 4tt4ck3r Find Vuln In United Kingdom Government
4tt4ck3r Finds Flaw in UK Government Websites

Iranian hacker 4tt4ck3r has previously found Reflected XSS -Cross Site Script...


0 Comments | Read more +
: TYRANT Ransomware
Iranian TYRANT Ransomware

A new type of ransomware have been discovered on October 16 2017 which appear...


0 Comments | Read more +
: IoT Security Research Expertise
Iranian Expertise in IoT Security Research

Iranian academic security researchers at the ITRC (Information Technology Research Cen...


0 Comments | Read more +
: Mohammad Rezania -LinX64-
Android Security and Forensic Science by LinX64

A good article by Iranian academic is important step forward for people to understand security...


0 Comments | Read more +
: http://offsec.ir/writeups
OFFSEC Team Ice CTF Results

Offsec Research CTF Team: "Thinking out of t...


0 Comments | Read more +
:
Defacement of Hafez Institute of Higher Education by UnSec Team

ICNA was contacted yesterday, 19 October, by UnSec Team member Mostafa Asadi concerning the ha...


0 Comments | Read more +
:
Manoto Defaced by Cluwix

We can see in the picture that website of Manoto TV show "Stage" was hacked by Black Hat Hacke...


0 Comments | Read more +
: Eagle Security Team
Eagle Security Team Deface Shahrood University of Technology

MR 7KH4T of Iranian hacking group Eagle Security Team is mak...


0 Comments | Read more +
: MR.IMAN
Iranian Black Hat Hackers Mass Deface Iran Sites

Hackers of the team Iranian Black Hat Hackers has make deface of many Iranian...


0 Comments | Read more +
: Iranian Cyber News Agency
New Website

Welcome to Iranian Cyber News Agency website.

New sections now include Vulnerability N...


0 Comments | Read more +
خبرگزاری سایبر ایران

در ب...


0 Comments | Read more +
:
SMS Virus Developed by Iranian Hacker Claims 100/000 Victims in Iran

In recent weeks a story that has attracted attention of many people has been the development a...


0 Comments | Read more +
: Atash Security Group
Atash Security Group Attack Irancell

The hacker and administrator Omid Killer of the Iranian hacker group ...


0 Comments | Read more +
: Eagle Security Team
Eagle Security Team Hack Saudi Sites

Latest Iranian cyber news from the Eagle Security Team shows that hackers hav...


0 Comments | Read more +
: Lord Hacking Team
Lord Hacking Team Attack Google Telegram & Acunetix

Iranian hackers of Lord Hacking Team is claim attack against:

  • ...

0 Comments | Read more +
: Fake ANF News App
Open Source Research Company Claims Iranian Government Targets Iranian Citizens with Malwareware

Open source research company Check Point Research claims that what it called Iranian governmen...


0 Comments | Read more +
Twitter: Twitter Message
Hackers Take Down Mahan Air Website

It can be seen from Twitter posts that website of Mahan Air was hacked by Iranian group XileRe...


0 Comments | Read more +
U.S-INDICTED MABNA GROUP DIRECTED BY MINISTRY OF INTELLIGENCE

Previous, ICNA has reported on U.S. indictments and accusations of Iranian hackers and other c...


0 Comments | Read more +
A Vaccination Called Filtering

We took this text from the Telegram Channel of Iran Security Team Official Channel (


0 Comments | Read more +
:
IEDB Holds Gatherings Nationwide

In recent weeks and months users and friends of the hardworking IEDB team which has very activ...


0 Comments | Read more +
: Eagle Security Team
Eagle Team

The Iranian Eagle Security Team security researchers is make exposed many SQL...


0 Comments | Read more +
: Kheshtak Security Team
Kheshtak Security Team - Story Continues

More than ever in the 21st century, knowledge is power and information is the force that contr...


0 Comments | Read more +
:
Termint Security Team Have New Website

Although they have history going back a few momnths the Termint Security Team...


0 Comments | Read more +