Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Tummala Dhanvi (c0mrad3)
    @dhanvi
    @bert88sta this group usually will be inactive! only I and @YASME-Tim chat over here usually :worried:
    Thomas Gerot
    @tjgerot
    I would like to join the CTF's GitHub organization.
    Tummala Dhanvi (c0mrad3)
    @dhanvi
    @tjgerot cool
    try getting the challenges of the previous ctf and new ctf and add them here using https://github.com/ctfs/write-ups-tools
    polym (Tim)
    @abpolym
    @tjgerot I've added you to the ctfs group since you hosted a CTF and are willing to contribute :)
    somehow i dont like the smiling emoji - it smiles too much ;)
    Tummala Dhanvi (c0mrad3)
    @dhanvi
    @tjgerot :+1:
    Thomas Gerot
    @tjgerot
    @dhanvi I'd love to help with whatever you need. I see you asked me to get the challenges of the previous CTF and new CTF and add them using the write-up tools. Could you specify which CTFs and what exactly you want done?
    polym (Tim)
    @abpolym
    @tjgerot there is an issue containing a list of past CTFs that have been added to the repo - maybe you can update (edit) that one and compare them with the ctftime list https://ctftime.org/event/list/past so that we know which (online) CTFs are missing and are to be done :)
    Thomas Gerot
    @tjgerot
    Sure thing. Also, would someone else take a look at this file? It looks as if this is an executable hidden in a .doc file. My antivirus caught this executable running with the title "TrojanDownloader" from when I cloned the repository. I also found that it had run between when I cloned the repo to when I committed. ctfs/write-ups-2016@822f496 without touching it myself but couldn't show the changes due to its filetype. Let me know if this is an actual problem, or if I'm just paranoid. Thanks!
    Tummala Dhanvi (c0mrad3)
    @dhanvi
    @tjgerot I suggest that you switch to Linux :)
    polym (Tim)
    @abpolym
    @tjgerot I did look at the .doc file and looks like you catched something - i don't know how serious it is though. The file is a challenge for the cyber security challenge belgium https://github.com/ctfs/write-ups-2016/tree/master/cyber-security-challenge-belgium-2016-qualifiers/Reverse%20Engineering/Word-of-the-rings
    The .doc contains a macro (see writeup or https://virustotal.com/en/file/08e7841aebb68632ca68130fc037181f55d9e5b550834198111f9ac80c4f2fc6/analysis/) that behaves like an executable
    According to the writeup you may have downloaded teamviewer (a remote control software) to your computer
    However, I don't know how it was executed without you opening it - did you open it by accident?
    Also after you've opened it, the .doc rewrote itself to be non-malicious and you uploaded the non-malicious version to the github repo
    the correct md5 is 2e635a6ed555a0e24005c5253f14057d - the current, non-malicious version has md5 2e922bf20747142a4ad85667f53d28f0
    (had to take a double take since the first characters of each md5 are the same)
    polym (Tim)
    @abpolym
    maybe the challenge just downloads the teamviewer zip containing the teamviewer software (a legit software btw) - the writeup doesnt provide any more info https://github.com/ctfs/write-ups-2016/tree/master/cyber-security-challenge-belgium-2016-qualifiers/Reverse%20Engineering/Word-of-the-rings
    polym (Tim)
    @abpolym
    yeah so i cannot find anything besides downloading the teamviewer.zip from the official teamviewer page as said in the writeup. if you want to make sure, ask the challenge authors, read other writeups for the challenge or reverse it on your own
    and disable macros :)
    i hate that emoji
    : )
    Besides that, I am curious how you executed the macro without opening the .doc
    some rogue anti-virus that fails at sandboxing?
    polym (Tim)
    @abpolym
    @tjgerot if you've read my response or analyzed the challenge further give me a quick ack :)
    : )
    Bret Barkley
    @Bretley
    Anyone here found any good examples or walkthroughs of a double free and/or sigreturn oriented programming? I know they're supposed to be hard as shit to do, but they're some of the only binary things I've not done yet
    and I'd like to have them under my belt for future ctf
    Thomas Gerot
    @tjgerot
    @abpolym I'll try a few tests on it, and maybe contact the author. @dhanvi Maybe I'll work with it in my linux VM : )
    Thomas Gerot
    @tjgerot
    This message was deleted
    polym (Tim)
    @abpolym
    censorship!
    Thomas Gerot
    @tjgerot
    @dhanvi @abpolym If a CTF has teaser challenges (not worth any points) do you want to have it like challenge-name-0, or just challenge-name? ctfs/write-ups-2016#2183
    polym (Tim)
    @abpolym
    Hey @tjgerot see the response in the issue : )
    Thomas Gerot
    @tjgerot
    @abpolym Thanks!
    Thomas Gerot
    @tjgerot
    @abpolym ctfs/write-ups-2016#240
    Tummala Dhanvi (c0mrad3)
    @dhanvi
    @tjgerot in my opinion challenge-name-0 looks good that clearly says that the problem is of 0 points / just a teaser
    Thomas Gerot
    @tjgerot
    @dhanvi Thanks, I'll set it to that. Also, let me know what you think about the badges in my fork
    Tummala Dhanvi (c0mrad3)
    @dhanvi
    Guys did someone change the credentials of ctfs@tutanota.com
    sorry my bad I was trying to login and point to writeups bot to 2017 repo
    Tummala Dhanvi (c0mrad3)
    @dhanvi
    guys created the new repo https://github.com/ctfs/write-ups-2017 and moved all the old issues in the 2016 to the 2017 one
    If any one have the challenges do add them to the repo
    redfast00
    @redfast00
    Is this repo still active?
    ashleywang1
    @ashleywang1
    Hey, I hope you guys are still active. I'm currently working through all of the PicoCTF 2017 problems, and was hoping to add the writeups to the write-ups-2017 repo
    Anshul
    @AnshulMalik
    Lets add writeups for CSAW'17 Finals
    Tummala Dhanvi (c0mrad3)
    @dhanvi
    @redfast00 Hopefully it will be active in 2018 :smile:
    @ashleywang1 feel free to create a PR by following the contributing guide, I will try to merge them as soon as possible
    @AnshulMalik sure
    redfast00
    @redfast00
    @dhanvi it wasn't :/ want to create a repo for 2019?