This year challenges were organized an unusual way: we were some hax0rz hired by a company to complete some tasks they asked for, rewarded by money. Thus it was storyline, quite messy, hence the following tree, trying... lire la suiteCTF › Prequals ndh2k12
NDH2k12 Prequals - Debriefing
Sunday, March 25 2012, 23:54 :: Prequals ndh2k12
This year challenges were organized an unusual way: we were some hax0rz hired by a company to complete some tasks they asked for, rewarded by money. Thus it was storyline, quite messy, hence the following tree, trying... lire la suiteNDH2k12 Prequals - New email from our
Sunday, March 25 2012, 23:33 :: Prequals ndh2k12
From: Jessica To: w3pwnz Subject: New email from our contact Attachments : executable2.ndh Thank you again for your help, our technical staff has a pretty good overview of... lire la suite
NDH2k12 Prequals - What is it about this
Sunday, March 25 2012, 21:03 :: Prequals ndh2k12
The cover document was a song from the Blues Brothers, "Rawhide". The title suggests that the method used is simple. This was indeed one of the most straightforward challenges: take the lsb from every frame, and you're... lire la suiteNDH2k12 Prequals - unknown binary, need
Sunday, March 25 2012, 20:46 :: Prequals ndh2k12
From: Jessica To: w3pwnz Subject: unknown binary, need your help Attachments : executable1.ndh Hello again, Thank you very much for your help. It is amazing that our... lire la suite
NDH2k12 Prequals - We are looking for a
Sunday, March 25 2012, 17:05 :: Prequals ndh2k12
File sp112.rar The rar file is password protected => Let’s try to crack it... Open Advanced Archive Password Recovery and launch a dictionary attack : After some hours or some minutes depending on your dictionary, the... lire la suiteNDH2k12 Prequals - Another weird link -
Sunday, March 25 2012, 16:36 :: Prequals ndh2k12
From: Piotr To: w3pwnz Subject: Another weird link Attachments : web3.ndh Thank you again for these informations! we have just credited your account with $1700. Our spy... lire la suite
NDH2k12 Prequals - Any idea how to use
Sunday, March 25 2012, 16:18 :: Prequals ndh2k12
After decrypting the secret message, we got a new email, from Piotr this time, a supposed technical operative. From: Piotr NDH2k12 Prequals - We are looking for a
Sunday, March 25 2012, 14:47 :: Prequals ndh2k12
The bmp file has no padding bytes, and its size matches the image dimensions (4374054 = 810*1800*3 +0x36 for the header). On the other hand, applying an LSB filter reveals that something is wrong on the left side of the... lire la suiteNDH2k12 Prequals - We are looking for a
Sunday, March 25 2012, 14:34 :: Prequals ndh2k12
File sp111 After opening the sp111 text file, we guessed that it was encrypted with vigenere. We tried an auto-decrypt with http://www.apprendre-en-ligne.net/crypto/vigenere/decryptauto.html, revealing that... lire la suiteNDH2k12 Prequals - What is it about this
Sunday, March 25 2012, 13:56 :: Prequals ndh2k12
File: 11925.ndh Once again it is a VM file. We quickly take a look at the hexdump to find the remote port used (4004). % tail 11925.ndh|hexdump -C 00000000 00 16 b7 0e 00 02 02 04 00 00 02 03 04 03 03 03... lire la suiteNDH2k12 Prequals - New email from our
Sunday, March 25 2012, 13:39 :: Prequals ndh2k12
According to the description http://sci.nuitduhack.com was a url shortening service. After searching about how these services work i found two “common” practises. The first was inserting urls in the database and then... lire la suiteNDH2k12 Prequals - What is it about this
Sunday, March 25 2012, 13:27 :: Prequals ndh2k12
In the sp113.pdf found in the bitmap “Wallpaper image”, we can see “author: SciteekSmith”. Google is our friend : http://lmgtfy.com/?q=SciteekSmith There is 1 result : http://www.facebook.com/SciteekSmith... lire la suite« previous entries - page 1 of 2
