Posts

Showing posts from February, 2019

BHIS CTF@Shmoocon 2019 - Blockchain Challenge

Image
I had the Blockchain Challenge, or whatever it was actually called, still kicking around even though Shmoocon and the Blackhills Infosec CTF has ended. I thought this was a neat challenge and I really wanted to figure this one out.


Here's the challenge description:

Thanks for joining our team on this one. We are so close to catching the infamous hacktivist known as "gh0st Plague".
We were informed that he is planning another DDoS attack against a major financial institution. gh0st Plague recruits various botnet owners from around the net and always pays in Bitcoin.
We believe that the following Bitcoin address is one of gh0st Plague's wallets. Knowing where and when gP is making payments should help us catch him but we need some solid evidence. This is where you come in. With your expertise in Blockchain analysis it shouldn't be too hard for you to determine if he let his ego get to him and left any clues behind. Good luck! 3AHnpGWb1EUSYKZUbgxfAkzFfmJeKLL3hH


I remembe…

Al Capwn: Evlz CTF 20190202-20190203

Image
I recently heard of the Evlz CTF from a reddit post in /r/securityCTF by u/coffee-loop. The CTF is put on by Al Capwn, a collaboration of Indian college CTF players with members from eavesdroppers, UPES, and Amrita University. 


Holy macaroni did this competition blow me away! There were so many quality challenges I can't believe it was limited to less than 48 hours. I only had about 6 hours between Saturday and Sunday to put towards the challenges so I was only able to get a few of the "easy" ones.

They had multiple challenges for each of the following categories:
SanityMiscCryptoForensicsWebPwnReverse I have write ups for the Sanity challenges as well as two of the Misc challenges.

Let's get started:
Sanity Check 1 1 point, simply enter the flag that was set for the ctf channel in the evlzctf slack workspace.
evlz{I_pledge_to_play_fair_and_I_promise_to_not_attack_the_infrastructure}ctf
Sanity Check 2 50 points. This challenge provided a link to the following QR code:


I…