[Hello everyone! We are “galhacktic trendsetters”, a group of people new to CTFs (for more about us, see the about page). We’ll use this blog to post write-ups/postmortems for events we participate in.]
This past weekend we participated in the CSAW 2016 Qualifiers. This was the 4th CTF we’ve participated in as galhacktic trendsetters, and probably the one we took most seriously out of these (we participated in the ASIS CTF the weekend before, the TokyoWesterns/MMA CTF the weekend before that, and “participated” in the HackCon CTF the weekend before that).
We ended up coming in 55th place with 2651 points, solving 20 out of the 31 challenges.
Challenges we solved (with linked writeups where available):
- [Crypto 1] Notesy 2.0
- [Misc 25] Coinslot
- [Reversing 50] Gametime
- [Forensics 50] Kill
- [Crypto 50] Sleeping Guard
- [Pwn 50] Warmup
- [Pwn 100] Aul
- [Forensics 100] evidence.zip
- [Forensics 100] Clams Don’t Dance
- [Reversing 100] The Rock
- [Misc 100] Regexpire
- [Web 125] mfw
- [Web 150] wtf.sh (1)
- [Forensics 150] brainfun
- [Reversing 150] deedeedee
- [Crypto 200] Neo
- [Recon 200] Fuzyll
- [Forensics 250] Watchword
- [Crypto 300] Broken Box
- [Crypto 400] Still Broken Box
Challenges we didn’t solve:
- [Recon 10] Music To My Ears
- [Recon 10] Eric Zhi Liang
- [Reversing 125] Key
- [Forensics 150] Yaar Haar Fiddle Dee Dee
- [Pwn 200] Tutorial
- [Web 200] I got Id
- [Reversing 300] ivninja
- [Pwn 300] Hungman
- [Web 400] wtf.sh (2)
- [Reversing 400] Tar Tar Binks
- [Pwn 500] Mom’s Spaghetti
Remarks:
- Our weakest areas definitely are Pwn and Reversing, which is reflected in the results (our Web isn’t much better).
- We got really close on Yaar Haar, but somehow didn’t manage to notice the zip file in the packets. We should be more careful on forensics things in the future.
- We should practice doing some Windows reversing challenges: I had no clue how to use IDA/OllyDbg for Key (and the only reason we successfully solved the other windows reversing, Gametime, was because it involved no reversing at all).