Haxed
Message from 2022
This post is pretty old! Opinions and technical information in it are almost certainly oudated. Commands and configurations will probably not work. Consider the age of the content before putting any of it into practice.
Yesterday was the iCTF game. Needless to say, it was crazy, intense, and lots of things went wrong. However, much to our suprise, we did pretty well for a bunch of rookies: (We’re WCSC).
It was quite different than what I expected. I thought that teams would have about three flags on their machine at a time, and get new ones every half hour. However, it was more like ten at a time, with new ones every minute or so. In order to actually perform like that, we needed scripts to do the work.
I made lots of tiny perl scripts, and chained them together. At one point my command line was:
perl cprog_can_suck_a_dick.pl | perl flagchew.pl | grep MTN | php urlencode.php| perl flagsub.pl
Breaking that down, the first perl script (named because it was exploiting a C program called cprog that included inline ASM and called a perl script to do some dirty work) fed an enemy httpd an URL causing cprog to spit out the most recent flag stored in a particular place on their machine. flagchew.pl put each flag on a different line, the grep separated out the flags from the chaff, urlencode.php worked as advertised, and flagsub.pl actually did the submission.
We did get best logo:
