2011-06-10 21:52:00
I've seen a number of requests for a writeups on the forensics 200 challenge from Defcon Quals, so I figured I would write one up. Its a relatively simply challenge, but it takes a certain mindset to solve these forensics challenges, so I'll be focusing on that instead of the technical aspects as much. I will, however, try and go step by step so the process can be reproduced.
2011-05-17 18:20:00
Next up in the series of PCTF writeups, is problem #6, a .NET challenge. Unfortunately, the .Net Reflector recently went pay, although its only $35, and comes with a 2 week trial. We'll go with the trial.
Great. Its obfuscated, but we kind of expected that, and we know we're looking for a valid key.
Before we get too far, this is what the application is looking for, so we're looking for 3 values ranging from 0->255 that fit and will activate our controller.
2011-05-15 16:52:00
So, this is one of the easier challenges, we were given a some connection information, and here's the information it gave us upon connection:
Welcome to the online calculator. Please enter your expression below.
1
About to Calculate:
Calculating: 1
Equals: 1
At this point, we don't know much, except that it does some sort of calculation. A few more trials, and we've learned some useful information:
Welcome to the online calculator. Please enter your expression below.
1+1
About to Calculate:
Calculating: 1+1
Equals: 2
2011-03-31 16:36:00
In the spirit of learning me some Python, I decided I would take on the task of re-writing some of the SysInternals tools in Python. The first of those I've done is what I like to call PySInfo.
Download:
PySInfo Source Code
PySInfo Windows Executable
2011-03-31 16:14:00
I've recently been working more on Python, since that's what most of the other people I know use as a scripting language, and I figured it would be a good idea to brush up on it a little. As a Windows guy, that meant I would need to dig into the Windows internals, and put together a few tools based on that.