Qo[w|m|?]
QoW: Software Reversing and Exploitation
I’ve developed a FTP like multi-threaded server application as a target for this challenge of the month. It has been coded in c and compiled by VC++ 2008. This is a three step challenge:
Step 1- Find the correct “passphrase” format to logon to the server and get the “Access Granted” message. (You may use a debugger like Ollydbg to do Live RE for this step).
Step 2- Do vulnerability research on the server software. There is at least one exploitable bug but there could be more bugs or error conditions. Try to spot a memory corruption bug and write a denial of service exploit for it.
Sorting your shoes like a whore!
(my first X-Rated blog post.. i should hook up ad-words and watch the money roll in!)
Ok.. our Zimbabwean recruit was posed the following question by some international academics:
Q:”How would you sort your shoes?”
He answered:
A: “I make the assumption that the shoes are positioned such that I can see their sizes, and that they are in a row of boxes. I would randomly pick a pair of shoes in a box and call them my ‘pivot point’. I would then reorder the shoes such that all shoes with sizes less than my pivot are on the left of it, and all shoes with a greater size are on the right of the pivot (perhaps having 2 piles of shoes next to me as I work, one for size less than, one for size greater than). This pivot pair of shoes would now be in their correct sorted position. I would then apply this same process to the left and right sets of shoes, and then to their left(left,right) and right(left,right) sets, continuing this process until all shoes have been ‘pivoted’ or there is only one or zero pair of shoes between two pivots. (i.e a set of only one pair).”
HTTP-Mangler QoW…
Many people took a crack at “what tool will work to replace mangler, out of the box” and so we have a bunch of new tools to play with..
Steven’s answer of MS-Word or PowerPoint left us scratching our heads a little, and rezn threw in the added complexity of the app requiring valid certs..
(to answer rezn, i think you could avoid the SSL complications with judicious use of a detours app or echo-mirage from bindshell.net).
QoW 1 answered; Qow 2 released
A little while back we published our first public QoW for your abuse and enjoyment, and the time to close it is ………. now. The new QoW is available here.
Thanks for the efforts; we received a fair number of answers and are still figuring out how to go about recording your submissions. For now, we’ll publish the first correct answer, and discuss the answer in brief. Over to Haroon:
Jeremiah Grossman was the first correct answer, with valiant attempts from many others.. Acceptable solutions involved either the use of JavaScript / HTML comments to allow our injection to span multiple lines (or really really small urls :>)
Page 1 of 1