Description: Tokens was a python exploitation challenge during the 2016 Pwn2Win CTF competition held from 25-27 March. When solved the team was awarded 50 points. This challenge focused on being able to identify exploitable python code which would allow the competitor to take advantage of the running service. This challenge explored the vulnerability of misusing the python eval() method.

Description: Crypto5 is a 500 point challenge that was presented during HackIM in Jan 2016. The challenge presents a file that is encrypted with a RSA-Private key. Fortunately, we are provided a group of 49 public keys and one of them is the corresponding key for the private key …

Description: Smartcat was one of the cheapest point challenges available during the Insomnihack Teaser in January 2016. When solving the challenge the team is awarded 50 points. The challenge focused on being able to identify code injection opportunities and required the challenger to know linux bash tricks. read more

The last part of the SANS 2015 Holiday Hack requires to you analyze everything found so far. All the pcaps recovered, any images, and any correlated information. It’s useful to utilize wireshark and ImageMagick. Last, describe the process used to during discovery and attribution. read more

Description: The fourth part of the holiday hack can be completed without returning to the Dosis neighborhood, but I can get substantial hints if I do. This challenge is broken up into 5 parts to cover the vulnerability for each SuperGnome, the exploit used, and recovering the neccessary files. read more

The second part of the holiday hack required you to return to the Dosis neighborhood again, find Tom H, and find/confirm each SuperGnome IP address with Tom H. For this challenge you will need to create a shodan account. read more

Description: The second part of the holiday hack required you to return to the Dosis neighborhood, find Jessica, and unwrap the secrets of the Gnome’s firmware. For this challenge you will need to download the firmware-mod-kit (FMK) so that you can analyze the firmware. read more