Enclosed is my writeup for the 2019 OTW Advent CTF (https://advent2019.overthewire.org). This year I played under the team name Speculatores. There was a pretty nice selection of problems this year. While I was stymied by a couple different challenges, I felt like I made progress or solved each of the problems presented.
The site has been archived now. For the results, see the scoreboard on ctftime. Points allocated were dynamic this year, so their value depended on how many total solves there were in the competition. Personally, I prefer this method - mostly because sometimes problem creators don't quite assess the difficulty of each problem ahead of time (harder or easier).
- Santaty Flag - SOLVED: Was in the Discord channel topic
AOTW{Testing123}
- Challenge Zero - re, crypto - SOLVED: steg in ASCII art, then x86 disassembly - AES decryption recover the flag
- Easter Egg 1 - fun - SOLVED*: Navigate from
/robots.txt~
- Day 1 - 7110 - keylogger, programming - SOLVED: keypresses for 7110 (mobile phone) keypad
- Day 2 - Summer ADVENTure - crypto, rev, network, misc - SOLVED: Man-in-the-middle with a two-time pad, protobuf structure parsing, and finding logic errors
- Day 3 - Northpole Airwaves - forensics, gnuradio - SOLVED*: Three signals - two tones and one RDS - which decode to text in different ways
- Day 4 - mooo - web - SOLVED: Perl command injection
- Easter Egg 2 - fun - SOLVED:
X-EasterEgg2
header on several pages - Day 5 - Sudo Sudoku - misc, sudoku - SOLVED: Solve a Sudoku puzzle with additional constraints
- Day 6 - Genetic Mutation - pwn, misc - SOLVED: Binary modification - making the stack writable and adding a jump assembly instruction to shellcode
- Day 7 - Naughty or Nice V2 - pwn, crypto - SOLVED: RSA decryption and padding match with a shellcode ciphertext
- Day 8 - Unmanaged - pwn, dotnet - SOLVED*: Unmanaged .NET code structure overwrite on the heap
- Day 9 - GrinchNet - re, crypto - SOLVED: AVR disassembly, video blinks demodulated to a signal, and RC4 decryption
- Easter Egg 3 - fun - SOLVED*: Aztec code inside a QR code in an image on Twitter
- Day 10 - ChristmaSSE KeyGen - rev, math - SOLVED: Packed DWORD disassembly with matrix multiplication
- Day 11 - Heap Playground - pwn, heap - SOLVED: Bit operation error with a heap exploitation technique against glibc 2.27
- Day 12 - Naughty List - web - SOLVED*: Encryption and decryption oracles with a TOCTOU transfer bug
- Day 13 - Cookie Codebook team Brain/Brawn - fun: fun challenge, see the link
- Day 14 - tiny runes - game, reversing, asset files - SOLVED: Custom file format with an embedded lookup table
- Day 15 - Self-Replicating Toy - rev - SOLVED: Write a custom assembly sequence which outputs itself
- Day 16 - Musical Stegano - steganography - SOLVED: Flag embedded as off-by-one musical notes
- Day 17 - Snowflake Idle - web, crypto - SOLVED*: Hidden endpoint with a fixed key encryption
- Day 18 - Impressive Sudoku - pwn, math - SOLVED: Arbitrary write primitive to set a GOT address and solving math equation constraints
- Day 19 - Santa's Signature - crypto - SOLVED: Broken RSA signature scheme
- Day 20 - Our Hearts, Strike a pose - fun: fun challenge, see the link
- Days 21-22 - Battle of the Galaxies - battle - PLAYED: Competitive AIvAI matchups using a structured game
- Day 22 - Survey - misc: End of CTF survey (overlapping with "Battle" day) which awarded a flag
- Day 23 - Gr8 Escape - pwn - SOLVED: Statically compiled "game" program which overwrote a function pointer, leading to a stack overwrite/leak which gave a shell with ROP
- Day 24 - Got shell? - web, linux - SOLVED: Linux pipe and command-line fu to solve a "captcha"
- Day 25 - Lost in Maze - misc, pwned! - SOLVED: Maze solver in ASCII art
SOLVED* are written up, but as the writeup describes I only completed these with help after the competition was over.
Hard as Nails problems were: "Summer ADVENTure", "Unmanaged", "Self-Replicating Toy"
Rookie problems were: "7110", "mooo", "Sudo Sudoku"