I EDICIÓN CTF FWHIBBIT – WRITE UPs

En esta página iremos recopilando todos los write ups realizados por los participantes de la primera edición del Capture The Flag FWHIBBIT.

RANKING

1 e0d1n – 8120
2 tzaoh – 7260
3 H4ms1k – 6970
4 tunelko – 6875
5 KALRONG – 6730
6 Josi – 6625
7 d14m0nt – 5120
8 Shellwarpa – 4970
9 east wizard – 4760
10 dialluvioso_w0pr – 4700
11 Gibdeon – 4475
12 h4ng3r – 4430
13 pelutxito – 4410
14 Nox – 3970
15 Cyrivs89 – 2865
16 G4ngli0s – 2860
17 ManoelT – 2810
18 PJ – 2775
19 maxim_o – 2615
20 Darkbreal – 2435
21 riesc0 – 2375
22 jdangosto – 2175
23 Penkali – 2045
24 ImanolBarba – 1970
25 roskyfrosky – 1905

 

* Nota: Algunos retos ya no están disponibles online pero podéis encontrar el código fuente y todo lo necesario para montarlos en I-CTF-FWHIBBIT Source Code

 

ESTEGANOGRAFÍA

Ones and Zeroes – 100 – Nigeria
Attachment: https://mega.nz/#!ApEzQC5C!43uNu_7_IVijvU-9ash0dkpTq9SS5gCsd1UTVTkkTKA
Description: The Dark Army told me that Stage 2 is ready. When you see it, you’ll be pleased. It worked,
Elliot…do not forget to hide all the information in those stupid CDs!!!
It’s up to us now. Let me show you.
Roskyfrosky

Binary – 120 – Egypt
Attachment: https://mega.nz/#!l51QDYob!ab_9YzSIXRARKUsbH8qLlRXZvr6cFNK4EFMfP_Rxr3M
Description: Hey!! It seems that our allies want to transmit some kind of message, but we can’t find which
is the real message. Help us!!

Flag Inside – 125 – France
Attachment: https://mega.nz/#!th8EAYzZ!S8DM-gg2SAa8rrOnQ1_vHyZlY3x0r9tFzlLTevGUA8w
Description: I’m sure this file hides something … but I do not know exactly what. Can you help me?
Roskyfrosky

Fat Rabbit – 150 – United Kingdom
Attachment: https://mega.nz/#!IlN2BLRa!zigY9gRGzZ_Muvo1ZyC0yofLVUi4azVfvwPkRStMyd0
Description: One of our rabbits has eaten more than necessary and now it’s about to explode.
We need to know what the rabbit has eaten, could you help us? It might be a flag, for sure!
Kalrong

Stego Cipher – 230 – Germany
Attachment: https://mega.nz/#!R8d1ULqK!8MKhlD1Cde9CvsFWnGOVVrJ1WE6K66V4KM4daJ1NnWU
Description: Our spies found this image. They think something is ciphered in it… what could it be?
Also, they could steal a suspicious script, we are not sure but maybe it was used for ciphering some
message. The future of our team depends on you!
East Wizard

Mad Rabbit – 450 – Greenland
Attachment: https://mega.nz/#!Ah9SiYxS!8KWuCMZ-F24J_rINPedkie63vqlAfW0uFTeiO-Y7dZo
Description: Our spies are trying to intercept enemy communication, but they could only get this strange
file…it’s a funny video! We tried to get some usefull information but we haven’t found anything suspicious.
Kalrong

 

HACKING WEB

R4bb1t Gl1tch – 150 – Spain
http://web3.ctf.followthewhiterabbit.es:8003/
Description: Glitchs are very annoying, we hate them. Maybe the user stays with you 😉
Kalrong
Penkali

Hate – 200 – Madagascar
http://web5.ctf.followthewhiterabbit.es/
Description: There is a phisher who pretends to be us, can you help us to pwn him?
Roskyfrosky

May the Troll be with you – 300 – Russia
http://web1.ctf.followthewhiterabbit.es:8001/
Description: An army of hackers has stolen the flag from our rabbits.
Security experts have failed to capture the flag and some have even gone mad.
Please…GIMME THE FLAG!!
Kalrong

VIP Area – 350 – Canada
http://web2.ctf.followthewhiterabbit.es:8002
Description: Restricted area only for elite rabbits. Do you want to be part of this group? Then GO AHEAD!
Penkali

Wash your Money – 500 – China
http://web4.ctf.followthewhiterabbit.es:8004
Description: Bitch better wash your money, bitch better wash your money!!
Use this service to regularize your dark bills without getting mad.

Impossible is nothing – 500 – Indonesia
http://web6.ctf.followthewhiterabbit.es:8006
Description: One of our rabbits has lost the keys of his server to access his flag. He is crying desperately
as he only remembers that the flag was in the path: «/tmp/flag.php» but he dont know how to get there.
Our friend BugsBunny was performing reconnaissance tasks when suddently found a web that could help
you, please bring me back his flag.
PatatasFritas
DaniLabs

 

FORENSE

Rabbit Traffic – 150 – United States
https://mega.nz/#!40tXFBwB!uB4OR7xRhbJ_2YmJN_dCxK81oCPUq2Wwam0NxcfOoYQ
Description: Our research center has evolved during this last time. However, they are having some
problems while intercepting communications…
Help our investigators to decode the following transmission.
Kalrong
G4ngli0s

Rising Research – 200 – Thailand
https://mega.nz/#!I5kRCJqA!xSaCEtbljgBpOE8q6C3OmhK_Yyxe62BdiNwBBaKEM7o
Description: An infiltrated russian spy has sent us a file that indicates the name of a Doctor of great
relevance in the advanced projects on Artificial Intelligence (IA).
According to an intelligence report, we should omit the place where the information leak occurred: the
Massachusetts Institute of Technology.
G4ngli0s

Signal – 200 – Poland
https://mega.nz/#!w5FlGaga!ACHc_H6UseIAKzUKYkg_UPggu1xxvrdOQA1_IaI-8gM
Description: Allows application to write to SMS messages stored on your phone or SIM card. Malicious
applications may delete your messages.

Amnesia – 200 – Chile
https://mega.nz/#!hh0RFKaI!nGKDQXItaLQiZnw_WygT3-ga7alXUKkisl2wC8uej6s
Description: Our favorite rabbit has lost its pendrive, inside, you can find sensitive information that should
not be discovered by the queen. He doesn’t remember the password of the file or where the information
was hidden! Can you help him?
Roskyfrosky

 

CRIPTOGRAFÍA

In your eyes – 150 – Sudan
https://mega.nz/#!eo8VhKbI!bT8lW95_sDuxJBs3uCw9nZxnXtJNgvJ74oJn8utkblA
Description: Our little rabbit has a problem. Do you know what is going on?
Try to understand what he is trying to tell us and write it down in the correct format. Remember,
fwhibbit{FLAG}.
Penkali
Juan

The burrow needs you – 175 – Australia
Description: The new cryptographic algorithm? Can you help us?
xoCnrQoFNCiIvQImryKTIpLRTsYLSFTEfmWrvdYbJEsPxNWlxygTmHtufmysnGDtTCemYVgGlocDLgObv
xeIRQRbvUwPuJoGPJYgjFCCfetUGEqYVcYpBJkpJHKYDUphbWWodHgerNcWxLWsFyleEoqyLFoqlQKJ
tjMGhsPFXejIiqUGrGOyFjKLNOIUtyrwHeKXOMlRhdOclVQMjIsKfdUMBYgqiWVg==
Roskyfrosky

All hail king Ragnar – 250 – Norway
https://mega.nz/#!D0c0lAQI!Otj8uEcGg3OJNxPWIEmCSy3zKet5R3X_woScJmbNF_4
Description: What will his next move be.
Ragnar knows the passphrase. It’s one of his sons.
Find his next move and write it in the correct format: fwhibbit{flag}
Juan

AMOY – 375 – Ethiopia
https://mega.nz/#!9t9lwRiS!HV7NswgH40KJyLRK3vB6NxgaNoTs7JuceZIlvUTyM1c
Description: Oh god! You’ve ordered chinese food? I love chinese food! 😀
Juan

 

REVERSING

Reversing ‘like’ a boss – 100 – Romania
https://mega.nz/#!vpgFgJYB!wYwVOMhSEbVoXpeRBm4qnpLGzmQBD5VPV7fU7gPvXJE
Description: We have this file, but we aren’t able to extract the secret info inside, can you help us? The
world’s future is in your hands!
Roskyfrosky

Mayday Mayday – 150 – South Africa
https://mega.nz/#!HpYxUIIZ!TjDhMDCvazuay1Cats4zObHuRmixGhVa7Sy0-5hnLTg
Description: Hi aspirant, we lost all our carrots, for this reason we need your skills so please… try to steal
the private bank of carrots for us.
The time begins…NOW!
Roskyfrosky
G4ngli0s
DaniLabs

How Many Rabbits – 200 – Morroco
https://mega.nz/#!N4dDVSYY!mcH-FyRD9cwCuL8i3OFy_1zrA55djoLk9s2Qd7-hPuo
Description: We need the information in this binary password protected…can you help us?
Kalrong
G4ngli0s
DaniLabs

FixMe – 200 – Libya
https://mega.nz/#!IgFVlRCY!A2dRVyCvKM8ltXatNIDRZarkhOa23o_ie7XL0jVZDGU
Description: I hate our research team, everytime they touch something, they break it…Rabbits don’t know
what they did with this binary but it’s not working! Try to fix it..!

Crazy Serial – 350 – Congo – Kinshasa
https://mega.nz/#!QpFSVYqI!85ekG2b5MwHW8BXxGvcUrkg_Liluz2M27c8xCeo4ZaA
Description: Serial serial serials, I have nightmares with serials!!!
Dear soldier, we need you to find the crazy serial for the rabbit team, the future of the team depends on
you…GO GO GO!
G4ngli0s
Nox

Reverse me LOL – 400 – Algeria
https://mega.nz/#!1wVFxCxY!8BMYYy9hxaWTSFtk7XtQyywbvA1qaJcmU1S8u6A5M7w
Description: A challenge only suitable for experts where the great magical carrot is the only one that can
give you the flag.
e0d1n

Bomb – 500 – Kazakhstan
https://mega.nz/#!1tsFgIAR!JhnKO62d5jAcGvXM4pYsxbF5mMEyNz07UggP_e8lAEM
Description: An evil rabbit has installed a nuclear bomb in the building and only a competitor like you, can
defuse it and avoid its self-destruction.
Be patient but please.. DEFUSE THE BOMB!
G4ngli0s
e0d1n

 

EXPLOITING

Red Pill – 150 – India
https://mega.nz/#!NlMlkB6I!ypUjeh2I27f9U5cTu1r_XJBROOV-BQJriRvXeKn_xuk
Description: Deciding between the blue pill or the red pill is a tricky decision.
But now…we already make a choice.
Try to give the red pill to the rabbits.
e0d1n
G4ngli0s
DaniLabs

Find the Carrots – 300 – Mexico
https://mega.nz/#!twM1nYCA!qXDWql7ER6gLYj6eaT7iG-12sFdH3ozePk0VDl_xLwk
Description: We all know that rabbits’ favorite food is carrots.
Help the rabbits to eat their favorite food today and be careful with the birds…good luck!
e0d1n
G4ngli0s

Scada 1 – 400 – Iran
Description: We don’t remember password, and «remember password» functionality is disabled, so the
only solution is…PWN PWN PWN!
[mirror1] nc pwn.ctf.followthewhiterabbit.es 9001
[mirror2] nc pwn.ctf.followthewhiterabbit.es 9002
e0d1n

Scada 2 – 450 – Mongolia
https://mega.nz/#!F58ERbjJ!c_iOtfSpsnsp4FKpGBi24Gs1ErJmDvs-IWuojAPadko
Description: NOTE: Before starting, it’s important to know that this challenge can not be solved unless
you have previously solved Scada 1 (Iran).
Now you’ve got credentials from Scada 1 (Iran) it’s time to run commands…PWN PWN PWN!!!
In order to test the binary, you can download debug version with user:TEST, pass:TEST to try in your local
machine.
You will also need:
[mirror1] nc pwn.ctf.followthewhiterabbit.es 9004
[mirror2] nc pwn.ctf.followthewhiterabbit.es 9005
Manuel

 

DEV

Magic QR – 250 – Ukraine
http://dev1.ctf.followthewhiterabbit.es:8008/
Description: The rabbit boss of the enemy burrow has sent a QR-encrypted message.
Decode it and get a hash in SHA1, introduce it before the rabbit eats the carrot and you will get your
precious flags
e0d1n
Kalrong
bernatixer

Hash it – 450 – Arabia Saudi
http://dev3.ctf.followthewhiterabbit.es:8008/
Description: This time we have intercepted the list of passwords and the salt used by our rabbit. Help us
to decipher these hashes before the rabbit eats the carrot and you will be rewarded with a precious and
juicy flag.
e0d1n
Kalrong

The Maze – 500 – Argentina
http://dev2.ctf.followthewhiterabbit.es:8008/
Description: Rabbits are afraid of Mazes.
This time our rabbit is lost and he is looking for his carrot, so you must help him.
In order to scape from the maze you must submit the whole string of movements the rabbit needs to make
to reach his goal. Good Luck!
e0d1n
Kalrong

 

MISCELLANEOUS

Information Leakage – 75 – Tanzania
Description: Our experts claim that we have suffered an important information leak thanks to our domain:
flag.followthewhiterabbit.es
Can you check if this is true?
Kalrong
Roskyfrosky

Expect us! – 80 – Niger
Description: This is a simple task, if you want to get the points:
1º Follow us on twitter: @fwhibbit_blog
2º Post a tweet mentioning @fwhibbit_blog and attaching an original photo of your workstation, a rabbit
picture or whatever you want, just be original! Dont forget to include the hashtag #CTF_Fwhibbit and your
CTF username.
3º We will send you the flag by direct message (DM).

TORxicity – 300 – Colombia
http://rabbit3yfa6dcgka.onion
Description: We recently found that a group of people are selling female rabbit extract. You need to find
their real server, and deanonimize them!
Kalrong
Roskyfrosky

New Gold – 350 – Brazil
https://mega.nz/#!0112RSqB!G4mDijp-vMQSaVcjr-lTP7KQgSqYEKcUqKcsCyZJ2Bk
Description: We lead a life of luxury and waste, but there are some rabbits trying to hide information in
their brand new gold, and that’s unnaceptable!
Find out what’s going on.
East Wizard