Monday, May 31, 2010

Solutions: The Hex Factor v2009 (Level D100)

With permission of the author, Tomasz Miklas -- we shamelessly copy/pasted his original blogpost here below with the solution for the first Out of the Box challenge

---

My favorite category was Out Of The Box category (also known as Pure Leetness), where questions were really 'out of the box' and solving them was the best fun I had for a long time! First 100 points for finding a number 'hidden' in the message was really simple and here's how I did it:

Monday, May 24, 2010

Solutions: The Hex Factor v2009 (Level C100)


C-100 was the first of our reverse engineering challenges and since the main goal of THF09 was to provide everybody a challenge and a taste of what pwnage, reverse engineering, etc. really was, it was kept really simple.

the challenge consisted of a binary (re-100.exe) which was "password protected". If the correct password was entered, a code would be returned that you could use to claim your points on the THF scoreboard.
There were multiple ways to find out what the password was, including the well-known rubber hose technique, but the latter would've get you kicked out of the contest. By far the easiest one was running strings against the binary. The result would look a little something like this :

Aahh, the sweet sense of victory... Now get your behind out of that easy chair and come join us at BruCON (September, Brussels) or SANS London (December, London)

Monday, May 17, 2010

Solutions: The Hex Factor v2009 (Level B100)

Aaah, the agonizing USB device created by Didier...

As a reminder: the device consisted of a LCD display and 3 sensors. These sensors needed to be activated in a specific sequence in order to input a PIN code. When the correct PIN (correct sequence) was used, the device displayed a secret code.

We saw people yell at it, heat it and even rub it in vain. Today we give you the correct activation method for the sensors, as well as the correct order in which to use them.

Sensor 1: Activated by touching it
Sensor 2: Activated by lighting it
Sensor 3: Activated by using a magnet

The correct activation order to display the secret code was: 1 - 2 - 3 - 2 - 1. The secret code displayed was "KRIEK" also known as the Belgian Beer for Pussies

Video:
video

Do you dare to take on The Hex Factor in 2010? Get your tickets now for BruCON (September, Brussels) or at SANS London (December, London)

Monday, May 10, 2010

Solutions: The Hex Factor v2009 (Level A100)

As we are in the progress of designing and implementing the 2010 version of The Hex Factor, I guess it is time to save people from their agony and publish the solutions for the different levels on the 2009 version which was run on BruCON (Sep 09) and SANS London (Dec 09). As a reminder, these were the categories and levels:
  • Once upon a time - History and Culture around hacking with levels A100, A200
  • Pwned - Breaking into systems and applications with levels B100, B200, B300
  • Binary Fu -Reverse engineering with levels C100, C200, C300
  • Out of the Box - Crazy and rand() stuff with levels D100, D200, D300

From now on we will try to post the solutions every few weeks up to the point where v2010 is being released. First off all, here are the solutions for "Once upon a time - History and Culture around hacking A100"

Most of these questions can be found by using online search engines, whenever extra steps are required to solve a given question these are explained below the applicable question.

Question: What is the nickname of security guru RGFtZW9uIEQuIFdlbGNoLUFiZXJuYXRoeQ==?
In order to solve this question a BASE64 decoder should be used to decode the security guru's name. When doing this the following name is decoded: Dameon D. Welch-Abernathy, this name can then be googled resulting in the below answer.
Answer: Phoneboy

Question: What is the name of this device, invented by Mr. Draper?

Answer: Blue Box

Question: In which movie was this hack performed?
Simply by googling "nmap in movies" the answer to the question is provided.

Answer: The Matrix Reloaded

Question: Who hacked a famous media company from a copy center, using an 8-year old computer and a keyboard with 6 keys missing? He’s also known as “the hacker without a home”?
Answer: Adrian Lamo

Question: In what movie plays character ‘David’ Tic-Tac-Toe with a computer?
Answer: Wargames

Question: Decode the following:

Answer: Hackerspace

Question: What is the number of the payphone, located in the lobby of the New York Times building in Manhattan?
There is a website that is holds all the payphone numbers on this site you can search for the payphone of the New York Times building.
http://www.payphone-project.com/
Answer: (212) 221-9508

Question: What’s the name of the candyshop, located at “Digue Gaston Berthe”?
This can be found using google maps streetmap and "walking" the street Digue Gaston Berthe.
Answer: Au Festival des Saveurs

Do you dare to take on The Hex Factor in 2010? Get your tickets now for BruCON (September, Brussels) or at SANS London (December, London)