You probably saw on many ‘hackers movies’ weird IP address such a 312.5.125.833. On this challenge, you had to connect on a fake IBM mainframe running on this strange IP stack. After the Z/OS banner, you had to get a shell with “L IMS3270”. No guessing here, it’s simply one of the three suggestions. On the READY prompt, you had a bunch of crappy commands extracted from the Swordfish movie. Only FLAG, IFCONFIG worked. FLAG expects an IP address as parameter. Since this mainframe runs on a non-standard IP stack, you can’t simply enter your IPv4 address. So you have to get a look at the IFCONFIG output:
Continue reading Insomni’hack finals – Hollywood network writeupInsomni’hack finals – SH1TTY writeup
This challenge wasn’t solved during the CTF, but StratumAuhuur was pretty close!
The source, binary and exploit for this challenge can be found on our github here.
Insomni’hack finals – Jurassic Sparc writeup
This task wasn’t solved during the CTF. People must hate sparc!
Find the binary, sources and exploit here!
Continue reading Insomni’hack finals – Jurassic Sparc writeupInsomni’hack finals – smtpwn writeup
This challenge was solved by several teams during the contest, however it seems that most teams didn’t have the intended solution, so here it is 😉
The source, binary and exploit for this challenge can be found on our github here!
smtpwn was a very simple local SMTP service. Basically you write a message to its stdin
, and it’ll write a file to /tmp/
with the following content:
Insomni’hack finals – CTF results
Here is the final scoreboard for Insomni’hack 2015!
Congratz to Dragon Sector for winning again this year!
Insomni’hack : teaser
Insomni’hack 2015 will take place the 19&20th March 2015 at Palexpo.
The teaser registration is now open!
You can go to https://teaser.insomnihack.ch/ and register your team!
Please follow the official web site for more details : http://insomnihack.ch
HFGL 🙂
Insomni’App, le CTF de l’AppSec 2014
Pour son édition 2014, l’Application Security Forum en partenariat avec Insomni’hack propose un CTF (Jeopardy-style) d’une durée de 2 heures qui se déroulera le 5 novembre entre 17 et 19h.
Continue reading Insomni’App, le CTF de l’AppSec 2014The “Bourne” Ultimatum *
Cet article a pour but de résumer brièvement les informations utiles sur la faille ShellShock. Il n’a toutefois pas pour objectif d’être exhaustif (les informations varient encore en fonction des sources et l’état de correction de cette faille, ainsi que des celles qui en découlent n’est pas forcément encore très clair).
Continue reading The “Bourne” Ultimatum *Defcon 2014
Ah, Las Vegas…
Comme chaque année, une délégation de SCRT s’est rendue dans la capitale du jeu pour participer à la conférence Defcon. Cette année toutefois, sept ingénieurs ont pris part à cette expédition :
- Une personne pour assister aux conférences
- Une personne pour participer en tant que conférencier (et au CTF)
- Le reste de l’équipe (6 personnes) pour participer au Capture The Flag
Après un week-end plutôt intense, voici un petit aperçu du CTF tel que nous l’avons vécu.
Continue reading Defcon 2014Metasploit psexec resurrect
What a joy !
I just received tonight this nice email from github :
Meatballs1 merged commit
1a3b319
into from
My 2 years old pull request to metasploit was just accepted !
Continue reading Metasploit psexec resurrect