John Pierce

. CISSP, SLAE, Security+

Takeaways from PANW CTF 2016 Labyrenth

The main lesson I learned is that if you run into a wall, stop and look for another way.  

The second lesson:  Like in Zen and the Art of Motorcycle Maintenance, start with the simplest answer first.  In all 4 of the cases belw, it worked when I stepped back to doing something simple rather than trying to solve some ultra-complex obfuscation of logic.  In the examples, I took my own advice once, and it worked out great.  Three times I wasted a bunch of time because I got caught up in the complexity and the noise.

 

Time saved based on the above:

I solved Unix level 3 in just a few minutes by glancing at the code in IDA and recognizing that it was all noise.  I stepped back and reviewed what "strings" revealed, researched the code mentioned in that and had a strategy to work.

 

Time wasted failing to heed the above:

I spent hours on threat level 1 trying permutations of xor, using parts of the .php name and such to no avail.  When I finally dealt with all the noise in the simplest data, just a base64 decode, the answer was clear.  I decoded all the lines into a text file, opened it up in sublime, deleted all the 317 occurrences and the key appeared.

I spent hours on Unix level 4 trying to guess a password to either the stego or the zip file.  I didn't even think of the simplest case of no password.  There were what appeared to be clues, but all the permutations of interpretation I could come up with failed, but I persisted, eventually costing me the time I could have used solving level 7.  When I finally took a step back and thought about it, the path was clear and in just a few minutes I was reversing a Mach-O file rather than trying to brute force a password.

I failed level 7 for a couple of reasons, but one in particular messed me up:  I couldn't get the program to branch to where I wanted.  I should have realized that since I believed I understood the conditions to get there, and since I didn't believe those conditions were achievable, I should have looked elsewhere.  After the competition, I stepped back and just played with the strings I had in a way that I expected to work, and it did.

Most Recent Articles

First bit::

This is a writeup of the format string vulnerability in level 4 of the 64bitprimer VM from vulnhu

First bit::

Installation of the software to make a yubikey 4 work in FIDO U2F mode on Debian Jessie i386

First bit::

Lesson(s) learned

First bit::

This one stumped me. Overall, it was a great competition for me as I got to learn a whole lot of new things. I had never worked on a Mac, other than as a user, had never used Hopper, lldb or any of the other tools for reversing on a Mac, and haven't got any experience in the Objective C/Swift framework.

First bit::

4 rounds, lots of debugging

Videos

Categories: Network security, Videos
First bit::

Explains the workings of a DMZ, walks through setting up and testing of a DMZ in a virtual machine lab environment

Categories: Network security, Videos
First bit::

In this video I go through the process of setting up an SSH tunnel to hide an IP and also setting

Categories: Exploits, Videos
First bit::

Useful for someone who is interested in what a buffer overflow is. Does not go into the details of development, just explains generally and demonstrates the use of one.

Categories: Exploits, Videos
First bit::

a demonstration of a vulnerability discovered and published by Muts in 2004, exploited on a Windows XP SP3 machine using Python, Immunity Debugger, and Metasploit.

Categories: Network security, Videos
First bit::

In this video I demo some simple iptables rules and show them how to perform network traffic analysis to test them out.