Challenges from the 2015 DFRWS Rodeo, organized by Matthew Geiger.

Notes:

  • Flags are case sensitive
  • Flags do not contain spaces unless otherwise specified
  • Since some challenges were set up on the fly, the original names and description are not available for some challenges
  • While not intentionally malicious, unknown scripts and binaries should be run in a VM for safety
  • Some challenges which required specially configured networked resources and are not available

Crypto - It’s Inside The Picture

Author: Matthew Geiger

Description:

Can you help Derek and Hansel recover the hidden message?

Problem: pictures.zip

Flag SHA256: 4e070a03898bdd81da558b7e226d53a425c85c6aabc558c6d91b6628842c2e5f

Crypto - intro

Author: Matthew Geiger

Description:

SOON CEUP ONAT IMET HERE WASA LITT LEFL AGAN DITS NAME WASI LIKE LOWE RHUR DLES

Flag SHA256: 84364864f0a4057ba9de66c257ff1894b53b5ef5b7cb9f92543819c62ca5aab2

Crypto - Totally Random

Author: Matthew Geiger

Description:

Let’s play a game

Note - this was originally a networked challenge, with a flag-less version of the source code available to help identify the exploitable weakness. To solve this challenge, you will need to run the server and win the game to get the flag, rather than read it from the source.

Problem: random_server.py

Flag SHA256: ca88e45e837941bea2a4b84e82ceaacae61abc8f9e1fd9cf40fb0c50b51bd42e

Crypto - author_author

Author: Matthew Geiger

Description:

The identity of the author of this poem has become suddenly important to you

Problem: thepoem.txt

Flag SHA256: a14a5ed51899713825c2aefcb33872735ac5f27c9a10c9ad41e19702dc714c98

Crypto - Secret Encoding

Author: Matthew Geiger

Description:

We have intercepted a coded message, but what does it mean?

Problem: data.zip

Flag SHA256: e232b7d134c191411f034f7fc253aeabf07c99e86671e53e5f62df78188dc1a7

Crypto - Royale with Cheese

Author: Matthew Geiger

Description:

Can you decode the encrypted message?

Problem: cipher.txt

Flag SHA256: ecc7f27c5da6df240610ef531919e9a0418dab4ad24d2600cff182bcfa4ed270


Program Analysis - Reversing Time

Author: Tim Vidas

Description:

This one shouldn’t take long

Problem: rodeo2015

Flag SHA256: 46758b21efbe43202ebf7ca811d9bebd0bdf00d9c82e68e8569c0a2ab7cd7d05

Program Analysis - Llamas

Author: Matthew Geiger

Description:

Run me

Problem: llamas.ascii

Flag SHA256: 689611f046b85a153fa717a39f314fc3a28740fa8bbcb3f5a13a48aefcd024c3

Program Analysis - Bug Me Not

Author: Modified from CSAW challenge

Description:

This program to show the flag seems broken, can you fix it?

Problem: bugmenot.exe

Flag SHA256: b757a0612c92e141e2894639b59b92507c02c4f5fc650900a947312600ee75b4


Memory Analysis - Memory Only Flag

Author: Matthew Geiger

Description:

The flag is in here somewhere…

Problem: sandra.zip

Flag SHA256: 2c7e8a4638776e3fd9625a74b22272f954a1d531987d8c54ac9c597870bc6c5b


File and Filesystem - JPGG

Author: Matthew Geiger

Description:

Looks like a normal image… but is it?

Problem: kkkk.jpg

Flag SHA256: b69bd1897e9a95f3795130372422354ff927169fe8735de912a819d39e8f9cff

File and Filesystem - So Meta

Author: Matthew Geiger

Description:

Hiding messages in content is so 2014

Note - flag has spaces

Problem: so_meta.7z

Flag SHA256: 210de9db8541543fe099670692b71aa148b24269eead098fa09422c2add947b7

File and Filesystem - Deeper

Author: Matthew Geiger

Description:

You will need to go deeper to find the alternate method of hiding the flag

Problem: disk.zip

Flag SHA256: 097e08b6579c92175bd355ac5e4a5fdfdd8e0e9e06b0a6ba37721d8b702aaac9

File and Filesystem - PDF Surprise

Author: Matthew Geiger

Description:

This PDF has a suprise message for you

Problem: pdf_surprise.pdf

Flag SHA256: 55f0b6f13f7c2233cd9838ce5c73400fa874d389cc8d74701b8dc0920cb9f1cb

File and Filesystem - Transitive Time

Author: Matthew Geiger

Description:

Where will the flag be hidden this time?

Note - flag has spaces

Problem: image.zip

Flag SHA256: 12fa7fef0636f7684209267ca5cb67d0a01809477602dd8bfcbc06879639bba0


Networking - SOS

Author: Matthew Geiger

Description:

Someone is asking for help, but what is the problem?

Note - flag has spaces

Problem: capture.zip

Flag SHA256: 240031ce0d499e6240abb17cce710648cc6a617d9a088920e0dd2d692ce33bb1

Networking - Trinket

Author: Matthew Geiger

Description:

Someone was not careful and left themselves exposed

Problem: trinket.pcap

Flag SHA256: 029e2f33af789a3bb0d0f42ca18a4ff04c84cb6c4ac25b521f06a6f90851bbb5


Trivia - 1

Author: Matthew Geiger

Description:

In x86 Assembly, what does the instruction 0x90 do?

Flag SHA256: 692b4856a5ca2f45e38d56256b64b254865b31069ffe891f4e7876c9075f6b10

Trivia - 2

Author: Matthew Geiger

Description:

Self-referential trivia: In a prior DFRWS rodeo, what animal was Jesse K accused of using performance-enhancing drugs on?

Flag SHA256: 17813251a3e0aeb44ed286efcad1b38d05b03bb36418e10f61cbc9c0e4973565

Trivia - 3

Author: Matthew Geiger

Description:

You can find different estimates, but what does Brian Carrier officially think is the largest size in bytes of data that you would expect to be NFTS resident?

Flag SHA256: ebffb270dad00806ab66098e6a74679b2fb275b088126728081cb84355b870b2

Trivia - 4

Author: Matthew Geiger

Description:

If you can only use open-source parsers from a single producer for file formats as diverse as VMWare virtual disks, Microsoft Outlook databases, Encase EWF files, MSIE Cache files, evt and evtx Microsoft event logs, ESE databases, Windows Registry hives, BitLocker encrypted drives, and Windows Volume Shadow copies, who would that be?

Flag SHA256: 856b9cf650e59db4997d808d090d995bfc287bdf00d1a43ace2a52e418e284c9