Challenges from the 2016 DFRWS Rodeo, organized by Matthew Geiger.

Notes:

  • Flags are case sensitive
  • Flags do not contain spaces unless otherwise specified
  • Since some challenges were set up on the fly, the original names and description are not available for some challenges
  • While not intentionally malicious, unknown scripts and binaries should be run in a VM for safety
  • Some challenges which required specially configured networked resources and are not available

Crypto - Only The Shadow Knows

Author: Matthew Geiger

Description:

All accounts on the system are audited for weak passwords. One of the accounts has failed the last audit because it used a password from a list of 100 most common ones. What is that password?

Note - originally this challenge had an extra networked step

Problem: shadow.zip

Flag SHA256: 203b70b5ae883932161bbd0bded9357e763e63afce98b16230be33f0b94c2cc5

Crypto - Off By One

Author: Matthew Geiger

Description:

You have found this ultra-secret code, encrypted with an algorithm that will reportedly be native in Windows 11. Can you decrypt it?

o_twbs_zwbs_pshkssb_gsqfsh_obr_ghidwr

Flag SHA256: e01d76b7f8b2febd677c0556b4382715fec5c441d0079afca0c39e28211897db

Crypto - The Picture of Security

Author: Matthew Geiger

Description:

Matthew always uses the super-safe RC4 cipher with the same strong key to encrypt all his important secrets. Unfortunately, he lost the key after encrypting an image file that contains the flag.

The attached zip contains two of his encrypted image files. One of them has the flag. The third file is a unencrypted test file he created in the same image format.

Problem: pics.zip

Flag SHA256: 27fc39eac468e2a0d68506723bf6ff7f997570dd15e74978d63a414c31a76843


Forensic Analysis - RussianDoll

Author: Matthew Geiger

Description:

You are strangely convinced the flag is entered into one of the applications in the desktop session.

Note - flag has spaces

Problem: client.7z

Flag SHA256: b0dc7ebf4fe7f2bf21f047699fb46d937ebc2ea34ac0ee03e858c04bf0f10303

Forensic Analysis - WWWhat?

Author: Matthew Geiger

Description:

Simon thinks someone may have tampered with his Wikipedia web application and needs help to determine if his code has been subverted.

If there is some sort of backdoor, can you find its password?

Problem: application.tar.gz

Flag SHA256: 4cdc5115c89c08e04dacfa630094d047ffc06ef175238f9e15040172866fe6fd

Forensic Analysis - Geo Browsing

Author: Matthew Geiger

Description:

We think Kronq was delivered a secret message somehow.

The police investigator pulled a bunch of files he thinks may have Kronq’s browsing history.

Can you use them to find the message?

Note - flag is all uppercase

Problem: browsing.7z

Flag SHA256: 63fe1a331bba12b5d22f224f7f827153996a537859dd667dd9857adcdeb55149


File Analysis - Looks like you dropped something

Author: Matthew Geiger

Description:

This program will disclose the flag, but you have to be really fast.

You may want to try another way.

Problem: oopsy.exe

Flag SHA256: fa91f7d1aa2591f2c26422570a10cb58c5c63382ff1a5945139367232f4770e0

File Analysis - DownTheRabbitHole

Author: Matthew Geiger

Description:

This is going to be easy if you are doing security wrong

Problem: DownTheRabbitHole.rtf

Flag SHA256: fc2a68680fa456f4ed8421c404a00da25d608c92dbc3a4046f536d33527a114e

File Analysis - More of a Visual Learner

Author: Matthew Geiger

Description:

You have found an image that you are pretty certain contains a stegonographic secret – and you also recovered a paper on Stegonographic Diffusion Inpainting from the system. It contains all the information you need to extract the hidden message.

Problem: hidden_secret.png

Flag SHA256: 89d458ff08f77cef4b4f711edc47338398092108eca9e3d35c1c9a8ad7b0a45b

File Analysis - A Lil Mo’ Feelin

Author: Matthew Geiger

Description:

A forensic review suggests that somehow an intruder used just this file to create a persistent presence on a victim Windows system.

Find out what it is and what it does to solve the case.

Problem: flag.bin

Flag SHA256: 19056c146dfc3a162387cac02dac9636e5f35c7f965e840b913049d66babae4c

File Analysis - Serialously

Author: Matthew Geiger

Description:

Download this classic crackme and solve it

Problem: crackme1.exe

Flag SHA256: fb0f1a34c42c363dbdc4451e6752670901e80c0249330ba4e209174f619f1bb7

File Analysis - Chad’s Bad Style

Author: Matthew Geiger

Description:

Chad is a strange one, and his programs usually reflect it. He asks you for help debugging his latest masterpiece.

It looks like it works fine to you, but he insists it’s not working right. He also insists you have to use his interpreter. Sigh. That Chad.

Can you help Chad fix his program?

(Chad’s program is called ohMy.py. And the interpreter is ‘runme’, which is an ELF executable.)

Problem: ws.zip

Flag SHA256: 700f729b575bf7ee141bcfbf5da5e54704d369fe994de73ef3d1c194974eab13


Random - Sweet

Author: Matthew Geiger

Description:

You suspect someone has copied and reused a published image without attribution. You have information that the original was 1.1MB-1.5MB and may have been taken in 2008.

Find the original image, if you can, on the web and then submit the SHA1 hash of the original.

Problem: sweet.jpg

Flag SHA256: 3f43fe60386e42a345abb66e33ea538305578d11f05a80845c07e0ac41fd8306

Random - Pretty Numbers

Author: Matthew Geiger

Description:

Find the hidden flag.

This may be a multi-tool exercise.

Problem: pretty_numbers

Flag SHA256: cf0ad3bd29da0cf753721b84d18e75e3243f43a119eb87bb8b03f8de2a5253d8

Random - World View

Author: Matthew Geiger

Description:

You spin me right round

Problem: worldview.gif

Flag SHA256: 543e533e2990ecf300327a61690d55b3c44adbbba9a0e93c016c904209a3bbff