DEFCON 18 Quals is over and here are the writeups collection from teams, come back for latest updates.

(please inform me if you have write up for c500, pm500)

PURSUITS TRIVIAL

PT100: spiderman movie quote

• http://n.pentest.jp/?p=691 (Japanese)
• http://squidzrus.schleppingsquid.net/DC18-Qual-Walks/Defcon_CTF_Quals_2010_Writeups-PursuitsTrivial-100.html

PT200: VIM shell

• http://bernardodamele.blogspot.com/2010/05/defcon-18-ctf-quals-writeup-pursuit.html
• http://squidzrus.schleppingsquid.net/DC18-Qual-Walks/Defcon_CTF_Quals_2010_Writeups-PursuitsTrivial-200.html
• http://blog.stalkr.net/2010/05/defcon-18-ctf-quals-writeup-trivial-200.html

PT300: social networking

• http://squidzrus.schleppingsquid.net/DC18-Qual-Walks/Defcon_CTF_Quals_2010_Writeups-PursuitsTrivial-300.html

PT400: java game

• http://cvk.posterous.com/defcon-18-quals-pt400-walkthrough
• http://www.nth-dimension.org.uk/blog.php?id=85
• Defcon CTF Pursuits Trivial 400 server source and images
• pwning trivia 400 at defcon 18 quals (video)

PT500: audio remix

• http://scott.wolchok.org/t500.html

CRYPTO BADNESS

C100: alphabet cipher (Dvorak keyboard)

• http://www.nth-dimension.org.uk/blog.php?id=83
• http://forensic-proof.com/85 (Korean)
• http://squidzrus.schleppingsquid.net/DC18-Qual-Walks/Defcon_CTF_Quals_2010_Writeups-CryptoBadass-100.html
• http://n.pentest.jp/?p=728

C200: Enigma cipher

• http://forensic-proof.com/84 (Korean)

C300:

• http://n.pentest.jp/?p=713 (Japanese)
• http://forensic-proof.com/86 (Korean)

C400: RSA 768 bits crack

• http://www.segmentationfault.fr/ctf/resume-dc18-ctf-quals/ (French)
• http://barok.foi.hr/~tkisason/

C500:

• n/a

PACKET MADNESS

PM100: yEnc madness (too hard for 100pts)

• http://ddtek.biz/mkyyank.pl (script written by ddtek’s m3rc to generate the PM100 challenge)
• http://stalkr.net/files/defcon/2010/quals/packet100/writeup.txt

PM200: EBCDIC shell

• http://scott.wolchok.org/ctf2010/pkt200.html
• http://bernardodamele.blogspot.com/2010/05/defcon-18-ctf-quals-writeup-packet.html
• http://squidzrus.schleppingsquid.net/DC18-Qual-Walks/Defcon_CTF_Quals_2010_Writeups-Packet%20Madness-200.html
• http://www.segmentationfault.fr/ctf/resume-dc18-ctf-quals/ (French)
• http://blog.stalkr.net/2010/05/defcon-18-ctf-quals-writeup-packet-200.html

PM300:

• http://nibbles.tuxfamily.org/?p=1389 (French)

PM400:

• http://lollersk8ers.fatihkilic.de/2010/05/defcon-18-ctf-writeup-packet-madness.html

PM500:

• n/a

BINARY L33TNESS

B100: Linux x86 crackme

• http://ezbeat.tistory.com/234 (Korean)
• http://ddoogg.nayana.com/test/hahah/b100.txt
• http://n.pentest.jp/?p=719

B200: Haiku OS crackme

• http://solution-36.blogspot.com/2010/05/defcon-quals-binary-200-writeup.html
• http://n.pentest.jp/?p=734
• http://smokedchicken.org/2010/05/dc18-bin200-bin300.html (Russian)

B300: Linux x64 crackme

• http://scott.wolchok.org/ctf2010/b300.html (team n0tl33t)
• pwning binary 300 at defcon 18 quals (video)
• http://smokedchicken.org/2010/05/dc18-bin200-bin300.html (Russian)

B400: Linux x86 binary with embedded lightweight Java Virtual Machine (base on j2me_cldc reference code from Sun)

• http://blog.zynamics.com/2010/06/02/defcon-ctf-bin400-writeup/
• http://blog.oxff.net/2010/6/16/Defcon_CTF_%2318_Prequals%3A_bin400.html

B500: Solaris SPARC 9 x64 (find the DES key)

• http://lollersk8ers.fatihkilic.de/2010/05/defcon-18-ctf-writeup-binary-l33tness.html (so smart!)
• http://smokedchicken.org/2010/05/dc18-bin500.html (Russian)

PWTENT PWNABLES

PP100: FreeBSD BOF exploit with stack cookie based on time

(wasted of time due to wrong server timezone!)

• http://209.250.241.67/defcon/pp100.html
• http://coma.0x3f.net/ctf/defcon-quals-pp100-writeup/

PP200: python shell

• http://scott.wolchok.org/ctf2010/pp200.html
• pwning pwnable 200 at defcon 18 quals (video)
• http://bernardodamele.blogspot.com/2010/05/defcon-18-ctf-quals-writeup-pwtent.html
• http://www.rajatswarup.com/blog/2010/05/25/pwtent-pwnable-200-writeup-ctf-quals-2010/

PP300: FreeBSD exploit – heap overflow

• http://securityblackswan.blogspot.com/2010/05/lets-solve-this-challenge.html
• http://www.vxhell.org/~teach/defcon18/pwnables/pp300-writeup.txt

PP400: Mach-O PPC binary exploit (err .. it’s the same binary as last year pp400 challenge)

• Write up for pp400 by VedaGodz last year (they pulled out during the quals)
• http://adamrosenfield.com/blog/2010/05/26/ill-take-pwtent-pwnables-for-400-please-alex/

PP500: FreeBSD exploit recover from a packet dump

(err .. binary & key were leaked from PP200 shell to some teams)

• http://sploitlab.wordpress.com/2010/05/26/pwtent-pwnables-500-solution/ (unsolved)
• http://beist.org/esd2 (this is the binary lolz team taken from pwn200. after ddtek aware of this problem, they modified the code a bit)
• http://www.vnsecurity.net/2010/05/defcon-18-quals-pwtent-pwnables-500-exploit/ (exploit for esd2)
• http://www.vnsecurity.net/2010/05/defcon-18-quals-pwtent-pwnables-500-write-up/

FORENSICS

F100: hidden key in NTFS filesystem

• http://scott.wolchok.org/ctf2010/f100.html
• http://forensic-proof.com/87
• http://squidzrus.schleppingsquid.net/DC18-Qual-Walks/Defcon_CTF_Quals_2010_Writeups-Forensics-100.html
• http://n.pentest.jp/?p=739
• http://blog.stalkr.net/2010/05/defcon-18-ctf-quals-writeup-forensics.html

F200: PNG images analysis

• convert * -layers merge IMG_merged.png (one line solution)
• http://www.nth-dimension.org.uk/blog.php?id=84
• http://squidzrus.schleppingsquid.net/DC18-Qual-Walks/Defcon_CTF_Quals_2010_Writeups-Forensics-200.html
• http://www.bryceboe.com/2010/05/25/defcon-18-quals-forensics-200-write-up/

F300:

• http://forensic-proof.com/89 (Korean) – unsolved
• http://vserv3234.swisslink.ch/f300_writeup.txt (team Routards)

F400: Live OS image

• http://scott.wolchok.org/ctf2010/f400.html
• http://forensic-proof.com/92 (Korean)

F500:RAID image carving

• http://scott.wolchok.org/ctf2010/f500.html (team n0tl33t)
• http://forensic-proof.com/93 (Korean)

Misc Links

• Defcon CTF Quals 2010 binaries