CSAW HSF 2017 Writeup Megalist

An aggregated list of my CSAW HSF 2017 challenge writeups.

• Herbert

  • exif_exfil

    • 10 points
    • Description: Alright, this is your first real case. An renowned hacker, Herbert Hadimioglu (handle of "Wicked") is suspected of worming through government devices and has been avoiding arrest. He just recently posted a picture of himself. If you can find where he took the picture, we can detain him. Maybe look into how to view Exif data?
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_exif_exfil_10

  • Mount Image

    • 20 points
    • Description: We've detained Herbert. He had a flash drive on him, we've just imaged it for you. How do you mount disk image files to get their contents?
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_MountImage_20

  • File Carve

    • 25 points
    • He was frantically deleting files when we detained him. Maybe you can find a way to recover them from the flash drive? This is the same file as Mount Image, but we have it here for your convenience. MissingPage's pdf is also included in the file.
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_FileCarve_25

  • Places

    • 30 points
    • Description: Why does he have firefox browsing history on the flash drive? How do you get browsing history from firefox history? It's the same fk1onhl4.default.zip as in Mount Image, but we've reuploaded here as well for your convenience.
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_Places_30

  • Missing Page

    • 50 points
    • Description: This was also included in Herbert's drive, maybe we can get more from it? It's the same pdf as in Mount Image, but we've reuploaded for your convenience.
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_MissingPage_50

• OwnForAll

  • Call for Own

    • 20 points
    • Description: This site is another suspicious site you found in his browser history. What is the message on CallForOwn?
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_CallForOwn_20

  • connection.pcap

    • 30 points
    • Description: This site is another suspicious site you found in his browser history. OwnForAll has a dump of some of Herbert's activity, can we use this? We've uploaded it here for your convenience.
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_connection.pcap_30

  • hideandpeek.pcap

    • 35 points
    • Description: This site is another suspicious site you found in his Herbert's browser history. This is OwnForAll's second dump of some of Herbert's activity, can we use this? We've uploaded it here for your convenience. Update: Reuploaded challenge without being broken.
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_hideandpeek.pcap_35

  • Broken Hash

    • 50 points
    • Description: Those are a lot of hashes on the OwnForAll site...
    • Writeups: - DigiBrkr/csaw_hsf_qualifier_2017_BrokenHash_50

  • HotOrCold

    • 50 points
    • Description: This site is another suspicious site you found in his Herbert's browser history. This .class file was dumped in the OwnForAll leaks. What is it doing? We've uploaded it here for your convenience.
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_HotOrCold_50

• Clearsoc

  • Robots

    • 10 points
    • Description: As you found in his browser history, he's visited an interesting site My scraper for the Clearsoc site might've missed something...
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_Robots_10

  • Cookies

    • 20 points
    • Description: As you found in his browser history, he's visited an interesting site. Can you find a way to log in to it?
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_Cookies_20

• Crypto

  • ZFT
    • 50 points
    • Description: What kind of megalomaniac writes a manifesto? What is he even trying to say?
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_ZFT_50

• Filez

  • Roscoe's Wetsuit
    • 50 points
    • Description: Nothing on the internet makes sense. It's all beneath me.
    • Writeups:
      • DigiBrkr/csaw_hsf_qualifier_2017_RoscoesWetsuit_50