GPN14: Espionage – The Hard Way

This year, the GPN included a CTF organized by squareroots. This post is about the service Espionage including an alternative solution. The Service We had a telnet decryption service and a screenshot indicating we would have to deal with RSA. The screenshot also included an encrypted version of a flag.txt, 31319528277563551791166984607206341790, so this was our […]

screen2_photo_f6a648b0ec327f34ee0d4e31afe7cc29

Python 3: Write to stdout in binary mode

Python scripts are often used to generate payloads for attacks, e.g. buffer overflows. Also, it is useful to send the payload to stdout, so that it can be redirected to the target process or, for different kinds of attacks, saved to a file. However, since Python 3 all strings (type str) are encoded in Unicode […]


Parallelization of Exploitation

Crosspost from Rants, Ideas, Stuff. 90% of the time I write my (or other people’s) exploits in Python. I try to structure my code in small easy to read methods. Like every developer does ;) Every exploit has at least one method which is called in a __name__ == ‘__main__’ block, so it can be imported from […]


iCTF 2013: uranus 2

Due to the code listings and some blah, this write-up is quite lengthy. Prepare some coffee first. Deobfuscation The uranus service from iCTF 2013 (code) is a node.js service written by @kapravel which has to be deobfuscated. Using jsbeautifier.org we get a better look on the code: For more PITA, the authors used ternaries for […]


Incoming CTF at Hack.LU2012

We will take part at this year’s Hack.LU CTF held again by the guys from FluxFingers. The CTF is challenge-based, requires no VPN, and there are also some nice prices to win! Hope to see you online at October 23–25!


We’re online

Welcome to wizardsofdos.de. Prepare to be flooded with information (soon)!