Display board in my Town !!!

Once upon a time, in Lyon :

Write-up Burrito2 - CSAW VIII

During the CSAW VIII qualification round, I’ve managed to solve some challenges, one of these was called « Burrito2 ».

This chall consisted in examining a core dump file named « core.burritos » in order to find the flag which is required to score.

The first thing that I’ve done was to check the strings contained in the core dump file.

strings core.burritos

If we check carefully the different strings, we can localize these interesting lines:

[Gmail]/Draftsy1 x* 1 FETCH (UID 6 BODY[] {1071}
MIME-Version: 1.0
Received: by 10.42.241.10 with HTTP; Sun, 28 Aug 2011 18:22:41 -0700 (PDT)
To: shrlchn99@evil-inc.burritos
Date: Sun, 28 Aug 2011 19:22:41 -0600
Message-ID: <caetwm9zgpawaruw34_jy=ldp3wptuu68ucqubevswu-9okvuxa@mail.gmail.com> 
Subject: Evil Burritos
From: Kim Jung <kmjng6@gmail.com>
Content-Type: multipart/alternative; boundary=20cf30363ae736dd1204ab9abb2f

--20cf30363ae736dd1204ab9abb2f
Content-Type: text/plain; charset=UTF-8

Shirly, I changed the name of the burrito making machine to KILLTHEPLANET. 
If you want to change it back fell-free, just log in and type: 
change-burrito-machine-name, if you forgot the password let me know.

LONG LIVE THE EVIL BURRITOS!

--20cf30363ae736dd1204ab9abb2f
Content-Type: text/html; charset=UTF-8

Shirly, I changed the name of the burrito making machine to KILLTHEPLANET. If you want to change it back fell-free, just log in and type: change-burrito-machine-name, if you forgot the password let me know.

LONG LIVE THE EVIL BURRITOS!

The solution for this challenge seems simple but you have to think about it. You only need to mail the guy called “Kim Jung” and to ask for the password.

Other thing, you need to take the identity of the person called “Shirly” by spoofing his mail :

"shrlchn99@evil-inc.burritos".

 

So let’s do that with netcat:

nc alt2.gmail-smtp-in.l.google.com 25
Helo Lu33Y
mail from: <shrlchn99@evil-inc.burritos>
rcpt to: <kmjng6@gmail.com>
data
From: Shirly Chen <shrlchn99@evil-inc.burritos> 
To: Kim Jung <kmjng6@gmail.com>
Reply-To: lu33y@cmif.eu
Subject: RE: Evil Burritos

Is it possible to send me the password that I’ve forget, plz ?

Shirly
.

quit
 

Then you have to wait for this answer in your mailbox:

From: <kmjng6@gmail.com>
Date: 2011/9/25
Subject: RE: Evil buritos
To: lu33y@cmif.eu

Hi Shirly, saw you message, if you forgot the key it is:
fire_burritos_are_really_really_good

CSAW VIII

Last week-end, I've participated with the team Shell-Storm to the CSAW (Cyber Security Awareness Week) qualification round. We were very few members to participate but we manage to solve all the challs except the one called CrackJack (that NK solved 5 minutes after the end of the contest).

At the end we finish 13 on the 207 registered teams!!!

Welcome to my new blog !!!

As my knowledge, my blog also evolve !!!

3 main topics will be treated :

1. CTF (Capture The flag),
2. Personal researchs,
3. Hardware Hacking.

More professional, with more advanced hack and all in the Shakespeare mother tongue : This is the new Crack Me I'm Famous