knockedupd

DEFCON QUALS CTF RE Challenge: 1pts

Challenge Description:

"You went and got it knockedup." The challenge presented the user with the server binary and the server which listening for a specific series of port knocks. If you reversed it correctly and knocked on the ports in the right sequence, a rule for you IP was added to their firewall. You could then netcat to a specific port on the server to get the flag.

Material:

Solution:

Knock on the right ports in the right way and get the flag! For the solution you had to write a client to authenticate with the server.
(Python scripts to get the flag from the remote server and the binary of the server to RE linked at the bottom.)

            1) Reverse engineer the binary to get the connection type (udp), the port numbers and the order to knock, and a time interval to knock in.

            2) Knock at 52.5.150.223 on the ports 13102, 18264, and 18282 over UDP quick enough to pass the time check.

            3) This adds your IP to the IP Tables, allowing you to netcat to port 10785.

            4) Once your IP is added, netcat to port 10785 to get the flag.

            5) Reverse further and find more ports: 31717, 35314, 39979, 15148, and 14661 to knock at over udp.

            6) This adds an IP rule to the IP Tables on the server, allowing you to netcat to 52.5.150.223 on port 9889.

            7) Connecting to port 9889 brings up a fake 'shell', enter tirer to get the binary for the next challenge.

Detailed steps to flag:

Flag:

Binaries & Scripts:

SERVER (Patched out Timer)

CLIENT

Interesting Things:

Of the two sets of ports to knock at, we tried the larger set first and got to the tirer interface.
We wasted time fuzzing this before realizing we had started on the 400pt PWN challenge that was linked to this one :P