Heyya mates,

we’ve been really busy trying to take a look at the different wargames that have been running during this weekend. We had one not so far away, the Hacking At Random CTF. HAR was taking place in the Netherlands but this guys let teams to join remotely, nice huh? There was also another wargame, the ISEC2009 CTF prequals organized by or friends from Wowhacker, where two standalone pandas had a lot of fun ;D Congratulations to all the qualified teams that will play the final round next month in Seoul, South Korea. But there’s more! If you missed those two wargames or you still want more, our friend Julianno warned us about tomorrow starting the ekoparty pre-conference CTF!!!

It’s been a crazy and funny weekend. Enjoy the ekoparty CTF and see you in upcoming competitions

As you friends probably already checked at DDTEK, we finally did 5th place in this year’s Defcon CTF. Let us explain why.

This year’s contest has been interesting but weird, really really weird. The contest started after a long delay and the teams had an usb key with the binaries almost two hours before the system started to work (later we discovered some of those bins were not the same that the ones running on the servers). Once the whole thing started, the teams were scoring without knowing the real points scored by any of the teams and with a limited view of the services’ SLA (only a reduced number of the complete set of services were reported, and that caused some teams to close any service not listed in the SLA status information).

(more…)

Seven pwndas are ready to go to Defcon, towards unknown shores, to defend a vulnerable server with honor and courage against hordes of evil hackers. We might have less equipement and find ourselves in numerical inferiority, but be mindful because Pwndas never retreat! Pwndas never surrender! Pwndas never forget! Spread the word and let every contestant know the truth of this. We are on our way. See you there friends and foes, remember us despite whether we win or fail and maybe we will meet again in Valhalla.

For us it was impossible to imagine two years ago, when the “Sexy Pandas” concept was born, that this group of friends would become… well, whatever we are now xD Anyways, this two years have been amazing and we think it’s time to say thanks to you, all anonymous friends, that have been supporting us in so many different ways. Thanks!

And about this year’s prequals, we played hard in a competition controlled almost from start to end by Sk3wl and VodaGodz, but we did a good work during the last hours and scored a nice amount of points that allowed us to tie them. At the last moment (that sounds familiar…) Sk3wl solved pwn400 and got first place, we were almost done with that same exploit but time was over and we still have to train a bit those last-minute-pwnage skills.

As for the rest of the qualified teams (you can see the full list in the Defcon forums), all are well known and highly skilled friends so this year we are expecting one of the hardest CTF competitions ever.

That’s all folks, see some of you in Vegas and be ready for some awesomeness!

PS: Yes, we know there are some pending posts but, tempus fugit

Update: complete results at ddtek.biz

Fravia, one of the greatest teachers in the field of reverse engineering and inspiration to many of us is, since yesterday May 3rd, reversing the secrets of the gods or whatever there is wherever he roams around now. So long and thanks for all the fishing lessons!

Rest in +peace

As we mentioned in our previuos post, four intrepid pandas participated in the final round of the CodeGate Hacking Festival competition. The contest finished 24 hours ago and, in what were some dramatic final minutes, we ended up seizing a pretty good 2nd position. We had a good start (as we often manage to pull off) and we were 1st during a big part of the contest but less than one hour before the end CParK team overtook us and grabbed the first position. That ranking seemed kind of definitive but 10 minutes before the end we managed to recover the 1st spot. We enjoyed nine minutes of glory until CParK solved a challenge in the last minute. The final top-3 was: CParK, Pandas and PLUS.

It was really fun despite the fact of finally not winning after being so close and we have to say thanks to all the organization, specially the beistlab members. Everything was taken care of and thought to the smallest detail. And obviously, greetz to all the teams and hope to face you in upcoming contests. All were amazingly skilled and fun to hang out with.

More news and photos are in the way so, stay tuned!!
Woobi woobi’s for everybody!

Ok, maybe you have no idea what are we talking about, but this weekend took place the qualification/preliminary round for the CodeGate Hacking Festival. Of course we at Sexy Pandas couldn’t miss an event like this one, so we had the pleasure of participate and to realize about the high level of the competition.

The contest was built over 21 crazy problems that included stego, crypto, web hacking and exploiting… having only (cough) 50 hours to solve them. As already happened in other contests, we had a good start being in 1st position during a quite long time, but the last 15 hours were a pain in the ass. We kept stuck at some problems while the rest of teams were solving them with extreme speed and precision. Fortunately for us, the bell saved us and as you can see in the Final Rank, we finished in 6th place.

Despite our last 15 minutes of fame hours of hell, we can only thank the Beistlab staff for creating a wonderful game, and congratulate the rest of the teams, you guys are awesome! We hope to see you all in the final round ;D

Note: For those who asked why we resigned taking the 550 points from problem #21, here is the reason: we play for the challenge, the fun and making friends. Of course we like to win, but taking profit of a such situation means to avoid the challenge, which in turn takes away the fun and maybe the friends.

Update: A really nice writeup coming from the CGLT team at vnsecurity.net

an nyeong hi gye se yo!! See you in Seoul next month!

This year at the Defcon CTF there was only one kenshoto-level service (or at least only one that scored as a Kenshoto, you’ll know what we mean in further writeups). That service was Kryptod, so we will be trying to explain how we managed to exploit it.

As in the major part of the CTF bins the service starts setting up the socket, in this case listening at port 20020, and dropping the proper user privileges. Then it sets up signal handlers for SIGILL, SIGTRAP, SIGEMT, SIGBUS, SIGSEGV, SIGSYS and SIGALRM. The handler is always the same and it just uses the current socket to send back to the client an encoded value related to the signal received and then doing a clean exit (let’s say it’s a nice way to say: “Hey, I crashed!”).

The next step is just the client handler. Kryptod reads the file ‘/home/krypto/key’ (the token) and put its contents into a buffer, then it reads from the socket up to 63 chars (or a terminating \x0A if it comes before). The next part is a bit tricky, if the socket received 0 bytes it justs send the contents of the token/keyfile to the user. WTF??? Strike one! No luck this time, the token is an overwrite one so reading it gives you nothing

(more…)

Ok, we can’t hide it, we finished on 7th place. That hurts. We will try to explain why or at least, what we think caused this madness.

This year we started like the previous one, although we didn’t draw first-blood (I think that taekwon or wowhacker did it). The team was working very well and we quickly got 5 breakthrougs (!!!). But that was all for us. At the end of the first day some major network problem took down the SLA of most of the teams and after that, we began to have serious networking issues. From that point to the end of the contest our network was really slow, with a lot of timeouts and lots of lost of packets. Also there was a strange behaviour of the other-teams services. We found very interesting the thoughts of Atlas from 1@stplace regarding this owning prevention.
(more…)

The D-Day is coming. In 7 days we will know which team managed to win the Defcon CTF’08. The pandas have been training hard, so we’re ready to go and (try to) kick some asses

All preparations are done: we improved our Sexy Panda Exploitation Framework, designed our new shirts, the Riviera ordered a high amount of bamboo, bought new networking hardware, got invitations for all-night parties… a lot of new things that would make this year funniest than ever.

One final note regarding the t-shirts. We’re trying to find/evaluate online stores where to publish the design, so if you are a panda fan or if your laundry bleached your ninja suit and you need a new look… stay tuned! (questions and suggestions can be sent to shirts@pandas)

Well, nothing more to say right now. Good luck to everybody and see you in Vegas.
GO GO PANDAS!!!