diff --git a/install.sh b/install.sh index d63c8a0..c1c4e8c 100755 --- a/install.sh +++ b/install.sh @@ -9,12 +9,12 @@ if ! [ -b "$DRIVE" ]; then fi size=$(sfdisk -s $DRIVE) -fatsize=$(expr $size \* 95 / 100) +fatsize=$(sfdisk -l /dev/sdb | awk '/^Disk/ {print $3 - 2;}') FATFS=${DRIVE}1 EXTFS=${DRIVE}2 -sfdisk -uB $DRIVE < $DRIVE +cat /usr/lib/syslinux/mbr.bin > $DRIVE mount $FATFS /mnt/ctf-install -mkdir /mnt/ctf-install/syslinux +mkdir /mnt/ctf-install/syslinux /mnt/ctf-install/disabled umount /mnt/ctf-install syslinux -d syslinux $FATFS @@ -47,7 +47,8 @@ LABEL dbtl APPEND packages=disabled EOD -cp $(basename $0)/../bin/*.pkg /mnt/ctf-install +cp $(dirname $0)/bin/*.pkg /mnt/ctf-install/disabled/ +mv /mnt/ctf-install/disabled/ctfbase.pkg /mnt/ctf-install/ umount /mnt/ctf-install rmdir /mnt/ctf-install diff --git a/mkpuzzles b/mkpuzzles index 4e37eec..1e42342 100755 --- a/mkpuzzles +++ b/mkpuzzles @@ -67,6 +67,7 @@ for dn in $indir/[0-9]*; do tgt=$outdir/puzzles/$points mkdir -p $tgt + touch $tgt/index.html if [ -f $dn/Makefile ]; then # If there's a makefile, run make diff --git a/packages/compaq/1000/Ec7be21bd697050d119c9f9df0fb6450.zip b/packages/compaq/1000/Ec7be21bd697050d119c9f9df0fb6450.zip new file mode 100644 index 0000000..97450c3 Binary files /dev/null and b/packages/compaq/1000/Ec7be21bd697050d119c9f9df0fb6450.zip differ diff --git a/packages/compaq/1000/index.mdwn b/packages/compaq/1000/index.mdwn new file mode 100644 index 0000000..3aa46ef --- /dev/null +++ b/packages/compaq/1000/index.mdwn @@ -0,0 +1,6 @@ +You have found a virus on one of your customers computers. To answer this question, +you will need to reverse engineer it and find out information about the sample. + +The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450 + +Which family does this virus belong to? (all lowercase e.g. "sasser" without the quotes. diff --git a/packages/compaq/1000/key b/packages/compaq/1000/key new file mode 100644 index 0000000..f07b3cb --- /dev/null +++ b/packages/compaq/1000/key @@ -0,0 +1 @@ +koobface \ No newline at end of file diff --git a/packages/compaq/2000/Ec7be21bd697050d119c9f9df0fb6450.zip b/packages/compaq/2000/Ec7be21bd697050d119c9f9df0fb6450.zip new file mode 100644 index 0000000..97450c3 Binary files /dev/null and b/packages/compaq/2000/Ec7be21bd697050d119c9f9df0fb6450.zip differ diff --git a/packages/compaq/2000/index.mdwn b/packages/compaq/2000/index.mdwn new file mode 100644 index 0000000..acd5066 --- /dev/null +++ b/packages/compaq/2000/index.mdwn @@ -0,0 +1,8 @@ +You have found a virus on one of your customers computers. To answer this question, +you will need to reverse engineer it and find out information about the sample. + +The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450 + +Which API is called at address 4014A2? + +Assume a normal address layout with the program being loaded with an ImageBase of 400000. \ No newline at end of file diff --git a/packages/compaq/2000/key b/packages/compaq/2000/key new file mode 100644 index 0000000..be4472c --- /dev/null +++ b/packages/compaq/2000/key @@ -0,0 +1 @@ +NtProtectVirtualMemory \ No newline at end of file diff --git a/packages/compaq/3000/Ec7be21bd697050d119c9f9df0fb6450.zip b/packages/compaq/3000/Ec7be21bd697050d119c9f9df0fb6450.zip new file mode 100644 index 0000000..97450c3 Binary files /dev/null and b/packages/compaq/3000/Ec7be21bd697050d119c9f9df0fb6450.zip differ diff --git a/packages/compaq/3000/index.mdwn b/packages/compaq/3000/index.mdwn new file mode 100644 index 0000000..fe4ecda --- /dev/null +++ b/packages/compaq/3000/index.mdwn @@ -0,0 +1,8 @@ +You have found a virus on one of your customers computers. To answer this question, +you will need to reverse engineer it and find out information about the sample. + +The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450 + +What is the original entry point for the worm after the unpacking process? + +Assume a normal address layout with the program being loaded with an ImageBase of 400000. \ No newline at end of file diff --git a/packages/compaq/3000/key b/packages/compaq/3000/key new file mode 100644 index 0000000..b89f632 --- /dev/null +++ b/packages/compaq/3000/key @@ -0,0 +1 @@ +420c80 \ No newline at end of file diff --git a/packages/compaq/4000/Ec7be21bd697050d119c9f9df0fb6450.zip b/packages/compaq/4000/Ec7be21bd697050d119c9f9df0fb6450.zip new file mode 100644 index 0000000..97450c3 Binary files /dev/null and b/packages/compaq/4000/Ec7be21bd697050d119c9f9df0fb6450.zip differ diff --git a/packages/compaq/4000/index.mdwn b/packages/compaq/4000/index.mdwn new file mode 100644 index 0000000..ae1913c --- /dev/null +++ b/packages/compaq/4000/index.mdwn @@ -0,0 +1,8 @@ +You have found a virus on one of your customers computers. To answer this question, +you will need to reverse engineer it and find out information about the sample. + +The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450 + +What is the first API called after the original entry point? Include it with the parameter(s) + +For example, if the API was the string "zomg" being passed to printf the answer would be: printf("zomg") \ No newline at end of file diff --git a/packages/compaq/4000/key b/packages/compaq/4000/key new file mode 100644 index 0000000..b98eb3d --- /dev/null +++ b/packages/compaq/4000/key @@ -0,0 +1 @@ +Sleep(1) \ No newline at end of file