Add Danny's stuff

This commit is contained in:
Neale Pickett 2011-03-04 19:43:02 -07:00
parent fd4a3f978e
commit c6ba71cc65
14 changed files with 41 additions and 5 deletions

View File

@ -9,12 +9,12 @@ if ! [ -b "$DRIVE" ]; then
fi
size=$(sfdisk -s $DRIVE)
fatsize=$(expr $size \* 95 / 100)
fatsize=$(sfdisk -l /dev/sdb | awk '/^Disk/ {print $3 - 2;}')
FATFS=${DRIVE}1
EXTFS=${DRIVE}2
sfdisk -uB $DRIVE <<EOF
sfdisk $DRIVE <<EOF
,$fatsize,6,*
,,L
EOF
@ -25,9 +25,9 @@ mkdir -p /mnt/ctf-install
mkdosfs -n PACKAGES $FATFS
mke2fs -j -L VAR $EXTFS
cat mbr.bin > $DRIVE
cat /usr/lib/syslinux/mbr.bin > $DRIVE
mount $FATFS /mnt/ctf-install
mkdir /mnt/ctf-install/syslinux
mkdir /mnt/ctf-install/syslinux /mnt/ctf-install/disabled
umount /mnt/ctf-install
syslinux -d syslinux $FATFS
@ -47,7 +47,8 @@ LABEL dbtl
APPEND packages=disabled
EOD
cp $(basename $0)/../bin/*.pkg /mnt/ctf-install
cp $(dirname $0)/bin/*.pkg /mnt/ctf-install/disabled/
mv /mnt/ctf-install/disabled/ctfbase.pkg /mnt/ctf-install/
umount /mnt/ctf-install
rmdir /mnt/ctf-install

View File

@ -67,6 +67,7 @@ for dn in $indir/[0-9]*; do
tgt=$outdir/puzzles/$points
mkdir -p $tgt
touch $tgt/index.html
if [ -f $dn/Makefile ]; then
# If there's a makefile, run make

View File

@ -0,0 +1,6 @@
You have found a virus on one of your customers computers. To answer this question,
you will need to reverse engineer it and find out information about the sample.
The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450
Which family does this virus belong to? (all lowercase e.g. "sasser" without the quotes.

1
packages/compaq/1000/key Normal file
View File

@ -0,0 +1 @@
koobface

View File

@ -0,0 +1,8 @@
You have found a virus on one of your customers computers. To answer this question,
you will need to reverse engineer it and find out information about the sample.
The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450
Which API is called at address 4014A2?
Assume a normal address layout with the program being loaded with an ImageBase of 400000.

1
packages/compaq/2000/key Normal file
View File

@ -0,0 +1 @@
NtProtectVirtualMemory

View File

@ -0,0 +1,8 @@
You have found a virus on one of your customers computers. To answer this question,
you will need to reverse engineer it and find out information about the sample.
The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450
What is the original entry point for the worm after the unpacking process?
Assume a normal address layout with the program being loaded with an ImageBase of 400000.

1
packages/compaq/3000/key Normal file
View File

@ -0,0 +1 @@
420c80

View File

@ -0,0 +1,8 @@
You have found a virus on one of your customers computers. To answer this question,
you will need to reverse engineer it and find out information about the sample.
The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450
What is the first API called after the original entry point? Include it with the parameter(s)
For example, if the API was the string "zomg" being passed to printf the answer would be: printf("zomg")

1
packages/compaq/4000/key Normal file
View File

@ -0,0 +1 @@
Sleep(1)