Add Danny's stuff

This commit is contained in:
Neale Pickett 2011-03-04 19:43:02 -07:00
parent fd4a3f978e
commit c6ba71cc65
14 changed files with 41 additions and 5 deletions

View File

@ -9,12 +9,12 @@ if ! [ -b "$DRIVE" ]; then
fi fi
size=$(sfdisk -s $DRIVE) size=$(sfdisk -s $DRIVE)
fatsize=$(expr $size \* 95 / 100) fatsize=$(sfdisk -l /dev/sdb | awk '/^Disk/ {print $3 - 2;}')
FATFS=${DRIVE}1 FATFS=${DRIVE}1
EXTFS=${DRIVE}2 EXTFS=${DRIVE}2
sfdisk -uB $DRIVE <<EOF sfdisk $DRIVE <<EOF
,$fatsize,6,* ,$fatsize,6,*
,,L ,,L
EOF EOF
@ -25,9 +25,9 @@ mkdir -p /mnt/ctf-install
mkdosfs -n PACKAGES $FATFS mkdosfs -n PACKAGES $FATFS
mke2fs -j -L VAR $EXTFS mke2fs -j -L VAR $EXTFS
cat mbr.bin > $DRIVE cat /usr/lib/syslinux/mbr.bin > $DRIVE
mount $FATFS /mnt/ctf-install mount $FATFS /mnt/ctf-install
mkdir /mnt/ctf-install/syslinux mkdir /mnt/ctf-install/syslinux /mnt/ctf-install/disabled
umount /mnt/ctf-install umount /mnt/ctf-install
syslinux -d syslinux $FATFS syslinux -d syslinux $FATFS
@ -47,7 +47,8 @@ LABEL dbtl
APPEND packages=disabled APPEND packages=disabled
EOD EOD
cp $(basename $0)/../bin/*.pkg /mnt/ctf-install cp $(dirname $0)/bin/*.pkg /mnt/ctf-install/disabled/
mv /mnt/ctf-install/disabled/ctfbase.pkg /mnt/ctf-install/
umount /mnt/ctf-install umount /mnt/ctf-install
rmdir /mnt/ctf-install rmdir /mnt/ctf-install

View File

@ -67,6 +67,7 @@ for dn in $indir/[0-9]*; do
tgt=$outdir/puzzles/$points tgt=$outdir/puzzles/$points
mkdir -p $tgt mkdir -p $tgt
touch $tgt/index.html
if [ -f $dn/Makefile ]; then if [ -f $dn/Makefile ]; then
# If there's a makefile, run make # If there's a makefile, run make

View File

@ -0,0 +1,6 @@
You have found a virus on one of your customers computers. To answer this question,
you will need to reverse engineer it and find out information about the sample.
The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450
Which family does this virus belong to? (all lowercase e.g. "sasser" without the quotes.

1
packages/compaq/1000/key Normal file
View File

@ -0,0 +1 @@
koobface

View File

@ -0,0 +1,8 @@
You have found a virus on one of your customers computers. To answer this question,
you will need to reverse engineer it and find out information about the sample.
The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450
Which API is called at address 4014A2?
Assume a normal address layout with the program being loaded with an ImageBase of 400000.

1
packages/compaq/2000/key Normal file
View File

@ -0,0 +1 @@
NtProtectVirtualMemory

View File

@ -0,0 +1,8 @@
You have found a virus on one of your customers computers. To answer this question,
you will need to reverse engineer it and find out information about the sample.
The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450
What is the original entry point for the worm after the unpacking process?
Assume a normal address layout with the program being loaded with an ImageBase of 400000.

1
packages/compaq/3000/key Normal file
View File

@ -0,0 +1 @@
420c80

View File

@ -0,0 +1,8 @@
You have found a virus on one of your customers computers. To answer this question,
you will need to reverse engineer it and find out information about the sample.
The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450
What is the first API called after the original entry point? Include it with the parameter(s)
For example, if the API was the string "zomg" being passed to printf the answer would be: printf("zomg")

1
packages/compaq/4000/key Normal file
View File

@ -0,0 +1 @@
Sleep(1)