HackTheBox University CTF 2023 - MSS
Details This challenge was given to the HackTheBox University CTF 2023. It was a crypto challenge of easy difficulty. A server is running for this challenge, and the code running on it is given. Overview The code import os, random, json from hashlib import sha256 from Crypto.Util.number import bytes_to_long from Crypto.Cipher import AES from Crypto.Util.Padding import pad from secret import FLAG class MSS: def __init__(self, BITS, d, n): # 256, 30, 19 self....
DownUnderCTF 2023 - Blind File Read - Real Baby Ruby
Details This is my solution for the Real Baby Ruby challenge from DownUnderCTF 2023. It is overcomplicated but I find it interesting. The challenge was a ruby jail, with the following code: while input = STDIN.gets.chomp do eval input if input.size < 5 && input !~ /`|%/ end If you want the intended solution, here is the author’s writeup: Writeup Solution Limitation We are limited to 4-character ruby commands, and we can’t use the following characters: ` %...
RSTCon 3 - Writeup
Table of Contents Crypto Asan (400) Forensics Stealth (176) Picapu (304) Misc Easy (100) Pwn Bitsy (304) Reversing Hardcoded (100) Jaguar (100) MD5 (176) Stegano Hidden (100) Steagu (176) Web Bruta (176) Blogy (244) Fr33 Storage (304) Contactu (400) Overview This is a write-up for the challenges from the RSTCon 3 CTF. The CTF was held on the 29th-30th of April and lasted for 30 hours. I managed to solve 14 of the 16 challenges....
Dam CTF 2023 - Muffin Kicker Writeup
Details This was a reverse challenge given at DamCTF 2023. It provided a INES file that contained a NES game and a server to connect to. The server was running the game in a text interface and behaved like the provided file. Overview The tool that I use from now on is FCEUX, a NES emulator that also has debugging capabilities. Opening the game we get 2 options: Start a new game Continue Starting the game just loads the game....
HackTheBox University CTF 2022 - AESWCM Writeup
Details This challenge was given to the HackTheBox University CTF 2022. It was a crypto challenge of medium difficulty. The source code is given Description Few people on this planet studied wandlore. It was known that the wand selects the wizard, but a good wand seller should be able to guess it with at most 3 suggestions. During the 190th Great Wizard Examination, the last question was created by Olivender, the greatest wand seller of all time....
HackTheBox University CTF 2022 - Sacred Scroll's Revenge Writeup
Details This challenge was given to the HackTheBox University CTF 2022. It was a pwn challenge of easy difficulty. A server is running for this challenge and the binary running on it and libc files are given. Description Each house on the campus has its secret library to store spells or spellbound messages so the others cannot see them. Messages are encrypted and must be signed by the boy who lived, turning them into sacred scrolls otherwise they are not accepted in this library....
Hack The Boo 2022 - Finale Writeup
Details This was the last pwn challenge given at the Hack The Boo CTF, organized by Hack the Box. This was a solo CTF where I solved 21/25 challenges and ended up in 112th place. Description It’s the end of the season and we all know that the Spooktober Spirit will grant a souvenir to everyone and make their wish come true! Wish you the best for the upcoming year!...
D-CTF Quals 2022 - DESTRUCTION Writeup
Details The challenge was given to the D-CTF Quals 2022. Description Security is not just patching, sometimes we have to use all means to protect ourselves. Do you think you can overcome all the protections in place? Flag Format: CTF{sha256} Overview There was one binary file provided and an IP to a server running it. The binary is vulnerable to buffer overflow but is restricted to the syscalls it can make....
TFCCTF 2022 - Code Leak Writeup
Challenge files HERE Details This is a challenge I created for TFCCTF 2022 and my intended solution. Description We managed to get access to the source code but we got disconnected before being able to download all of it. There has to be a way to get it… Solution If you play around with the application you’ll get a few prompts Enter your name: Bob What would you like to do?...