####disclaimer: this CTF involved a lot of guessing, and please note that other challenges were of far lower quality. reader beware. To start this challenge, you had to solve Exploitation 300. 300 consisted of googling a public webapp vulnerability. Once you’ve got a shell as the web user, you’ll see e4.hint in the root dir…. Read more »
[gfm] For this challenge, we’re given an `.exe` file and a server that it’s running on. Running strings on the binary, we see that there’s a lot of text in the program. It’s all instructions on how to get started with Windows exploitation. One block that is particularly interesting is: ~~~ VULNERABLE FUNCTION ——————- Send… Read more »
If you ncat into the server for this challenge, you’re given instructions on how to play a game. This game is a direct copy of lights out, a computer science challenge. You can provide a series of coordinates to toggle, and this will toggle all of the adjacent cells. The goal is to have the… Read more »
This is a fun challenge in which you’re given the following base64 encoded data:
This was a fun challenge. We are given “I am lost” and a remote host to connect to. Connecting via netcat gives us Hi there! Stupid CAPTCHA: enter your name, user40319 Entering the username gives us a bunch of mazes in this format…
The challenge in this problem was pretty clearly JavaScript unpacking. There was an image in base64 format in the html file given, and thus there was also the possibility of a steganography challenge. Here’s the block we were given:
This problem is not immediately visible. Upon viewing the page for it, this is all you’re given:
At the beginning of this problem, we’re given a Windows binary(.exe). Running it gives some inane output about a username and product key. This is a clue that it could be a keygenme or something more difficult(but it isn’t, yay!) So, we open the executable up in IDA. Taking a quick look at the string… Read more »