Man, I suck. For the first time, I've decided to actually include the challenge files. Hope the organizers don't DMCA me. Calc.exe Online (Web) http://chall.ctf.bamboofox.tw:13377 author: splitline Solution They gave us the source code, yay. http://chall.ctf.bamboofox.tw:13377/?source <?php error_reporting(0); isset($_GET['source']) && die(highlight_file(__FILE__)); function is_safe($query) { $query = strtolower($query); preg_match_all("/([a-z_]+)/", $query, $words); $words = $words[0]; $good = … Continue reading BambooFox CTF 2021 Writeup

Competition Info https://grimmcon.ctf.games The website seems permanent down. Fruitify (Web) Description Come grab a tasty freshly made juice, they are delicious Solution Based on the title, I originally thought it's gonna be MongoDB as mango sounds similar to mongo and is a fruit. I clicked around and did not find much, so I clicked the … Continue reading Two easy problems from GrimmCon CTF

My team (just me, my teammate is having his final) solved 3 problems in the recent concluded b00t2r00t CTF, the event didn't have many participants but the challenges are fairly good. On a scale of 10 in difficulty, it's probably around 3. The three problems I solved are two web challenges and one pwn challenge. … Continue reading b00t2r00t 2020 CTF Writeup

This will be the write up for 3 out of 5 problems in the recently concluded Picomini CTF 2020. 'Web Gauntlet' from Web category, 'OPT' from Reverse category, and 'Guessing Game 1' from Binary Exploitation category. Web Gauntlet (Web) Challenge Description Can you beat the filters? Log in as admin http://jupiter.challenges.picoctf.org:29164/ http://jupiter.challenges.picoctf.org:29164/filter.php Hints: You are … Continue reading Pico Mini CTF 2020 Writeup

Introduction Natas is a web challenge series from OverTheWire. https://overthewire.org/wargames/natas/ User needs to get password to advance to next level. The password file is located in /etc/natas_webpass directory, only the correspond user can read the current and next level's password. This write up will show the necessary steps to get password. Natas 18 Source: <html> … Continue reading OverTheWire Natas Write-Up (Part 3)

Introduction Natas is a web challenge series from OverTheWire. https://overthewire.org/wargames/natas/ User needs to get password to advance to next level. The password file is located in /etc/natas_webpass directory, only the correspond user can read the current and next level's password. This write up will show the necessary steps to get password. Natas 10 They say … Continue reading OverTheWire Natas Write-Up (Part 2)

Introduction Natas is a web challenge series from OverTheWire. https://overthewire.org/wargames/natas/ User needs to get password to advance to next level. The password file is located in /etc/natas_webpass directory, only the correspond user can read the current and next level's password. This write up will show the necessary steps to get password. Natas 0 Check source … Continue reading OverTheWire Natas Write-up (Part 1)

This will be my solution on the recent concluded N1CTF's easiest web challenge 'websign' which I couldn't even solve during the competition. I normally wouldn't bother post a blog but this time I felt I really had it in my hand and want to try again with the assistance of some writeups. Enjoy and hope … Continue reading N1CTF: Web Sign-in and Beyond

widthless (Web) Challenge Description Welcome to web! Let's start off with something kinda funky 🙂 http://web.chal.csaw.io:5018 Solution First, go to the actual website. Nothing looks special, next I checked source-code and found there is a comment saying something about "zwsp". After some researching, "zwsp" stands for "Zero-Width-Space", essentially some unicode characters which do not appear … Continue reading CSAWCTF 2020 Qualification Round Writeup