Thoughts, writeups, and experiments in cybersecurity and coding
mis4nthr0pia Category: Web Difficulty: Easy 1. Challenge Overview The challenge presents a web application designed to convert WordPress XML export files into static websites. The interface is simple: The goal is to read the /flag.txt file stored on the server. 2. Vulnerability Analysis My first step was to explore how the “Generate” feature works. I intercepted … Read more
Category: Web Difficulty: Medium 1. Challenge Overview The challenge presents a web service called Virus Analyzer. The UI is sleek and professional, mimicking a security tool. It invites users to upload a .zip archive, which it promises to extract and analyze for malicious content. Upon visiting the site, I noticed there was no source code … Read more
Challenge Overview A dice-based gambling game where you start with $800 and need to reach $10,000 to buy the flag. The game allows you to: Key Files The Vulnerability Provably Fair System Gone Wrong The game implements a “provably fair” dice system where: The Critical Flaw Python’s random module uses the Mersenne Twister (MT19937) PRNG, … Read more
1. Introduction We are tasked with analyzing a packet capture (final.pcapng) for Team K\&K. They suspect data is being stolen. Our job is to find out what was taken and retrieve the flag. 2. identifying the Exfiltration (The “What”) The first step is to filter the noise. Since most data theft happens over the web, … Read more
Can you help Han Shangyan win the lottery? We are provided with a Bash script that simulates a lottery game. Here is the source code: The Vulnerabilities There are two distinct vulnerabilities that, when chained together, allow for Remote Code Execution (RCE). A. Regex Bypass The script attempts to validate the input using a Regular … Read more
We made an encryption service. We forgot to make the decryption though.\As compensation we are giving free encrypted flags. The service allows users to submit plaintexts, which are then encrypted using AES-CBC with a user-supplied key. As a bonus, the flag is appended to the plaintext and encrypted as well. Provided Files enc.py run.sh Vulnerability … Read more
People said gets is not safe, but I think I figured out how to make it safe. Buffer overflows are a classic vulnerability, but sometimes CTF authors add little “security checks” to trip you up. In this challenge, Baby bof, the author claimed they made the dangerous gets() function safe. Spoiler alert: they didn’t. Here … Read more
Difficulty: Hard but Fun 1. Challenge Overview We are given a Flask application that mimics a login portal. The goal is to access the internal /home route and read the flag using the /readflag binary. The Obstacles: 2. Vulnerability Analysis The WAF (No Quotes, No Periods) The WAF makes standard attacks impossible. The “Swallow” (SQL … Read more
Difficulty: Hard but Fun 1. Challenge Overview We are given a Flask web application with the following source files: The Goal: We need to execute the /readflag binary to get the flag. The Obstacles: 2. Vulnerability Analysis The SQL Injection (The “Swallow”) The application constructs the SQL query using Python f-strings, which is vulnerable to … Read more
1. Challenge Overview In this challenge, we encounter a web application built with Python (Flask) and a MySQL database. Our goal is to read the flag located at /root/flag.txt. However, we cannot access the file system directly; we need to find a way to trick the server into executing a command for us. This challenge … Read more