Protected: A1SBERG CTF PLAYGROUND — Smooth Cipher
There is no excerpt because this is a protected post.
CTF Writeups
A collection of detailed Capture The Flag (CTF) challenge solutions and walkthroughs. Perfect for cybersecurity enthusiasts, learners, and professionals who want to explore real-world problem-solving techniques, exploit analysis, and step-by-step strategies to conquer CTF challenges.
Nullcon HackIM CTF Goa 2026 – TLS
The challenge involves a network service that encrypts data using a combination of RSA and AES-CBC. It reveals vulnerabilities primarily in the AES layer, allowing for a Padding Oracle Attack. An exploit script successfully decrypts the ciphertext and retrieves the flag: ENO{Y4y_a_f4ctor1ng_0rac13}.
Nullcon HackIM CTF Goa 2026 – Matrixfun II
Category: Cryptography Difficulty: Medium 1. Challenge Overview The challenge provides a Python script and a remote service. Upon connecting, the server encrypts a hidden flag using a custom scheme and then acts as an oracle, allowing us to encrypt any hex-encoded message of our choice. The core of the encryption lies in a linear transformation … Read more
Nullcon HackIM CTF Goa 2026 – Going in Circles
Category: Crypto / Reverse Difficulty: Easy/Medium 1. Challenge Overview Upon connecting to the server, I was greeted with two integers. Looking at the provided source code, chall.py, I saw that the program takes a secret flag, converts it into a large integer, and then passes it through a function called reduce(a, f) using a random … Read more
Nullcon HackIM CTF Goa 2026 – Zoney
Category: Misc (DNS / Recon) Difficulty: Medium 1. Challenge Overview The challenge provided a DNS server at 52.59.124.14:5054 for the domain flag.ctf.nullcon.net. The author hinted that the flag was hidden and challenged me to “show that I know all about DNS.” 2. Vulnerability Analysis Step 1: Initial Reconnaissance I started by checking for the flag … Read more
Nullcon HackIM CTF Goa 2026 – Flowt Theory
Category: Web / Misc Difficulty: Easy/Medium 1. Challenge Overview The challenge presented a “BillSplitter Lite” web application. The application allows users to input names and expense amounts, which it then calculates to settle debts. The prompt mentioned an “administrative fee” of 0.01 that was somehow hidden in the “extremely advanced math” of the calculation. 2. … Read more
Nullcon HackIM CTF Goa 2026 – Emoji
Category: Misc Difficulty: Easy 1. Challenge Overview The challenge provides a single README.md file containing what appears to be a solitary emoji: 💯. However, when looking at the file metadata or simply clicking and dragging over the text, it becomes clear that there is a significant amount of “invisible” data trailing the emoji. We are … Read more
Nullcon HackIM CTF Goa 2026 – DragoNflieS
Category: DNS / Network Security Difficulty: Medium 1. Challenge Overview The challenge provided a DNS server at 52.59.124.14:5053. The hint stated that “latest and greatest DNS features” now allow internal networks to resolve names without VPNs or Firewalls. This was a clear pointer toward EDNS Client Subnet (ECS) or DNS over QUIC (DoQ). 2. Vulnerability … Read more
Nullcon HackIM CTF Goa 2026 – DiNOS
Category: DNS / Misc Difficulty: Medium 1. Challenge Overview The challenge provided a custom DNS server (52.59.124.14:5052) with the hint: “Some flag escaped its enclosure. Now it is mixed up with the herd(dinos.nullcon.net).” The goal was to locate the flag hidden within a large number of DNS records. 2. Vulnerability Analysis Step 1: Initial Connectivity … Read more
Nullcon HackIM CTF Goa 2026 – WordPress Static Site Generator
Category: Web Difficulty: Easy 1. Challenge Overview The challenge presents a web application designed to convert WordPress XML export files into static websites. The interface is simple: The goal is to read the /flag.txt file stored on the server. 2. Vulnerability Analysis My first step was to explore how the “Generate” feature works. I intercepted … Read more