Writeup by: Oliver Lyak (ly4k) Solved by: Zopazz, Oliver Lyak (ly4k) QLaaS QLaaS (Qiling as a Service) was a Clone-and-Pwn challenge with difficulty Schrödinger (whatever that means). The challenge was solved by 23 out of 947 teams. We are provided with the following attachment: …
Read MoreReal World CTF 4th: Secured Java
Jan 23, 2022Writeup by: Nicolai Søborg Solved by: Nicolai Søborg, Rasmus Have This year we managed to land a 13 place, again! (which is really a shame as top 12 gets swag …) Secured Java The challenge is a single python file that allows you to “run untrusted Java in a safe way”. The code boils down to: you …
Read MoreWriteup by: Zanderdk | linkedin Solved by: ZZZ | linkedin, N00byedge | linkedin Indie VMM - HXP 2021 In this challenge we are given a root access to a linux machine running in the linux tools hypervisor and the goal is to escape out of the hypervisor to access the flag file on the host system. During this challenge we …
Read MoreWriteup by: andyandpandy Solved by: andyandpandy, Hako Writeup The challenge has a race condition vulnerability, where you can delete your user and rapidly after send another request for the flag, which is successful when timed correctly. Description Web challenge Challenge author: pspaul/SonarSource To keep track of …
Read MorePwn2win - Hackus
Jun 18, 2021Writeup by: andyandpandy Solved by: andyandpandy, eskildsen, 2by4 Writeup This is most likely an unintended solution. TL;DR: Create a note with two iframes. First iframe gets /s/secret-note, second gets from evil.com, which returns a html page where another iframe is loaded based on an 0-day …
Read MoreWriteup author: Bawstaws The Lost Bottle is the most awesome pirate game. It is about a young pirate, that lost her favorite bottle of old rum. She is now doomed to drink ordinary rum until she finds her bottle. Flags: 2531.00 Tags: rev, misc, game Introduction After discovering that this is a game challenge I quickly …
Read MoreDe Danske Cybermesterskaber: Kuuuurveen
May 9, 2021 CryptoWriteup by: ChrRaz Kuuuurveen We are given the following challenge description. A client and a server have been communicating the flag over an encrypted channel. Der er en Kuuuuuuuuuuuuuuurveeeeeee, er den ikke smuk? En client og en server kommunikere over en krypteret kommunikationskanal. Se om du ved hjælp af source …
Read MoreWriteup by: ChrRaz 80s Commitments When opening http://80s-commitments.hkn we are greeted with the following page: We are given a public key and a “commitment”. If we enter this commitment into the “reveal” box we get redirected to the following page which shows an embedded youtube video. …
Read MoreChallenge Description (967 points) Play to win and log ’em all! Once you’ve seen all 151 Asciimon, talk to Professor Jack for the flag. We’ve included some data for the first couple rooms, you’ll have to figure out the rest yourself! nc -v logemall-a2db138b.challenges.bsidessf.net 666 (author: …
Read MoreUnion CTF 2021: Cr0wnAir
Feb 25, 2021Writeup by: Nicolai Søborg Cr0wnAir TL;DR - bypassing a filter to generate two JWTs (RS256). Finding e and N from the two signatures and forge an arbitrary JWT (HS256). Step 1: Getting two RS256 signatures To get a signature we need to bypass a filter validated by jpv (“JSON Pattern Validator”). This …
Read More