pwn/bench-225 Life is one big tug of war. And you don't win the war by pushing the rope. Files: bench-225 nc bench-225.ctf.umasscybersec.org 1337 In this challenge we are given a compil...

Web - Hero’s Journey Challenge description Hero’s Journey consists of a website in which you can create a story by writing in text to different sections as depicted in the following image: So l...

Writeups These are the web challenges our team solved at KalmarCTF 2024! web/Ez ⛳ v2 This was a throwback to last year’s KalmarCTF where there was a similar challenge. I don’t exactly remember the...

Writeups web/Voice Changer Sourceless web challenge. Just a file upload with a pitch option. I intercepted the HTTP request and modified the pitch value. POST /upload HTTP/1.1 ------WebKitFormB...

Writeups These are two challenges which I found interesting from NiteCTF. Just 1x pwn and 1x web. web/Mini Survey Downloading the source, we see this is a Javascript challenge immediately observin...

web/too-many-admins Downloading the source, we can see this is a PHP challenge. Just a single PHP file and the flag is located in the database (dump.sql). I immediately noticed the SQL injection h...

Pure Challenge Writeup The official writeup from the organizers is available here. I’m going to let that cover the technical details of the vulnerability as in this writeup I want to focus on the...

Pwn My Pet Canary’s Birthday Pie Here is my first c program! I’ve heard about lots of security features in c, whatever they do. The point is, c looks like a very secure language to me! Try breaki...

Crypto Dizzy We’re given this to decipher: T4 l16 _36 510 _27 s26 _11 320 414 {6 }39 C2 T0 m28 317 y35 d31 F1 m22 g19 d38 z34 423 l15 329 c12 ;37 19 h13 _30 F5 t7 C3 325 z33 _21 h8 n18 132 k24 The...

Oldschool - Twig SSTI One of the many vulnerabilities from this service was SSTI. The program is using the twig templating engine so a payload like {{7*7}} will result in 49 We exploiting this ...