Home
Ireland.RE
Cancel

UofTCTF 2024 Challenge Writeups

Writeups web/Voice Changer Sourceless web challenge. Just a file upload with a pitch option. I intercepted the HTTP request and modified the pitch value. POST /upload HTTP/1.1 ------WebKitFormB...

NiteCTF 2023 Challenges

Writeups These are two challenges which I found interesting from NiteCTF. Just 1x pwn and 1x web. web/Mini Survey Downloading the source, we see this is a Javascript challenge immediately observin...

Backdoor CTF 2023 Web Challenges

web/too-many-admins Downloading the source, we can see this is a PHP challenge. Just a single PHP file and the flag is located in the database (dump.sql). I immediately noticed the SQL injection h...

HITB Phuket 2023

Pure Challenge Writeup The official writeup from the organizers is available here. I’m going to let that cover the technical details of the vulnerability as in this writeup I want to focus on the...

Lexington Informatics Tournament CTF 2023

Pwn My Pet Canary’s Birthday Pie Here is my first c program! I’ve heard about lots of security features in c, whatever they do. The point is, c looks like a very secure language to me! Try breaki...

TheFewChosen 2023

Crypto Dizzy We’re given this to decipher: T4 l16 _36 510 _27 s26 _11 320 414 {6 }39 C2 T0 m28 317 y35 d31 F1 m22 g19 d38 z34 423 l15 329 c12 ;37 19 h13 _30 F5 t7 C3 325 z33 _21 h8 n18 132 k24 The...

Enowars 7

Oldschool - Twig SSTI One of the many vulnerabilities from this service was SSTI. The program is using the twig templating engine so a payload like {{7*7}} will result in 49 We exploiting this ...

AmateursCTF 2023

cps remastered The description is already hinting at SQL injection so we know what we’re getting into here It didnt take too long to spot the SQLi in register.php <?php $message = ""; ...