Flaskcards and Freedom Web900 | picoctf Writeup

RCE through template injection

Category points Web 900 1 — Problem 1.1 — Problem description There seem to be a few more files stored on the flash card server but we can’t login. Can you? http://2018shell3.picoctf.com:46628 (link) 1.2 — Problem Hints From the given hints we can say that we have to do some Remote Code Execution using template injection vulnerability [Read More]

Flaskcards 350 Web PicoCTF 2018 Writeup

Template Injection Vulnerability

Category points Web 350 Challenge description We found this fishy website for flashcards that we think may be sending secrets. Could you take a look? Yes, of course i can take a look :D omega_coder_ first of all, let’s analyze the title and description, by reading the title we can understand that: the challenge invloves flask which is a micro web framework written in Python. [Read More]

Super Safe RSA 350 PicoCTF Writeup

RSA Factorization problem

Category points Crypto 350 Intro RSA is an asymmetric cryptosystem, it’s one of the first public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and it is different from the decryption key which is kept secret (private). For more informations about this Cryptosystem see link below RSA_(cryptosystem) Challenge description Dr. [Read More]

Store 400 pts | CTF Writeup from PicoCTF

Exploiting Integer Overflow in C

Category points General Skills 400 Challenge Description We started a little store, can you buy the flag? Source. Connect with 2018shell1.picoctf.com 53220 Hint: Two's complement can do some weird things when numbers get really big! When we connect to the service at 2018shell1.picoctf.com 53220 with nc we get the following: We can: check account balance Buy Stuff Exit If we select 2 we can either buy the real flag or buy imitation flags which cost a 1000 each. [Read More]

Crimemail Web200 Ctf Challenge Writeup

Basic SQL Injection Vulnerability

Category points solves Web 200 9 solves Challenge Description What can we get from the description ? Our goal is to get Collins Hackle’s password. md5 password is calculated this way: md5_pass = md5($password + $salt). Clicking on the link in the description we get a Login page. We don’t know the username nor the password, first I tried to see if the login page was vulnerable to an SQL injection, but it wasn’t the case. [Read More]

Big O Notation and Time Complexity

Predict Performance and compare algorithms

1. Introduction Algorithmic complexity is a measure of how long an algorithm would take to complete given an input of size n. If an algorithm has to scale, it should compute the result within a finite and practical time bound even for large values of n. For this reason, complexity is calculated asymptotically as n approaches infinity. While complexity is usually in terms of time, sometimes complexity is also analyzed in terms of space, which translates to the algorithm’s memory requirements [Read More]

[PicoCTF] 2K18 Safe RSA 250 CTF Crypto Challenge

Exploiting low exponent vulnerability

Category points Crypto 250 [?] Introduction RSA is an asymmetric cryptosystem, it’s one of the first public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and it is different from the decryption key which is kept secret (private). For more informations about this Cryptosystem see link below RSA_(cryptosystem) [?] Challenge Descritpion in this challenge we are given N(modulus), e(public exponent) and C(ciphertext) ciphertext file contents [Read More]

Red Csaw Crypto 200 DES OFB Challenge

Breaking DES with OFB mode

Hello guys, this is my writeup for a Crypto challenge in RED CSAW CTF Competition. Category points Crypto 200 challenge description Challenge says I remember when I got the news. It made me weak with joy. we are given two files gen.py and an encrypted file destiny.enc source code for gen.py from Crypto.Cipher import DES import binascii key = open('key'). [Read More]

[MITRE CTF] Click_Me Challenge Writeup (Web_100)

Interesting Header

A writeup for the click_Me challenge on MITRE CTF 2k18 [MITRE CTF] Click_Me Challenge Writeup (Web_100) This is my first Writeup Here. I solved this challenge a while ago, on the MITRE CTF 2K18. I dont even have the link to the CTF anymore, i hope you like this writeup and find it usefull the challenge was quite easy We are given a link to a web page, when accessing the web page we get in the response a link to another web page. [Read More]