- CTF, Cybersecurity, Reverse engineering and stuff
MetaCTF November 2024 Flash CTF
MetaCTF November 2024 Flash CTF consists of 5 challenges. Slithering Security Help me test my sssecurity, can you get the flag from this ssssecure sssscript? Download the challenge file here. We are provided with a small Python script that prompts the user for a password. If the correct password is entered, the script reveals the flag. Here’s the code: #!/usr/bin/env python3 SECRET_FLAG=b"\x54\x57\x56\x30\x59\x55\x4e\x55\x52\x6e\x74\x6b\x4d\x47\x34\x33\x58\x7a\x64\x79\x64\x58\x4d\x33\x58\x32\x4e\x73\x4d\x57\x34\x33\x63\x31\x39\x33\x61\x54\x64\x6f\x58\x33\x4d\x7a\x59\x33\x49\x7a\x4e\x33\x4e\x7a\x63\x33\x4e\x7a\x63\x33\x4e\x39" HASHED_PASSWORD = b'\x12\x1eW\x98\x00\xc1C\xff\xe3\xa9\x15\xde\xd9\x00\x9b\xc9' from base64 import b64decode from hashlib import md5 def check_password(password): m = md5() m....
MetaCTF Middleman
You managed to get access to a device (indicated in red) on the network shown below. One of the hosts on that network is sending the flag over HTTPS to another host every ~5 seconds. Can you intercept it? ? This environment is somewhat limited. Look through the tools available to you on the machine. The network you connect to is not shared with other participants. Connect with ssh [REDACTED] -p 7000...
MetaCTF October 2024 Flash CTF
MetaCTF October 2024 Flash CTF consists of 5 challenges. Only 3 of them are covered here. runCAPTCHA We’re tracking a cyber actor’s new malware campaign that’s using a fake reCAPTCHA check to infect computers. Thankfully, the malware itself seems to have been taken down, but >can you analyze the initial infection page to look for any signatures? When visiting the website, you are given “reCaptcha”, and upon clicking, a modal window appears, instructing you to verify that you are not a robot....
MetaCTF September 2024 Flash CTF
MetaCTF September 2024 Flash CTF consists of 5 challenges. Only 3 of them are covered here. Stack Smashers This is the first challenge. We are given the source code for a small C program that takes user input, writes it to a 16-byte buffer (buffer[16]), and then checks if memory.winner is set to true. If it is, the win() function is executed, which prints out the flag. The program uses gets() to read the input....
MetaCTF - Buffer overflow
In this challenge, we are provided with an executable, as well as an address and a port to connect to via netcat. After connecting, we are asked to enter a name. With a little manual “fuzzing,” we discover that the application crashes with a “Segmentation fault” error when the input exceeds 25 characters. Let’s first examine the type of file provided: $ file buffers buffers: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64....