He\xED.SPACE

  • CTF, Cybersecurity, Reverse engineering and stuff

MetaCTF February 2025 Flash CTF

MetaCTF February 2025 Flash CTF consists of 5 challenges. Cookie Crackdown We’re auditing some websites to check if they’re GDPR compliant, and I’m pretty sure this site isn’t… Upon loading the site, we are presented with a modal requiring us to consent to cookies. From the challenge description and the web page, we can assume that the flag is probably stored as a cookie. Pressing F12 will bring up the Developer menu....

February 28, 2025 · Yordan D.

MetaCTF November 2024 Flash CTF

MetaCTF November 2024 Flash CTF consists of 5 challenges. Slithering Security Help me test my sssecurity, can you get the flag from this ssssecure sssscript? Download the challenge file here. We are provided with a small Python script that prompts the user for a password. If the correct password is entered, the script reveals the flag. Here’s the code: #!/usr/bin/env python3 SECRET_FLAG=b"\x54\x57\x56\x30\x59\x55\x4e\x55\x52\x6e\x74\x6b\x4d\x47\x34\x33\x58\x7a\x64\x79\x64\x58\x4d\x33\x58\x32\x4e\x73\x4d\x57\x34\x33\x63\x31\x39\x33\x61\x54\x64\x6f\x58\x33\x4d\x7a\x59\x33\x49\x7a\x4e\x33\x4e\x7a\x63\x33\x4e\x7a\x63\x33\x4e\x39" HASHED_PASSWORD = b'\x12\x1eW\x98\x00\xc1C\xff\xe3\xa9\x15\xde\xd9\x00\x9b\xc9' from base64 import b64decode from hashlib import md5 def check_password(password): m = md5() m....

November 22, 2024 · Yordan D.

MetaCTF Middleman

You managed to get access to a device (indicated in red) on the network shown below. One of the hosts on that network is sending the flag over HTTPS to another host every ~5 seconds. Can you intercept it? ? This environment is somewhat limited. Look through the tools available to you on the machine. The network you connect to is not shared with other participants. Connect with ssh [REDACTED] -p 7000...

November 5, 2024 · Yordan D.

MetaCTF October 2024 Flash CTF

MetaCTF October 2024 Flash CTF consists of 5 challenges. Only 3 of them are covered here. runCAPTCHA We’re tracking a cyber actor’s new malware campaign that’s using a fake reCAPTCHA check to infect computers. Thankfully, the malware itself seems to have been taken down, but >can you analyze the initial infection page to look for any signatures? When visiting the website, you are given “reCaptcha”, and upon clicking, a modal window appears, instructing you to verify that you are not a robot....

October 17, 2024 · Yordan D.

MetaCTF September 2024 Flash CTF

MetaCTF September 2024 Flash CTF consists of 5 challenges. Only 3 of them are covered here. Stack Smashers This is the first challenge. We are given the source code for a small C program that takes user input, writes it to a 16-byte buffer (buffer[16]), and then checks if memory.winner is set to true. If it is, the win() function is executed, which prints out the flag. The program uses gets() to read the input....

September 19, 2024 · Yordan D.