Ctf

MetaCTF October 2024 Flash CTF consists of 5 challenges. Only 3 of them are covered here. runCAPTCHA We’re tracking a cyber actor’s new malware campaign that’s using a fake reCAPTCHA check to infect computers. Thankfully, the malware itself seems to have been taken down, but >can you analyze the initial infection page to look for any signatures? When visiting the website, you are given “reCaptcha”, and upon clicking, a modal window appears, instructing you to verify that you are not a robot. ...

MetaCTF September 2024 Flash CTF consists of 5 challenges. Only 3 of them are covered here. Stack Smashers This is the first challenge. We are given the source code for a small C program that takes user input, writes it to a 16-byte buffer (buffer[16]), and then checks if memory.winner is set to true. If it is, the win() function is executed, which prints out the flag. The program uses gets() to read the input. Since gets() is unsafe (it doesn’t perform bounds checking), and there is no input validation, an overflow is possible. ...

In this challenge, we are provided with an executable, as well as an address and a port to connect to via netcat. After connecting, we are asked to enter a name. With a little manual “fuzzing,” we discover that the application crashes with a “Segmentation fault” error when the input exceeds 25 characters. Let’s first examine the type of file provided: $ file buffers buffers: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=76ade86ea7cea7ad0c6bc6c3a79392d812b8e3bf, for GNU/Linux 3.2.0, not stripped It’s a 64-bit ELF, dynamically linked. ...