tomek7667

  • DiceCTF 2025 Quals - diceon - misc - 13 solves

    diceon - misc Challenge description: Please enjoy each flag equally. (You can test locally with the provided dist package, you will need an OPENAIAPIKEY) dist.tar.gz Number of solves: 13 Points: 233 The AI Challenge After launching an instance, we were greeted with the following: Additionally, after going with the [OBJECTIVE]...

  • KalmarCTF - Ez flag v3 - web - 93 solves

    Ez flag v3 - web Challenge description: To get the flag, you need: the mTLS cert, connecting from localhost, … and break physics? Should be easy! Challenge note: the handout files contains tls internal while the hosted challenge mostly use real TLS. NOTE: Remote is working as intended! Even with...

  • KalmarCTF - KalmarDSL - web - 14 solves

    KalmarDSL - web Challenge description: A !flag in my diagram? Hopefully someone has already patched the C4. Note: The setup has no Structurizr users and default creds are not supposed to work. Bruteforce is not allowed (and will not work). Goal is Unauthenticated RCE, 0day go brrr? Number of solves:...

  • ECSC 24 Polish Qualifications - Semantic Security - crypto - easy

    The description of the challenge is as follows: It’s not cryptographically secure random, but I think it’s good enough. (10 solves) Additionally a netcat service is provided, that runs the following: import binascii import random def xor(*t): from functools import reduce from operator import xor return [reduce(xor, x, 0) for...

  • GPN CTF 2024 - todo - web

    The challenge is a simple express app with a bot and a very strict Content Security Policy (CSP), which allows only for injected in-line javascript within <script></script> tags, and script from the same origin. The bot visits the page, types in our HTML input, submits it and takes the screenshot...