-
ECSC 24 Polish Qualifications - Semantic Security - crypto - easy
The description of the challenge is as follows: It’s not cryptographically secure random, but I think it’s good enough. (10 solves) Additionally a netcat service is provided, that runs the following: import binascii import random def xor(*t): from functools import reduce from operator import xor return [reduce(xor, x, 0) for...
-
GPN CTF 2024 - todo - web
The challenge is a simple express app with a bot and a very strict Content Security Policy (CSP), which allows only for injected in-line javascript within <script></script> tags, and script from the same origin. The bot visits the page, types in our HTML input, submits it and takes the screenshot...
-
GPN CTF 2024 - never-gonna-tell-a-lie-and-type-you - web
Based on the attached Dockerfile, we know that the flag is at /flag.txt, and the app is a simple php login riddle: <?php ini_set("display_errors",1); error_reporting(E_ALL); //we tought about using passwords but you see everyone says they are insecure thus we came up with our own riddle. function securePassword($user_secret){ if ($user_secret...
-
GPN CTF 2024 - inspect-element - web
Dockerfile is running chrome with the debugging port open. In order to connect to the debugging port, I had to use the command from hint: socat TCP-LISTEN:1336,fork OPENSSL:positions--ariana-grande-8298.ctf.kitctf.de:443 Then I could go to chrome://inspect/#devices and connect to the remote debugging port using localhost:1336 as the address. In order to properly...
-
HTB - Pod Diagnostics - web - hard
In order to get the flag we need RCE to call /readflag and get the output. The PDF generating server has Access-Control-Allow-Origin set to * so we can make a request from any server to use it, similarly the stats server. The stats server calls different stats commands: exec("uptime") readFile("/proc/stat",...