Questions tagged [ctf]
Capture the Flag (CTF) is a form of hacking competition. Use for questions about the design and operation of such contests. Do not use for questions asking for help with winning contests.
98
questions
0
votes
1
answer
129
views
Simple Buffer Overflow (Function Call) Problem
I'm trying to develop a simple buffer overflow CTF challenge inspired by the "Csaw 2016 Quals Warmup" challenge, here. I've managed to replicate the source code:
#include <stdio.h>
#...
0
votes
0
answers
118
views
Hydra says different passwords with are correct each run, but only one works
I am doing CTF 'Skynet' from THM and came across this problem.
Enumerating SMB, I gathered credentials 'milesdyson' and a list of passwords 'log1.txt'.
I figured that I could try to brute force ...
0
votes
0
answers
239
views
Encoding shellcode to hide in filename / directory
Working on a CTF challenge and the coordinators hint suggests that one of the vectors to inject shellcode is via pathing. Looking at debugging prints does show the cwd and filename are passed onto the ...
0
votes
1
answer
239
views
Exporting shellcode to environment variable doesn't work as expected
(This is a question regarding a challenge in a wargame on overthewire.org called Narnia similar to Shellcode does not execute as the owner )
When exporting shellcode to EGG environment variable
export ...
0
votes
0
answers
94
views
Trying to ret2text on 64bit program issues, can't jump to shell
Here is the elf summary of the program:
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: No canary found
NX: NX enabled
PIE: No PIE (0x400000)
This is the ...
0
votes
0
answers
131
views
What type of token is this?
I started noticing this kind of token in a lot of CTF tasks from different authors:
eyJlbWFpbCI6ImVtYWlsQG1haWxib3guZG9tYWluIiwiaWQiOjN9.ZLNCAQ.MxwKVKj_dramWyfT5XxT6g9U3xk
The structure is as follows:
...
1
vote
1
answer
425
views
AES ECB cookie bypass
I am currently participating in a CTF Challenge and have reached a stage where I discovered a "log_admin" page. This page generates a cookie that is encrypted using AES 128 ECB. I obtained ...
3
votes
0
answers
293
views
PHP CTF: Vulnerabilities in PHP before 2007?
I came across a CTF that i'm trying to solve, the goal is fairly simple: Bypass the authentication form and access the admin-restricted area. You can find the code snippet below.
Things to consider:
...
33
votes
1
answer
5k
views
Crashing the sha1() function in PHP?
I am working on the following war game from Defend The Web, which requires me to do a source code review to login as the user memtash. The code is on GitLab here.
Here is my methodology:
Reset the ...
0
votes
1
answer
775
views
How long would this take to bruteforce?
I am working on the following war game from Defend The Web, which requires me to do a source code review to login as the user memtash. The code is on GitLab here.
Having inspected the source code ...
2
votes
1
answer
186
views
Void pointer and their attribute constructor
I am supposed to find the vulnerability in the code (as a part of a ctf) and I feel it's hidden either in the __attribute__((constructor)) or the pointer.
Here I can make out that it's a void pointer ...
0
votes
1
answer
316
views
64-bit ROP-based Buffer Overflow Attack
I am facing a CTF challenge in which I have to conduct an attack using a ROP chain on this program below:
#include <stdio.h>
#include <stdint.h>
#include <stdbool.h>
#include <sys/...
0
votes
0
answers
399
views
Flask URL Vulnerabilities
I am doing a CTF-style assignment and I am confronted with a web site created in Flask. This web site appears fairly unremarkable - it has 4 pages and no log-in/authentication functionality, nor does ...
1
vote
2
answers
1k
views
Abusing Shell Feature for Privilege Escalation
This was covered in Linux PrivEsc, task 15, in this TryHackMe room.
I am having trouble understanding how this debugging mode is executing the commands in the PS4 variable, and why I must put /usr/...
0
votes
0
answers
221
views
CTF Crypto question
The question in a CTF was this:
They used two hydrogen atoms (H2) from the SHA-256 molecule to encrypt
in some form of AES, and the result was as follows:
{mIT+GVt+p0YfgfOltHgqoetTS6h8bRSAScAGKrBE+...