Skip to main content
The 2024 Developer Survey results are live! See the results
Information Security

Questions tagged [ctf]

Ask Question

Capture the Flag (CTF) is a form of hacking competition. Use for questions about the design and operation of such contests. Do not use for questions asking for help with winning contests.

98 questions
Newest Active Bountied Unanswered
0 votes
1 answer
129 views

Simple Buffer Overflow (Function Call) Problem

I'm trying to develop a simple buffer overflow CTF challenge inspired by the "Csaw 2016 Quals Warmup" challenge, here. I've managed to replicate the source code: #include <stdio.h> #...
FreezeLuiz's user avatar
FreezeLuiz
  • 3
0 votes
0 answers
118 views

Hydra says different passwords with are correct each run, but only one works

I am doing CTF 'Skynet' from THM and came across this problem. Enumerating SMB, I gathered credentials 'milesdyson' and a list of passwords 'log1.txt'. I figured that I could try to brute force ...
Juan Vega Seco's user avatar
Juan Vega Seco
  • 57
0 votes
0 answers
239 views

Encoding shellcode to hide in filename / directory

Working on a CTF challenge and the coordinators hint suggests that one of the vectors to inject shellcode is via pathing. Looking at debugging prints does show the cwd and filename are passed onto the ...
TKC's user avatar
TKC
  • 1
0 votes
1 answer
239 views

Exporting shellcode to environment variable doesn't work as expected

(This is a question regarding a challenge in a wargame on overthewire.org called Narnia similar to Shellcode does not execute as the owner ) When exporting shellcode to EGG environment variable export ...
Black Hemera's user avatar
Black Hemera
  • 1
0 votes
0 answers
94 views

Trying to ret2text on 64bit program issues, can't jump to shell

Here is the elf summary of the program: Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x400000) This is the ...
Nsion's user avatar
Nsion
  • 1
0 votes
0 answers
131 views

What type of token is this?

I started noticing this kind of token in a lot of CTF tasks from different authors: eyJlbWFpbCI6ImVtYWlsQG1haWxib3guZG9tYWluIiwiaWQiOjN9.ZLNCAQ.MxwKVKj_dramWyfT5XxT6g9U3xk The structure is as follows: ...
Andrey's user avatar
Andrey
  • 3
1 vote
1 answer
425 views

AES ECB cookie bypass

I am currently participating in a CTF Challenge and have reached a stage where I discovered a "log_admin" page. This page generates a cookie that is encrypted using AES 128 ECB. I obtained ...
user294797's user avatar
user294797
  • 11
3 votes
0 answers
293 views

PHP CTF: Vulnerabilities in PHP before 2007?

I came across a CTF that i'm trying to solve, the goal is fairly simple: Bypass the authentication form and access the admin-restricted area. You can find the code snippet below. Things to consider: ...
user avatar
user291842
33 votes
1 answer
5k views

Crashing the sha1() function in PHP?

I am working on the following war game from Defend The Web, which requires me to do a source code review to login as the user memtash. The code is on GitLab here. Here is my methodology: Reset the ...
user5623335's user avatar
user5623335
  • 713
0 votes
1 answer
775 views

How long would this take to bruteforce?

I am working on the following war game from Defend The Web, which requires me to do a source code review to login as the user memtash. The code is on GitLab here. Having inspected the source code ...
user5623335's user avatar
user5623335
  • 713
2 votes
1 answer
186 views

Void pointer and their attribute constructor

I am supposed to find the vulnerability in the code (as a part of a ctf) and I feel it's hidden either in the __attribute__((constructor)) or the pointer. Here I can make out that it's a void pointer ...
Haaziq Jamal's user avatar
Haaziq Jamal
  • 23
0 votes
1 answer
316 views

64-bit ROP-based Buffer Overflow Attack

I am facing a CTF challenge in which I have to conduct an attack using a ROP chain on this program below: #include <stdio.h> #include <stdint.h> #include <stdbool.h> #include <sys/...
justsobad's user avatar
justsobad
  • 1
0 votes
0 answers
399 views

Flask URL Vulnerabilities

I am doing a CTF-style assignment and I am confronted with a web site created in Flask. This web site appears fairly unremarkable - it has 4 pages and no log-in/authentication functionality, nor does ...
justsobad's user avatar
justsobad
  • 1
1 vote
2 answers
1k views

Abusing Shell Feature for Privilege Escalation

This was covered in Linux PrivEsc, task 15, in this TryHackMe room. I am having trouble understanding how this debugging mode is executing the commands in the PS4 variable, and why I must put /usr/...
questioner's user avatar
questioner
  • 211
0 votes
0 answers
221 views

CTF Crypto question

The question in a CTF was this: They used two hydrogen atoms (H2) from the SHA-256 molecule to encrypt in some form of AES, and the result was as follows: {mIT+GVt+p0YfgfOltHgqoetTS6h8bRSAScAGKrBE+...
it dev's user avatar
it dev
  • 101

15 30 50 per page
1
2 3 4 5
7