Tagged "ctf writeups"

Google CTF 2022: Treebox

This is the write-up for Treebox, one of the easier Sandbox Escape challenges from Google CTF 2022.

The challenge statement says, “I think I finally got Python sandboxing right.”, and we’re provided with a hostname/port pair and (conveniently) the source code of the sandbox. The flag is in a file called flag in the current working directory of the sandbox process.

Squarectf 2020: Deep Web Blog

This is the writeup for the “Deep Web Blog” web challenge from SquareCTF 2020, which was worth 200 points and involved a Blind NoSQL Injection attack.

Challenge statement: A secret informant has tipped us off that hackers on the deep web have been plotting an attack on Square to steal our treasured Bitcoins…

Time to find what their plans are. http://challenges.2020.squarectf.com:9541

MetaCTF Cybergames 2020: Password Here Please

This is a write-up for the “Password Here Please” reverse engineering challenge from MetaCTF CyberGames 2020, which was worth 325 points.

Challenge statement: I forgot my bank account password! Luckily for me, I wrote a program that checks if my password is correct just in case I forgot which password I used, so this way I don’t lock myself out of my account. Unfortunately, I seem to have lost my password list as well… Could you take a look and see if you can find my password for me? Part 3 requires some math skills. To solve it, think about what is being done by the exponentiation step. Try rewriting the large number in base 257.

MetaCTF CyberGames 2020: Open Thermal Exhaust Port

This is the write-up for the “Open Thermal Exhaust Port” forensics challenge from MetaCTF CyberGames 2020, which was worth 275 points.

Challenge statement: Our TCP connect Nmap scan found some open ports it seems. We may only have a pcap of the traffic, but I’m sure that won’t be a problem! Can you tell us which ones they are? The flag will be the sum of the open ports. For example, if ports 25 and 110 were open, the answer would be MetaCTF{135}.