[Cyber Apoc '24] Quantum Conundrum
Quantum Conundrum This was my first quantum-related CTF challenge which I was hoping to use quantum computing concepts to solve. The intended solution required one to implement a quantum teleportation algorithm, which I could not comprehend and ended up exploiting an insecure eval to achieve RCE.
Description KORP™, the heartless corporation orchestrating our battles in The Fray, has pushed us to our limits. Refusing to be a pawn in their twisted game, I’ve learned of a factionless rebel alliance plotting to dismantle KORP™. While it may sound like mere whispers, there’s a chance it holds truth. Rumors suggest they’ve concealed a vital communication system within The Fray, powered by cutting-edge quantum computing technology. Unfortunately, this system is reportedly malfunctioning. If I can restore this communication network, it could be the key to toppling KORP™ once and for all. However, my knowledge of quantum computing is limited. This is where you come in! As I infiltrate The Fray to access the system, I’ll rely on your expertise to identify and repair the issue. Are you up for the challenge? Together, we can make a difference in this battle against oppression.
[Hack@AC'24] Libwary
Libwary This was an interesting PHP challenge showcasing the potential impacts of insecure deserialization.
Description Try to read the flag from The Libwary. (Impossible)
The source code for this challenge can be found here.
Spotting the Vulnerability When looking at index.php, we see that our user object is deserialized from the PHPSESSID cookie. Deserializing user input is always a huge no-no, as users can send specially crafted payload to pwn the server.
[Hack@AC'24] HackMe:)
Hack@AC'24: HackMe:) This was a forensics challenge that provided a WireShark capture of wifi traffic. The challenge was to find the flag from the capture via wifi hacking.
Hack me :) by sawntoe Hack me if you can :) 11 Solves | 1000 Points The Challenge Opening the file in Wireshark, we can see that there a huge number of packets - 12,200 to be exact. It’ll be quite a hassle to go through all of them at this point, so we should probably analyse the whole situation first.
[UofTCTF'24] CSS Password
CSS Password This challenge was my first rev challenge and it really showed me the wonders of programming. People who do rev at a high level are honestly a completely different breed. The challenge author really woke up one day and decided to implement RAM in CSS, and CSS only.
Description My web developer friend said JavaScript is insecure so he made a password vault with CSS. Can you find the password to open the vault?
[UofTCTF'24] repeat
UofTCTF'24: repeat This was a standard XOR challenge, where we are given the ciphertext and the encryption algorithm. We then need to get the plaintext, i.e. the flag.
The Challenge I'm a known repeat offender when it comes to bad encryption habits. But the secrets module is secure, so you'll never be able to guess my key! We are given two files: gen.py and flag.enc.
gen.py:
import os import secrets flag = "REDACATED" xor_key = secrets.token_bytes(8) def xor(message, key): return bytes([message[i] ^ key[i % len(key)] for i in range(len(message))]) encrypted_flag = xor(flag.encode(), xor_key).hex() with open("flag.enc", "w") as f: f.write("Flag: "+encrypted_flag) flag.enc: