[PatriotCTF'23] Bookshelf
Bookshelf This pwn challenge involved the use of return-oriented programming to call system and spawn a shell.
Description Just finished up my project based around books! Hope you enjoy reading…
You can download the binary here and the corresponding libc here.
Part I: Getting the address of puts When we connect to the server, we see that there are multiple options to choose from. Lets take a look at option 2.
[PatriotCTF'23] Flower Shop
Flower Shop This web challenge involves exploiting a exec statement in a vulnerable PHP script. Apparently this solution was unintended, but it made the challenge a whole lot easier as the intended solution was almost impossible to solve.
Description Flowers!
The files for this challenge can be found here.
Overview Upon visiting the site, we see that there are fields to sign up, login, and reset one’s password. The login and signup functionalities seem to function normally and do not seem vulnerable to SQL injections. However, when looking through the source for password reset, I came across an exec statement.
[PatriotCTF'23] Printshop
Printshop This pwn challenge involved exploiting a printf format string vulnerability to overwrite the exit function in the GOT table to point to the win function, which prints the flag.
Description That print shop down the road is useless, can you make it do something interesting?
You can get the challenge file here.
Overview Upon dumping the binary into a disassembler (in my case I use Binary Ninja), we see that there are 2 functions, main and win. However, main does not ever call win which means that we somehow have to control the instruction pointer to jump to the address of win.
[PatriotCTF'23] Breakfast club
Patriot CTF: Breakfast club This was a cryptography challenge focused on hash cracking. The challenge involved various hashing algorithms, and each character in the flag was hashed using a different algorithm. The objective was to crack the hash for each algorithm to retrieve the flag.
The Challenge As the sysadmin for your college, you're responsible for overseeing the security of all the clubs. One of the on campus orginizations is a breakfast club with their own personal website that the leader assured you was "unhackable". He was so sure of this, that he sent you an example of how hashes are stored in the database, something about "changing the hash type multiple times for each password" or something like that. Can you crack the password and prove him wrong? Text file:
[PatriotCTF’23] My phone!
Patriot CTF: My phone! This was a simple Crypto challenge where we had to figure out the location of a phone thief, that was encrypted by a odd cipher.
The Challenge Some weird triangle man stole my phone, he taunted me by sending me his location but it seems to be encrypted with some odd cipher I've never seen before, could you please help me get my phone back?